Apache,.htaccess:FilesMatch匹配URI或真实文件名? [英] Apache, .htaccess: FilesMatch matches URIs or real file names?
问题描述
这是关于Apache的,特别是 .htaccess
指令。
This is about Apache, and in particular .htaccess
directives.
我们假设 /index.htm
存在。
我希望允许访问文件的白名单(仅限 .htm
),所以我想出了这个:
I want to have a whitelist of files allowed to be accessed (only .htm
), so I've come up with this:
Order deny,allow
Deny from all
<FilesMatch "\.htm$">
Allow from all
</FilesMatch>
我看到的是请求 www.domain.com/index。 htm
一切正常,但在请求 www.domain.com
(空URI)时我收到403响应(当然我应该得到默认 index.htm
代替。)
What I see is that when requesting www.domain.com/index.htm
all works fine, but when requesting just www.domain.com
(empty URI) I get a 403 response (of course I should get the default index.htm
instead).
经过一些测试我发现这是因为空字符串不是FilesMatch允许,所以我想知道我是否理解得很好: [问题#1a] 我可以说FilesMatch匹配URI而不直接匹配真实文件名(一个在文件系统中??
After some testing I've discovered that it's because the empty string is not allowed by FilesMatch, so I'm wondering if I have understood well: [question #1a] can I say that FilesMatch matches the URI and not directly the real filename (the one in the filesystem)?
在此之后我试图用以下内容重写空字符串:
After this I have tried to rewrite the empty string with:
RewriteEngine on
RewriteRule ^$ index.htm [L]
没有运气,所以 [问题#1b] 我可以说FilesMatch拒绝访问之前任何重写或我做错了吗?
with no luck, so [question #1b] can I say that FilesMatch denies access before any rewrite or am I doing something wrong?
最终唯一可行的解决方案我想出的是在FilesMatch的regexp中包含空字符串:
In the end the only working solution I've come up with is including the empty string in FilesMatch's regexp:
<FilesMatch "(^|\.htm)$">
[问题#2] 这真的是最好的,甚至是唯一的办法解决这个问题?我无法在网络上找到我的解决方案,所以我担心我从一开始就做错了什么......
[question #2] Is this really the best, or even the only way to solve this problem? I can't find my solution around in the web, so I fear I'm doing something wrong from the very beginning...
谢谢!
推荐答案
关于你的主要问题和问题1a,FilesMatch匹配文件路径,使用LocationMatch匹配网址。
Regarding your main question and question 1a, FilesMatch matches on file paths, use LocationMatch to match urls.
这里记录在案: http:// httpd.apache.org/docs/2.0/sections.html#file-and-web
你的问题1b,mod_rewrite可以在授权开始之前重写,如这里说明: http://httpd.apache.org/docs/2.0/ mod / mod_rewrite.html#InternalAPI
Your question 1b, mod_rewrite can rewrite before authorization start, as stated here : http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#InternalAPI
我不清楚为什么你的重写规则不起作用,但我通常写道:
It's not clear to me why your rewrite rule didn't work, however i usually write :
RewriteRule ^/$ index.htm [L]
IIRC,因为两者都有/在服务器URL和文件夹内,但我可能在这一点上错了。
IIRC because there is always a "/", both on the server url and inside a folder, but I might be wrong on this point.
这篇关于Apache,.htaccess:FilesMatch匹配URI或真实文件名?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!