有没有办法强制apache返回404而不是403? [英] Is there a way to force apache to return 404 instead of 403?

问题描述

有没有一种方法可以配置 Apache Web 服务器，为某些我想禁止访问的特定目录返回 404(未找到)错误代码而不是 403(禁止)?

Is there a way how I can configure the Apache web server to return a 404 (not found) error code instead of 403 (forbidden) for some specific directories which I want to disallow to be accessed?

我发现了一些建议使用 mod_rewrite 的解决方案，例如

I found some solutions suggesting the use of mod_rewrite, like e.g.

RewriteEngine On
RewriteRule ^.*$ /404 [L]

由于发送 404 而不是 403 的目的是混淆目录结构，这个解决方案太暴露了，因为它重定向到一些不同的位置，这使得最初访问的目录确实存在.

As the purpose of sending 404 instead of 403 is to obfuscate the directory structure, this solution is too revealing, because it redirects to some different location which makes it obvious that the directory originally accessed does in fact exist.

推荐答案

RedirectMatch 如在例如

RedirectMatch 404 /\.

成功了，它禁止访问所有以点开头的文件或目录，给出404 Not Found"错误.

does the trick, it prohibits access to all files or directories starting with a dot, giving a "404 Not Found" error.

来自 Apache 手册:Redirect[Match] 指令通过要求客户端在新位置重新获取资源来将旧 URL 映射到新 URL."默认情况下，Redirect 发送 302 返回码，但它也可以返回如上所示的其他状态码.

From the Apache manual: "The Redirect[Match] directive maps an old URL into a new one by asking the client to refetch the resource at the new location." By default, Redirect sends a 302 return code, but it can also return other status codes as shown above.

这篇关于有没有办法强制apache返回404而不是403?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！