“欺骗".htaccess 的 404 not found 错误 [英] "Spoofing" a 404 not found error with .htaccess
问题描述
我目前设置了 .htaccess 以通过以下方式将任何没有句点或斜线的内容重写为具有 .php 扩展名的等效文件(因此foo"在内部提取foo.php"):
RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteCond %{REQUEST_FILENAME} !(.*)\.phpRewriteCond %{REQUEST_FILENAME}\.php -f重写规则 ^([^/.]+)$ $1.php [L,NS]但是,我希望对foo.php"的直接请求返回 404,就好像该文件不存在一样(就像有人尝试过foo.asp"或foo.blargh"一样).我知道有 [F] 和 [G] 标志,但我不想要禁止"(403)或消失"(410),因为这些与不存在的文件返回的结果不同(404).
有没有办法做到这一点?
更新 1
我试过了
RewriteCond %{REQUEST_FILENAME} \.php$RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\/.*\.php\ HTTP/重写规则 ^(.*)$/error.php?e=404 [R=404,L,NS]哪个有效...直到我尝试使用 ErrorDocument 处理程序.假设我的文档根目录为error.php",任何类似 ErrorDocument 404/error?e=404(我也尝试过使用 error.php 等)的内容都会反刍错误
未找到
在此服务器上找不到请求的 URL/foo.php.
此外,在运行时遇到 500 Internal Server Error 错误尝试使用 ErrorDocument 来处理请求.
... 但仅在尝试访问实际存在的 .php 页面时(例如 foo.php);任何访问实际上不存在的页面(因此不会触发我的第二个重写规则)的尝试都会转到 ErrorDocument 处理程序指定的页面.
找到解决方案:
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ (/.*)\.phpRewriteCond %{REQUEST_FILENAME} -fRewriteCond %{REQUEST_URI} !^/error\.php重写规则.- [R=404,L,NS]错误文档 404/error.php?e=404具体来说,第三个 RewriteCond 阻止对错误页面的请求触发 RewriteRule(因为 THE_REQUEST 仍然包含原始请求(匹配第一个 RewriteCond),并且错误页面确实存在(匹配第二个 RewriteCond).
请注意,第三个 RewriteCond 与为 ErrorDocument 指定的 URI 格式匹配.在 error.php 中,我使用 $_SERVER["REDIRECT_SCRIPT_URL"] 找出用户最初请求的文件(从而使 404 看起来像是对其请求的直接响应).
I have .htaccess currently set up to rewrite anything without a period or slash to the equivalent with a .php extension (so "foo" internally pulls up "foo.php") via the following:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !(.*)\.php
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^([^/.]+)$ $1.php [L,NS]
However, I'd like direct requests for "foo.php" come back with a 404 as though the file didn't exist (just as if someone tried "foo.asp" or "foo.blargh"). I know there's the [F] and [G] flags, but I don't want "forbidden" (403) or "gone" (410), as those are different results from what a nonexistent file returns (404).
Is there a way to do this?
UPDATE 1
I've tried
RewriteCond %{REQUEST_FILENAME} \.php$
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.php\ HTTP/
RewriteRule ^(.*)$ /error.php?e=404 [R=404,L,NS]
Which works... until I try to use an ErrorDocument handler. Assuming "error.php" at my document root, anything along the lines of ErrorDocument 404 /error?e=404 (i've also tried with error.php, etc) regurgitates the error
Not Found
The requested URL /foo.php was not found on this server.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
... but only when attempting to access a .php page that actually exists (such as foo.php); any attempt to access a page that actually doesn't exist (and thus doesn't trigger my second rewrite rule) goes to the page specified by the ErrorDocument handler.
Found a solution:
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ (/.*)\.php
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_URI} !^/error\.php
RewriteRule . - [R=404,L,NS]
ErrorDocument 404 /error.php?e=404
Specifically, the third RewriteCond keeps requests for the error page from triggering the RewriteRule (since the THE_REQUEST still contains the original request (matching the first RewriteCond), and the error page does indeed exist (matching the second RewriteCond).
Note that the third RewriteCond matches the URI format specified for the ErrorDocument. Within error.php, I use $_SERVER["REDIRECT_SCRIPT_URL"] to find out what file the user originally requested (thus making it look like the 404 was served as a direct response to their request).
这篇关于“欺骗".htaccess 的 404 not found 错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
