Apache DirectorySlash Off - 站点中断
如果我在 .htaccess 文件中设置 DirectorySlash Off 并调用目录不带尾部斜杠,我会收到 403-Forbidden代码> 来自我的服务器。如果我用斜杠调用它,一切都会正常。
有人能解释一下为什么吗?这是我的完全匿名的 .htaccess:
# GLOBAL CONFIG
Options +FollowSymlinks
DirectorySlash Off
AddDefaultCharset utf-8
php_value post_max_size 256M
php_value upload_max_filesize 256M
# BEGIN WordPress
RewriteEngine On
RewriteBase /folder/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /folder/index.php [L]
# END WordPress
# REMOVE WWW
RewriteCond %{HTTP_HOST} ^([^.]+)\.domain\.com$ [NC]
RewriteRule ^(.*)$ http://domain.com$1 [R=301,L]
If i set DirectorySlash Off in my .htaccess file and call the directory without the trailing slash i get an 403-Forbidden from my server. If i call it with slash everything works fine.
Could anyone explain why? Here are my fully anonymized .htaccess:
# GLOBAL CONFIG
Options +FollowSymlinks
DirectorySlash Off
AddDefaultCharset utf-8
php_value post_max_size 256M
php_value upload_max_filesize 256M
# BEGIN WordPress
RewriteEngine On
RewriteBase /folder/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /folder/index.php [L]
# END WordPress
# REMOVE WWW
RewriteCond %{HTTP_HOST} ^([^.]+)\.domain\.com$ [NC]
RewriteRule ^(.*)$ http://domain.com$1 [R=301,L]
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
正如您根据文档所知,当
DirectorySlash设置为Off时,对/folder的请求没有DirectoryIndex评价。这意味着请求不会自动映射到/folder/index.php。mod_dir在请求处理的“修复”阶段执行此检查。mod_rewrite负责您的RewriteRule定义,当您在.htaccess文件中指定规则时,它也会在此阶段执行其处理。然而,它是在对诸如
mod_dir之类的模块进行编程时进行编程的,并包含一项检查以确保使用尾部斜杠来请求当前目录。如果不是,它会拒绝处理该请求,因为这样做可能会导致未定义的行为。然后,请求进入内容生成阶段,由于请求未映射到真实文件,因此该阶段由 mod_autoindex 处理。鉴于默认情况下您的主机上禁用了
索引,mod_autoindex将返回403 Forbidden,这就是您所看到的。请注意,由于
DirectoryIndex未评估,即使mod_rewrite处理请求,它仍然会失败,因为没有自动解析为 < code>index.php 将会发生,并且您的规则将不匹配,因为
.需要对某些内容进行匹配(但请求将为空白)。启用
DirectorySlash通过更正前面提到的所有场景中阻止的操作(最后一个注释除外)来防止这种情况,这是通过DirectoryIndex将请求映射到无论如何,index.php。As you know per the documentation, when
DirectorySlashis set toOff, requests to/folderdo not haveDirectoryIndexevaluated. This means that the request will not be automatically mapped to/folder/index.php.mod_dirperforms this check in the "fixup" phase of the request processing.mod_rewrite, which is responsible for yourRewriteRuledefinitions, also performs its processing in this phase when you specify the rules in a.htaccessfile.However, it was programmed with an awareness of modules like
mod_dir, and includes a check to make sure that the current directory was requested with a trailing slash. If not, it declines to handle the request, since doing so might lead to undefined behaviour.The request then moves on to the content-generation phase, which, since the request was not mapped to a real file, is handled by
mod_autoindex. Given thatIndexesare disabled on your host by default,mod_autoindexreturns403 Forbiddenwhich is what you see.Note that since
DirectoryIndexis not evaluated, even ifmod_rewritewere to process the request, it would still fail, because no auto-resolution toindex.phpwould occur, and your rulewouldn't match, because the
.requires a match on something (but the request would be blank).Enabling
DirectorySlashprevents this scenario by correcting the prevented actions in all of the previously mentioned scenarios except the last note, which is taken care of by the fact thatDirectoryIndexmaps the request toindex.phpanyway.使用 Apache 2.4,您可以通过设置
RewriteOptions AllowNoSlash允许在 .htaccess 文件中重写。请参阅 mod_rewrite 的 Apache 文档
With Apache 2.4 you can allow rewrites in .htaccess files by setting
RewriteOptions AllowNoSlash.See Apache documentation of mod_rewrite
我认为是因为当您关闭 DirectorySlash 时,它会禁用 url 的自动更正,并且它会尝试显示目录列表,但幸运的是您可能已在某处(或文件权限中)禁用了此功能,因此它会发送 403-Forbidden。我想当你打开它时,它会正常工作。
据我从文档中了解到,出于安全考虑,使用 DirectorySlash off 并不是很好。
http://httpd.apache.org/docs/2.1/mod/mod_dir。 html
I think because when you turn DirectorySlash off, it disable the autocorrection of the url and it is trying to show the directory list but fortunately you have probably disabled this somewhere (or in file permissions) so it sends a 403-Forbidden. I guess that when you turn it on, it works normally.
From what I understand from the docs, it is not very good to use DirectorySlash off for security.
http://httpd.apache.org/docs/2.1/mod/mod_dir.html
正如Tom已经回答的那样,RewriteOptions有一个特殊的选项,但仅适用于Apache 2.3.16+,所以如果你像我一样,有一个旧版本的apache,那么你不能重写同一目录的url,因为apache不会了解这个目录。
例子:
“GET /somedir”将指向 重写日志,但是(!)访问日志中请求的文件名(%f)仍将
/var/www/html/public/somedir/ - 这是疯狂的 apache 逻辑。 apache 会向您显示 503 (没有选项+索引)或目录列表(否则)带有错误的 url,例如 /subdir/ 而不是 /somedir/subdir/所以,我只找到了一种对我有效的解决方案 - 使用别名:
希望这对 2020 年以后的其他人有所帮助:D
As Tom already answered, there is special option for RewriteOptions, but only for Apache 2.3.16+, so if you, like me, have an apache of the older version, then you cannot rewrite url for same directory, because apache doesn't know about this directory.
Example:
"GET /somedir" will point to
<Directory /var/www/html/public>in rewrite log, but(!) requested filename (%f) in access log will still/var/www/html/public/somedir/- this is crazy apache logic. And apache will show you either 503 (without Options +Indexes) or directory listing (otherwise) with wrong urls such as /subdir/ instead of /somedir/subdir/So, I've found only one worked solution for me - using aliases:
Hope this helps someone else in 2020+ :D