Apache，.htaccess：FilesMatch匹配URI或真实文件名？ [英] Apache, .htaccess: FilesMatch matches URIs or real file names?

问题描述

这是关于Apache的，特别是 .htaccess 指令。

This is about Apache, and in particular .htaccess directives.

我们假设 /index.htm 存在。

我希望允许访问文件的白名单（仅限 .htm ），所以我想出了这个：

I want to have a whitelist of files allowed to be accessed (only .htm), so I've come up with this:

Order deny,allow
Deny from all
<FilesMatch "\.htm$">
  Allow from all
</FilesMatch>

我看到的是请求 www.domain.com/index。 htm 一切正常，但在请求 www.domain.com （空URI）时我收到403响应（当然我应该得到默认 index.htm 代替。）

What I see is that when requesting www.domain.com/index.htm all works fine, but when requesting just www.domain.com (empty URI) I get a 403 response (of course I should get the default index.htm instead).

经过一些测试我发现这是因为空字符串不是FilesMatch允许，所以我想知道我是否理解得很好： [问题＃1a] 我可以说FilesMatch匹配URI而不直接匹配真实文件名（一个在文件系统中？？

After some testing I've discovered that it's because the empty string is not allowed by FilesMatch, so I'm wondering if I have understood well: [question #1a] can I say that FilesMatch matches the URI and not directly the real filename (the one in the filesystem)?

在此之后我试图用以下内容重写空字符串：

After this I have tried to rewrite the empty string with:

RewriteEngine on
RewriteRule ^$ index.htm [L]

没有运气，所以 [问题＃1b] 我可以说FilesMatch拒绝访问之前任何重写或我做错了吗？

with no luck, so [question #1b] can I say that FilesMatch denies access before any rewrite or am I doing something wrong?

最终唯一可行的解​​决方案我想出的是在FilesMatch的regexp中包含空字符串：

In the end the only working solution I've come up with is including the empty string in FilesMatch's regexp:

<FilesMatch "(^|\.htm)$">

[问题＃2] 这真的是最好的，甚至是唯一的办法解决这个问题？我无法在网络上找到我的解决方案，所以我担心我从一开始就做错了什么......

[question #2] Is this really the best, or even the only way to solve this problem? I can't find my solution around in the web, so I fear I'm doing something wrong from the very beginning...

谢谢！

推荐答案

关于你的主要问题和问题1a，FilesMatch匹配文件路径，使用LocationMatch匹配网址。

Regarding your main question and question 1a, FilesMatch matches on file paths, use LocationMatch to match urls.

这里记录在案： http：// httpd.apache.org/docs/2.0/sections.html#file-and-web

你的问题1b，mod_rewrite可以在授权开始之前重写，如这里说明： http://httpd.apache.org/docs/2.0/ mod / mod_rewrite.html＃InternalAPI

Your question 1b, mod_rewrite can rewrite before authorization start, as stated here : http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#InternalAPI

我不清楚为什么你的重写规则不起作用，但我通常写道：

It's not clear to me why your rewrite rule didn't work, however i usually write :

RewriteRule ^/$ index.htm [L]

IIRC，因为两者都有/在服务器URL和文件夹内，但我可能在这一点上错了。

IIRC because there is always a "/", both on the server url and inside a folder, but I might be wrong on this point.

这篇关于Apache，.htaccess：FilesMatch匹配URI或真实文件名？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！