Apache DirectorySlash Off - 站点中断

发布于 2024-09-10 06:00:11 字数 720 浏览 7 评论 0原文

如果我在 .htaccess 文件中设置 DirectorySlash Off 并调用目录不带尾部斜杠,我会收到 403-Forbidden代码> 来自我的服务器。如果我用斜杠调用它,一切都会正常。

有人能解释一下为什么吗?这是我的完全匿名的 .htaccess

# GLOBAL CONFIG
Options +FollowSymlinks
DirectorySlash Off
AddDefaultCharset utf-8
php_value post_max_size 256M
php_value upload_max_filesize 256M

# BEGIN WordPress
RewriteEngine On
RewriteBase /folder/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /folder/index.php [L]
# END WordPress

# REMOVE WWW
RewriteCond %{HTTP_HOST} ^([^.]+)\.domain\.com$ [NC]
RewriteRule ^(.*)$ http://domain.com$1 [R=301,L]

If i set DirectorySlash Off in my .htaccess file and call the directory without the trailing slash i get an 403-Forbidden from my server. If i call it with slash everything works fine.

Could anyone explain why? Here are my fully anonymized .htaccess:

# GLOBAL CONFIG
Options +FollowSymlinks
DirectorySlash Off
AddDefaultCharset utf-8
php_value post_max_size 256M
php_value upload_max_filesize 256M

# BEGIN WordPress
RewriteEngine On
RewriteBase /folder/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /folder/index.php [L]
# END WordPress

# REMOVE WWW
RewriteCond %{HTTP_HOST} ^([^.]+)\.domain\.com$ [NC]
RewriteRule ^(.*)$ http://domain.com$1 [R=301,L]

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

本王不退位尔等都是臣 2024-09-17 06:00:11

正如您根据文档所知,当 DirectorySlash 设置为 Off 时,对 /folder 的请求没有 DirectoryIndex评价。这意味着请求不会自动映射到/folder/index.php

mod_dir 在请求处理的“修复”阶段执行此检查。 mod_rewrite 负责您的 RewriteRule 定义,当您在 .htaccess 文件中指定规则时,它也会在此阶段执行其处理。

然而,它是在对诸如 mod_dir 之类的模块进行编程时进行编程的,并包含一项检查以确保使用尾部斜杠来请求当前目录。如果不是,它会拒绝处理该请求,因为这样做可能会导致未定义的行为。

然后,请求进入内容生成阶段,由于请求未映射到真实文件,因此该阶段由 mod_autoindex 处理。鉴于默认情况下您的主机上禁用了索引mod_autoindex将返回403 Forbidden,这就是您所看到的。

请注意,由于 DirectoryIndex 未评估,即使 mod_rewrite 处理请求,它仍然会失败,因为没有自动解析为 < code>index.php 将会发生,并且您的规则

RewriteRule . /folder/index.php [L]

将不匹配,因为 . 需要对某些内容进行匹配(但请求将为空白)。

启用 DirectorySlash 通过更正前面提到的所有场景中阻止的操作(最后一个注释除外)来防止这种情况,这是通过 DirectoryIndex 将请求映射到无论如何,index.php

As you know per the documentation, when DirectorySlash is set to Off, requests to /folder do not have DirectoryIndex evaluated. This means that the request will not be automatically mapped to /folder/index.php.

mod_dir performs this check in the "fixup" phase of the request processing. mod_rewrite, which is responsible for your RewriteRule definitions, also performs its processing in this phase when you specify the rules in a .htaccess file.

However, it was programmed with an awareness of modules like mod_dir, and includes a check to make sure that the current directory was requested with a trailing slash. If not, it declines to handle the request, since doing so might lead to undefined behaviour.

The request then moves on to the content-generation phase, which, since the request was not mapped to a real file, is handled by mod_autoindex. Given that Indexes are disabled on your host by default, mod_autoindex returns 403 Forbidden which is what you see.

Note that since DirectoryIndex is not evaluated, even if mod_rewrite were to process the request, it would still fail, because no auto-resolution to index.php would occur, and your rule

RewriteRule . /folder/index.php [L]

wouldn't match, because the . requires a match on something (but the request would be blank).

Enabling DirectorySlash prevents this scenario by correcting the prevented actions in all of the previously mentioned scenarios except the last note, which is taken care of by the fact that DirectoryIndex maps the request to index.php anyway.

北陌 2024-09-17 06:00:11

使用 Apache 2.4,您可以通过设置 RewriteOptions AllowNoSlash 允许在 .htaccess 文件中重写。

 Changes with Apache 2.3.16
 ...
 *) mod_rewrite: Add the AllowNoSlash RewriteOption, which makes it possible
    for RewriteRules to be placed in .htaccess files that match the directory
    with no trailing slash. PR 48304.
    [Matthew Byng-Maddick <matthew byng-maddick bbc.co.uk>]
 ...

请参阅 mod_rewrite 的 Apache 文档

With Apache 2.4 you can allow rewrites in .htaccess files by setting RewriteOptions AllowNoSlash.

 Changes with Apache 2.3.16
 ...
 *) mod_rewrite: Add the AllowNoSlash RewriteOption, which makes it possible
    for RewriteRules to be placed in .htaccess files that match the directory
    with no trailing slash. PR 48304.
    [Matthew Byng-Maddick <matthew byng-maddick bbc.co.uk>]
 ...

See Apache documentation of mod_rewrite

梦里°也失望 2024-09-17 06:00:11

我认为是因为当您关闭 DirectorySlash 时,它会禁用 url 的自动更正,并且它会尝试显示目录​​列表,但幸运的是您可能已在某处(或文件权限中)禁用了此功能,因此它会发送 403-Forbidden。我想当你打开它时,它会正常工作。
据我从文档中了解到,出于安全考虑,使用 DirectorySlash off 并不是很好。
http://httpd.apache.org/docs/2.1/mod/mod_dir。 html

I think because when you turn DirectorySlash off, it disable the autocorrection of the url and it is trying to show the directory list but fortunately you have probably disabled this somewhere (or in file permissions) so it sends a 403-Forbidden. I guess that when you turn it on, it works normally.
From what I understand from the docs, it is not very good to use DirectorySlash off for security.
http://httpd.apache.org/docs/2.1/mod/mod_dir.html

放低过去 2024-09-17 06:00:11

正如Tom已经回答的那样,RewriteOptions有一个特殊的选项,但仅适用于Apache 2.3.16+,所以如果你像我一样,有一个旧版本的apache,那么你不能重写同一目录的url,因为apache不会了解这个目录。

例子:
“GET /somedir”将指向 重写日志,但是(!)访问日志中请求的文件名(%f)仍将 /var/www/html/public/somedir/ - 这是疯狂的 apache 逻辑。 apache 会向您显示 503 (没有选项+索引)或目录列表(否则)带有错误的 url,例如 /subdir/ 而不是 /somedir/subdir/

所以,我只找到了一种对我有效的解决方案 - 使用别名:

AliasMatch "/somedir$" "/var/www/html/public/somedir/index.html"

希望这对 2020 年以后的其他人有所帮助:D

As Tom already answered, there is special option for RewriteOptions, but only for Apache 2.3.16+, so if you, like me, have an apache of the older version, then you cannot rewrite url for same directory, because apache doesn't know about this directory.

Example:
"GET /somedir" will point to <Directory /var/www/html/public> in rewrite log, but(!) requested filename (%f) in access log will still /var/www/html/public/somedir/ - this is crazy apache logic. And apache will show you either 503 (without Options +Indexes) or directory listing (otherwise) with wrong urls such as /subdir/ instead of /somedir/subdir/

So, I've found only one worked solution for me - using aliases:

AliasMatch "/somedir$" "/var/www/html/public/somedir/index.html"

Hope this helps someone else in 2020+ :D

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文