Apache URL 重写行为不当
我有以下设置;带有测试设置的非常简单的 URL 重写设置
// ----- test.php -----
<?php
phpinfo();
// ----- test.php -----
test.local 的配置如下。
<VirtualHost *:80>
ServerName test
ServerAlias test.*
DocumentRoot /var/www/test
</VirtualHost>
<Directory "/var/www/test/">
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* test.php/$0 [R,NE]
</Directory>
现在,如果我发出请求GET http://test.local/my-path-info
,默认的phpinfo()
页面将按预期显示,如果我在路径信息,这也有效。但是,如果我将编码的正斜杠 %2F
添加到 URL 中(例如 GET http://test.local/my-path-info%2fsomething-else
),它显示为 404 Not found
。基本上它没有到达php文件。
知道为什么会发生这种情况以及如何解决它吗?
该设置适用于 Linux (Centos 5.x) 上的 Apache 2.2.13、PHP 5.3.8。
注意:我在这里尝试做的是将正斜杠添加到路径信息组件之一中,这样它就不会被 MVC 框架中的路由器逻辑解释。如果不对其进行编码,路由器就无法区分作为路径分隔符的斜杠和作为路径组件一部分的斜杠。
I have the setup below; a very simple URL rewrite setup with a test setup
// ----- test.php -----
<?php
phpinfo();
// ----- test.php -----
The config for test.local is as below.
<VirtualHost *:80>
ServerName test
ServerAlias test.*
DocumentRoot /var/www/test
</VirtualHost>
<Directory "/var/www/test/">
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* test.php/$0 [R,NE]
</Directory>
Now if I make a request GET http://test.local/my-path-info
the default phpinfo()
page appears as expected, if I add slash in the path info, that works too. But if I add an encoded forward slash %2F
into the URL (example GET http://test.local/my-path-info%2fsomething-else
), it comes up as 404 Not found
. Basically it doesn't get to the php file.
Any idea why this is happening, and how to get around it?
The setup is on Apache 2.2.13, PHP 5.3.8 on Linux (Centos 5.x).
NOTE: What I am trying to do here is to add a forward slash into one of the path-info components, such that it doesn't get interpreted by the router logic in an MVC framework. Without encoding it, the router cannot differentiate between a slash that is a path separator and the one that is part of a path component.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
由于 apache 版本不支持
NoDecode
作为AllowEncodedSlashes
的选项,我最终使用了以下组合。我还必须对请求 URI 进行双重 url 编码。不太理想,但目前对我有用。Because of the apache version that doesnt support
NoDecode
as an option forAllowEncodedSlashes
, I ended up using the below combination. I also had to double url-encode the request URI. Not ideal but works for me for the moment.