"欺骗" 404未找到错误与的.htaccess [英] "Spoofing" a 404 not found error with .htaccess
问题描述
我的.htaccess当前为没有时间重写任何东西,或大幅削减至相当于以.php扩展名通过以下(使富内部拉起foo.php):
的RewriteCond%{} REQUEST_FILENAME!-f
的RewriteCond%{} REQUEST_FILENAME!-d
的RewriteCond%{} REQUEST_FILENAME!(。*)\。PHP
的RewriteCond%{REQUEST_FILENAME} \ PHP -f
重写规则^([^ /] +)$ $ 1.PHP [L,NS]
不过,我想为foo.php回来了404,就好像该文件不存在(就好像有人试图foo.asp或foo.blargh)直接请求。我知道还有的[F]和[G]标志,但我不希望禁止(403)或水涨船高(410),因为这些来自哪个不存在的文件返回(404)。
有没有办法做到这一点?
更新1
我试过
的RewriteCond%{REQUEST_FILENAME} \ .PHP $
的RewriteCond%{THE_REQUEST} ^ [AZ] {3,9} \ /.* \ PHP \ HTTP /
重写规则^(。*)$ /error.php?e=404 [R = 404,L,NS]
其中一期工程...直到我尝试使用ErrorDocument处理程序。假设error.php我的文档根目录,任何沿行的ErrorDocument 404 /错误?E = 404 (我也试图与error.php等)反刍错误
未找到
所请求的网址/foo.php在此服务器上找到。
此外,遇到一个500内部服务器错误错误而 试图使用ErrorDocument来处理请求。
...但试图访问实际存在一个PHP页面(如foo.php),只有当;任何企图访问一个页面,实际上不存在(,因此不会引发我的第二个重写规则)去了的ErrorDocument处理程序中指定的页面。
找到了解决方法:
的RewriteCond%{THE_REQUEST} ^ [AZ] {3,9} \(/.*)\.php
的RewriteCond%{} REQUEST_FILENAME -f
的RewriteCond%{REQUEST_URI}!^ /错误\ .PHP
重写规则。 - [R = 404,L,NS]
ErrorDocument的404 /error.php?e=404
具体地讲,第三的RewriteCond保持该错误页面请求从触发重写规则(因为 THE_REQUEST 仍然包含原来的请求(匹配第一的RewriteCond),以及错误页面确实存在(选配第二RewriteCond指令)。
请注意,第三的RewriteCond为的ErrorDocument指定的URI的格式相匹配。在error.php,我用 $ _ SERVER [REDIRECT_SCRIPT_URL] 来找出哪些文件原先要求的用户(从而使它看起来像404端上来的直接回应他们的要求)。
I have .htaccess currently set up to rewrite anything without a period or slash to the equivalent with a .php extension (so "foo" internally pulls up "foo.php") via the following:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !(.*)\.php
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^([^/.]+)$ $1.php [L,NS]
However, I'd like direct requests for "foo.php" come back with a 404 as though the file didn't exist (just as if someone tried "foo.asp" or "foo.blargh"). I know there's the [F] and [G] flags, but I don't want "forbidden" (403) or "gone" (410), as those are different results from what a nonexistent file returns (404).
Is there a way to do this?
UPDATE 1
I've tried
RewriteCond %{REQUEST_FILENAME} \.php$
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.php\ HTTP/
RewriteRule ^(.*)$ /error.php?e=404 [R=404,L,NS]
Which works... until I try to use an ErrorDocument handler. Assuming "error.php" at my document root, anything along the lines of ErrorDocument 404 /error?e=404 (i've also tried with error.php, etc) regurgitates the error
Not Found
The requested URL /foo.php was not found on this server.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
... but only when attempting to access a .php page that actually exists (such as foo.php); any attempt to access a page that actually doesn't exist (and thus doesn't trigger my second rewrite rule) goes to the page specified by the ErrorDocument handler.
Found a solution:
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ (/.*)\.php
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_URI} !^/error\.php
RewriteRule . - [R=404,L,NS]
ErrorDocument 404 /error.php?e=404
Specifically, the third RewriteCond keeps requests for the error page from triggering the RewriteRule (since the THE_REQUEST still contains the original request (matching the first RewriteCond), and the error page does indeed exist (matching the second RewriteCond).
Note that the third RewriteCond matches the URI format specified for the ErrorDocument. Within error.php, I use $_SERVER["REDIRECT_SCRIPT_URL"] to find out what file the user originally requested (thus making it look like the 404 was served as a direct response to their request).
这篇关于"欺骗" 404未找到错误与的.htaccess的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
