.htaccess上的mod_rewrite有多安全 [英] How secure is mod_rewrite on .htaccess

问题描述

根据实际经验，.htaccess上的mod_rewrite有多安全?

From practical experience how secure is mod_rewrite on .htaccess?

推荐答案

此处显示了所谓的请求的11个阶段".

There are so called "The 11 Phases of a Request" illustrated here.

Mod_rewrite将自身自身挂钩到URL转换级别.您完全可以控制规则.这意味着您必须保重，没有注射.仅当您根据请求将规则动态路由到文件夹时，才能进行注入.恕我直言，此规则很容易检测. mod_rewrite的主要目的是将您的URL重写(链接到URI转换中)到新的目的地.重写之后，将应用Apache的所有安全功能. 使用mod_rewrite，也可以委托代理.这使一些较小的可能性会导致错误的行为.如果可能，则完全是由于您的规则配置错误. IMHO是安全的，因为它已挂接到请求的某个阶段，在该阶段不会发生很多错误配置. Mod_rewrite在主要的Web应用程序中广泛使用，例如Wordpress，Drupal，Joomla.主要是生成SEO友好的URL.

Mod_rewrite hooks it self into URL translation level. You have full control over the rules. Which means you have to take care, that there is no injection. Injections can only be done, if you route your rule dynamically to folders depended on your request. This rules are IMHO easy to detect. The main purpose of mod_rewrite is to rewrite (hooked into the URI translation) your URL to a new destination. After the rewrite, all the security features of Apache will be applied. With mod_rewrite it's also possible to do delegate to a proxy. This let some minor possibilities to force a false behaviour. If this is possible, it's all due a misconfiguration of your rules. IMHO is secure, because it's hooked into a phase of a request, where not a lot of misconfigurations can happen. Mod_rewrite is widely in major web applications like Wordpress, Drupal, Joomla. Mostly to generate SEO-friendly URL's.

这篇关于.htaccess上的mod_rewrite有多安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！