有没有办法强制apache返回404而不是403？

发布于 2024-08-06 10:19:24 字数 263 浏览 12 评论 0原文

有没有办法将 Apache Web 服务器配置为返回 404（未找到）错误代码，而不是对于我想要禁止访问的某些特定目录返回 403（禁止）？

我发现一些建议使用mod_rewrite的解决方案，例如

RewriteEngine On
RewriteRule ^.*$ /404 [L]

发送404而不是403的目的是为了混淆目录结构，这个解决方案太暴露了，因为它重定向到一些不同的位置，这使得很明显最初访问的目录事实上确实存在。

原文

Is there a way how I can configure the Apache web server to return a 404 (not found) error code instead of 403 (forbidden) for some specific directories which I want to disallow to be accessed?

I found some solutions suggesting the use of mod_rewrite, like e.g.

RewriteEngine On
RewriteRule ^.*$ /404 [L]

As the purpose of sending 404 instead of 403 is to obfuscate the directory structure, this solution is too revealing, because it redirects to some different location which makes it obvious that the directory originally accessed does in fact exist.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

送你一个梦 2024-08-13 10:19:24

RedirectMatch 如例如

RedirectMatch 404 /\.

所示，它禁止访问所有以点开头的文件或目录，都会出现“404 Not Found”错误。

Apache 手册中写道：“Redirect[Match] 指令通过要求客户端在新位置重新获取资源，将旧 URL 映射到新 URL。”默认情况下， Redirect 发送 302 返回代码，但它还可以返回其他状态代码，如上所示。

RedirectMatch as in e.g.

RedirectMatch 404 /\.

does the trick, it prohibits access to all files or directories starting with a dot, giving a "404 Not Found" error.

From the Apache manual: "The Redirect[Match] directive maps an old URL into a new one by asking the client to refetch the resource at the new location." By default, Redirect sends a 302 return code, but it can also return other status codes as shown above.

回复收藏 0 原文

烟酉 2024-08-13 10:19:24

您可以制作如下内容：

.htaccess

错误文档403 /error/404.php

404.php

<?php
$status = $_SERVER['REDIRECT_STATUS'] = 404;
header( $_SERVER['SERVER_PROTOCOL'] . ' ' . $status);
?>

404 Error

You can make something like this:

.htaccess

ErrorDocument 403 /error/404.php

404.php

<?php
$status = $_SERVER['REDIRECT_STATUS'] = 404;
header( $_SERVER['SERVER_PROTOCOL'] . ' ' . $status);
?>

404 Error

回复收藏 0 原文

丶视觉 2024-08-13 10:19:24

遇到同样的问题后，我最终得到了以下 .htaccess 文件。

Options -Indexes
RewriteCond %{HTTP_HOST} ^(www\.)?mydomain.com [NC]
RewriteRule ^(.*)/$ - [R=404,NC]

第一行和第三行确保您无法列出文件夹内容，如果这样做，您将收到 404 错误。
RewriteCond 指令确保此重写规则仅适用于主域。由于我有几个子域，没有 rewritecond，访问 www.mydomain.com/subdomain 也会返回 404，这不是我想要的。

After having the same problem, I ended up with the following .htaccess file

Options -Indexes
RewriteCond %{HTTP_HOST} ^(www\.)?mydomain.com [NC]
RewriteRule ^(.*)/$ - [R=404,NC]

The 1st and 3rd line ensure that you can't list the folder content, and if you do it you will receive a 404 error.
The RewriteCond directive ensures that this rewrite rule only applies to main domain. Since I have several subdomains, without the rewritecond, accessing www.mydomain.com/subdomain was also returning a 404, which was not what I intended.

回复收藏 0 原文