在 .htaccess 中重写 url，虚拟路径不会导致 404 页面，但会暴露 PHP 警告 [英] Rewrite url in .htaccess, dummy paths don't lead to 404 page but expose PHP warnings

问题描述

我有这些自定义的 .htaccess 重定向

I have these custom .htaccess redirections

# Add a trailing slash to folders that don't have one
    RewriteCond %{REQUEST_URI}    !(/$|\.)
    RewriteRule (.*) %{REQUEST_URI}/  [R=301,L]
# Exclude these folders from rewrite process
    RewriteRule         ^(admin|ajax|cache|classes|css|img|webassist|js)($|/)  -  [L]
# Redirect root requests to /home/ folder
    RewriteRule         ^(/home/)?$                  /home/index.php?nLang=it                              [NC,L]
# Start rewriting rules
    RewriteRule         ^risultati.htm$              /home/results.php                                     [NC,L,QSA]
    RewriteRule         ^sfogliabile/(.*).htm$       /flip/browser.php?iCat=$1                             [NC,L]
    RewriteRule         ^depliant/(.*).htm$          /flip/flyer.php?iSpecial=$1                           [NC,L]
    RewriteRule         ^(.*)/ricerca/$              /ricerca/index.php?nLang=$1                           [NC,L,QSA]
    RewriteRule         ^(.*)/professional/$         /home/pro.php?nLang=$1                                [NC,L]
    RewriteRule         ^(.*)/3/(.*)/$               /products/index.php?nLang=$1&iModule=3                [NC,L]
    RewriteRule         ^(.*)/3/(.*)/(.*)/(.*).htm$  /products/details.php?nLang=$1&iData=$3&iModule=3     [NC,L]
    RewriteRule         ^(.*)/4/(.*)/$               /foreground/index.php?nLang=$1&iModule=4              [NC,L]
    RewriteRule         ^(.*)/4/(.*)/(.*)/(.*).htm$  /foreground/details.php?nLang=$1&iData=$3&iModule=4   [NC,L]
    RewriteRule         ^(.*)/5/(.*)/$               /specials/index.php?nLang=$1&iModule=5                [NC,L]
    RewriteRule         ^(.*)/5/(.*)/(.*)/(.*).htm$  /specials/details.php?nLang=$1&iData=$3&iModule=5     [NC,L]
    RewriteRule         ^(.*)/6/(.*)/$               /gallery/index.php?nLang=$1&iModule=6               [NC,L]
    RewriteRule         ^(.*)/6/(.*)/(.*)/(.*).htm$  /gallery/details.php?nLang=$1&iData=$3&iModule=6     [NC,L]
    RewriteRule         ^(.*)/(.*)/(.*)/(.*).htm$    /home/page.php?nLang=$1&iData=$3                     [NC,L,QSA]
    RewriteRule         ^(.*)/$                      /home/index.php?nLang=$1                              [NC,L]

它适用于所有页面，除非我输入一些不存在的路径，例如:

It works pretty fine for all the pages, except when I type in some non existing paths like:

/it/dummy/
/it/dummy/dummy/
/it/dummy/dummy/dummy/
etc...

我得到的不是 404 错误页面，而是显示 PHP 警告和有关丢失变量和包含文件的通知的页面，这可能会导致安全问题和恶意攻击

Instead of 404 error page, I get a page exposing PHP warning and notices about missing variables and include files, that could lead to security problems and malicious attacks

我尝试了几种方法来获得使用此类路径的 RegExp(因此我可以将用户重定向到 404 页面)，但没有成功:拜托，你能帮我吗?提前致谢

I tried several things to get a RegExp that work with such paths (so I can redirect the user to the 404 page), but no luck: please, can you help me? Thanks in advance

推荐答案

把你最后的规则改成这个，

Change your last rule to this,

# If the request is not for a valid directory
RewriteCond %{REQUEST_FILENAME} !-d
# If the request is not for a valid file
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([a-z]+)/$ home/index.php?nLang=$1 [L,QSA,NC]

那样它只会处理语言参数，例如/it/ 或 /en/ 但会让其他 URL 例如/it/dummy/ 转到 404 处理程序.

That way it will only handle language parameter e.g. /it/ or /en/ but will let other URLs e.g. /it/dummy/ go to 404 handler.

这篇关于在 .htaccess 中重写 url，虚拟路径不会导致 404 页面，但会暴露 PHP 警告的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！