Apache URL 重写行为不当

发布于 2024-12-29 14:39:59 字数 1013 浏览 0 评论 0原文

我有以下设置;带有测试设置的非常简单的 URL 重写设置

// ----- test.php -----
<?php

phpinfo();
// ----- test.php -----

test.local 的配置如下。

<VirtualHost *:80>
        ServerName test
        ServerAlias test.*
        DocumentRoot /var/www/test
</VirtualHost>

<Directory "/var/www/test/">
        RewriteEngine On
        RewriteBase /
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule .* test.php/$0 [R,NE]
</Directory>

现在,如果我发出请求GET http://test.local/my-path-info,默认的phpinfo()页面将按预期显示,如果我在路径信息,这也有效。但是,如果我将编码的正斜杠 %2F 添加到 URL 中(例如 GET http://test.local/my-path-info%2fsomething-else),它显示为 404 Not found。基本上它没有到达php文件。

知道为什么会发生这种情况以及如何解决它吗?

该设置适用于 Linux (Centos 5.x) 上的 Apache 2.2.13、PHP 5.3.8。

注意:我在这里尝试做的是将正斜杠添加到路径信息组件之一中,这样它就不会被 MVC 框架中的路由器逻辑解释。如果不对其进行编码,路由器就无法区分作为路径分隔符的斜杠和作为路径组件一部分的斜杠。

I have the setup below; a very simple URL rewrite setup with a test setup

// ----- test.php -----
<?php

phpinfo();
// ----- test.php -----

The config for test.local is as below.

<VirtualHost *:80>
        ServerName test
        ServerAlias test.*
        DocumentRoot /var/www/test
</VirtualHost>

<Directory "/var/www/test/">
        RewriteEngine On
        RewriteBase /
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule .* test.php/$0 [R,NE]
</Directory>

Now if I make a request GET http://test.local/my-path-info the default phpinfo() page appears as expected, if I add slash in the path info, that works too. But if I add an encoded forward slash %2F into the URL (example GET http://test.local/my-path-info%2fsomething-else), it comes up as 404 Not found. Basically it doesn't get to the php file.

Any idea why this is happening, and how to get around it?

The setup is on Apache 2.2.13, PHP 5.3.8 on Linux (Centos 5.x).

NOTE: What I am trying to do here is to add a forward slash into one of the path-info components, such that it doesn't get interpreted by the router logic in an MVC framework. Without encoding it, the router cannot differentiate between a slash that is a path separator and the one that is part of a path component.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

牛↙奶布丁 2025-01-05 14:39:59

由于 apache 版本不支持 NoDecode 作为 AllowEncodedSlashes 的选项,我最终使用了以下组合。我还必须对请求 URI 进行双重 url 编码。不太理想,但目前对我有用。

<VirtualHost *:80>
        ServerName test
        ServerAlias test.*
        DocumentRoot /var/www/test
        AllowEncodedSlashes On
</VirtualHost>

<Directory "/var/www/test/">
        RewriteEngine On
        RewriteBase /
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d

        # Option B below was the key!
        RewriteRule .* test.php/$0 [R,NE,B]
</Directory>

Because of the apache version that doesnt support NoDecode as an option for AllowEncodedSlashes, I ended up using the below combination. I also had to double url-encode the request URI. Not ideal but works for me for the moment.

<VirtualHost *:80>
        ServerName test
        ServerAlias test.*
        DocumentRoot /var/www/test
        AllowEncodedSlashes On
</VirtualHost>

<Directory "/var/www/test/">
        RewriteEngine On
        RewriteBase /
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d

        # Option B below was the key!
        RewriteRule .* test.php/$0 [R,NE,B]
</Directory>
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文