始终返回404,当你决定要返回一个403 [英] Always return a 404 when you decide to return a 403
问题描述
有这里已经张贴了关于在特殊情况下(如,.HT *文件或某个目录)返回的403 404,而不是几个问题,但我不能想出如何简单地取代所有 403的响应(好了,它的存在,但你还是要找到一种方式)与404(对不起,从来没有听说过)。我希望有一个简单的解决方案,将不需要更新正则表达式或htaccess的其他位,以配合现场的变化,只是一个简单的指令:当你决定要返回一个403,返回404,而不是适用整个网站,无论配置更改。
There are several questions already posted here about returning a 404 instead of a 403 in special cases (e.g., .ht* files or a certain directory), but I can't figure out how to simply replace all 403 responses ("Okay, it exists, but you still have to find a way in") with 404s ("Sorry, never heard of it"). I'm hoping that there is a simple solution that won't require updating regexes or other bits of the .htaccess to match site changes, just a simple directive: "whenever you decide to return a 403, return a 404 instead" that applies to the whole site, regardless of configuration changes.
之后,如果顶层的.htaccess包含选项-Indexes,和任何给定的目录不包含index.html的(或当量),裸目录URL将返回404,但如果我添加一个index.html来该目录,同样的裸目录的URL将返回的index.html,没有必要对任何.htaccess文件更新。
Then, if the top level .htaccess contains "Options -Indexes", and any given directory contains no index.html (or equiv), the bare directory URL will return 404, but if I ever add an index.html to that directory, the same bare directory URL will return the index.html, with no updates needed to any .htaccess file.
我甚至不介意,在事件中,我曾经密码目录,密码错误返回(因为404 - > 403映射)404。在这种情况下,我不是通过返回一个404隐瞒任何东西,但它会导致不会造成影响。如果有一种方法撤消一般403-> 404映射在特殊情况下(而不是做IT的特殊情况),不过,这可能是更有益的。
I don't even care if, in the event I ever password a directory, a bad password returns a 404 (because of the 404 -> 403 mapping). In that case, I'm not hiding anything by returning a 404, but it causes no harm either. If there's a way to UNDO the general 403->404 mapping for special cases (rather than DO it for special cases), though, that could be even more useful.
当然,如果我忽视的东西,请把我直。
Of course, if I'm overlooking something, please set me straight.
编辑:讨厌鬼。我想在这里写一个良好的质量问题,而是选项-Indexes的行为,我在第二段描述证明是错误的。如果没有该行裸目录网址显示的index.html,如果存在于目录;否则,它揭示了目录的内容。 (中/ DIR在转发到/dir/index.html如果index.html的存在是虚拟主机的默认设置,除非我弄错了。)添加选项-Indexes行停止它播出我的衣服在公共(返回403,而不是404,但仍比公开的目录内容)更好,但现在裸目录URL返回403,即使index.html的存在。
Drat. I was trying to write a good quality question here, but my description of the behavior of "Options -Indexes" in the second paragraph turns out to be wrong. Without that line a bare directory URL shows "index.html" if exists in the directory; otherwise, it reveals the contents of the directory. (That forwarding of /dir to /dir/index.html if index.html exists is the default setup of the Web host, unless I'm mistaken.) Adding the "Options -Indexes" line stops it airing my laundry in public (returning a 403, not 404, but still better than exposing the dir contents), but now the bare directory URL returns a 403 even if index.html exists.
我想裸目录网址mysite.com/mydir如果它存在并显示/mydir/index.html404,如果它没有,但显然还有更给它不仅仅是更换403s与404。
I wish a bare dir URL "mysite.com/mydir" displayed /mydir/index.html if it existed and "404" if it didn't, but clearly there's more to it than just replacing the 403s with 404s.
推荐答案
要完成更好的答案的人在这里(所提到的@WebChemist和@JennyD),来解决这个问题的好办法是回到 404未找到从您用来处理 403 文档出错。我个人做类似如下:
To complete one of the better answers here (as mentioned by @WebChemist and @JennyD), a good way to solve this is to return 404 Not Found from the document you use to handle 403 errors. Personally I do something like the following:
ErrorDocument 400 /http-errors.php
ErrorDocument 403 /http-errors.php
ErrorDocument 404 /http-errors.php
HTTP-errors.php 在Web根目录(冷凝的工作例如的):
http-errors.php in web root (condensed working example):
<?php
$status = $_SERVER['REDIRECT_STATUS'];
// If it's a 403, just bump it up to a 404
if ( $status == 403 ) $status++;
$codes = array(
400 => array( '400 Bad Request', 'The request cannot be fulfilled due to...' ),
404 => array( '404 Not Found', 'The resource you requested was not found...' ),
500 => array( '500 Internal Server Error', 'The request was unsuccessful...' )
);
$title = $codes[$status][0];
$message = $codes[$status][1];
header( $_SERVER['SERVER_PROTOCOL'] . ' ' . $title );
echo "<h1>$title</h1>\n<p>$message</p>";
这篇关于始终返回404,当你决定要返回一个403的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
