在Apache中使用REGEX在配置文件和.htaccess中的指令中使用
如果我正确理解下一个代码中的表达式.ht*将与.ht开头的所有内容匹配,所以我的.ht_lalala是安全的。
<Files ".ht*">
Require all denied
</Files>
但是下一个呢?
(^\。ht |〜$ | back | back | backup | backup $)
匹配文件是否正确:.htaccess,back back ,备份,备份?或接下来会更好
(^\。ht*| back*| back*$)
我想了解的是〜$实际上是在我的代码中(以正则模式)。我不知道为什么以及何时将其放在那里,但是我的代码中有它,现在我怀疑这是正确的。
我知道有关正则的基本知识,什么是^和$,而*表示0或n。 >〜在模式中没有意义,除非它只是一个简单的字符,并且除了〜之外,它无能为力。我已经阅读了Apache文档,我猜对于多个匹配文件匹配,目录match更好,但是正式表达式也可以在指令中使用:文件和目录,并添加〜字符,如文档示例中所述。
<Files ~ "\.(gif|jpe?g|png)$">
#...
</Files>
好吧,我想要的是知道如何匹配不同的文件或目录。
还有一件事,我应该逃脱。吗?因为默认的httpd.conf不这样做。或者对于httpd.conf和.htaccess(对我没有意义)的
更新
回答我自己的问题,我如何与Regex匹配此 .ht,.htacccess,.htpasswd,back,back,bac. ,返回,备份,备份,首先,我决定以。(dot)的名义使用我想要隐藏的任何东西。其次,我发现简洁的模式^(\ ..*)$将完成工作,将为我提供所需的东西。或^\。 更好!所以,如果将来我想隐藏一些东西,我只在名称开始时添加。
在这里,下一个代码将拒绝从网络访问任何名称以。(测试,工作)开头的任何文件和目录
。
<FilesMatch "^\.">
Require all denied
</FilesMatch>
<DirectoryMatch "^\.">
Require all denied
</DirectoryMatch>
访问 a href =“ https://stackoverflow.com/a/722291982/10324990”> @mrwhite澄清和简化我的方法,所以我坚持使用此方法(已测试,works,works)
野外卡片字符串匹配:
<Files ".*">
Require all denied
</Files>
<Directory ".*">
Require all denied
</Directory>
If I understand correctly expression .ht* in the next code will match all that starts with .ht, so my .ht_lalala is safe.
<Files ".ht*">
Require all denied
</Files>
But what about next one?
(^\.ht|~$|back|BACK|backup|BACKUP$)
Is it correct for matching files: .htaccess, back, backup, BACKUP? Or next will be better instead
(^\.ht*|back*|BACK*$)
What I'd like to understand is what ~$ actually means in my code (in RegEx pattern). I don't know why and when I put it there, but I have it in my code, and now I doubt that it's correct.
I know basic things about RegEx, what is ^ and $, and that * means 0 or N from previous text/token, but ~ doesn't make sense inside the pattern, unless it's just a simple character and it does nothing but literally matches ~. I've read Apache docs, I guess for multiple matches FilesMatch and DirectoryMatch is better, however regular expressions can also be used on directives: Files and Directory, with the addition of the ~ character, as is stated in the docs examples.
<Files ~ "\.(gif|jpe?g|png)quot;>
#...
</Files>
And well, what I want exactly is to know how to match different files or directories.
One more thing, should I escape the .? Because default httpd.conf doesn't do so. Or it's just different for httpd.conf and .htaccess (which doesn't make sense to me)
UPDATE
Answering to my own question, how do I match with RegEx any of this .ht, .htaccess, .htpasswd, back, BACK, backup, BACKUP, first at all I decided to use . (dot) in the name of anything I want to hide. Secondly, I found out that laconic pattern ^(\..*)$ will do the job, will give me what I need. Or ^\. even better! So, if in the future I would like to hide something, I just add the . at the start of the name.
Here we go, next code will deny access from the web to any files and directories which names start with . (tested, works)
RegEx pattern match:
<FilesMatch "^\.">
Require all denied
</FilesMatch>
<DirectoryMatch "^\.">
Require all denied
</DirectoryMatch>
And in brilliant explanation @MrWhite clarified and simplified my method, so I stuck with this (tested, works)
Wild-card string match:
<Files ".*">
Require all denied
</Files>
<Directory ".*">
Require all denied
</Directory>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
在这种情况下,
.ht*是不是正则表达式(REGEX)。它是一个“通用卡字符串”,其中?与任何单个字符匹配,*匹配任何字符序列。 (虽然这也是有效的正则义务 - 正则态度会有所不同)。这是一个正则(在
&lt; files&gt;指令中都无法使用,而无需启用与〜参数匹配的正格图案 - 如您所使用的那样稍后。)在此正则时,
〜$匹配任何以字面〜(tilde cartare)结尾的字符串。这有时用于标记备份文件。它还匹配...
.ht的字符串(自然包含.htaccess)。backback back back> backup back back (匹配备份显然是多余的)的字符串)。backup结尾的字符串。因此,这看起来并不像您认为它在做的事情。
这是有效的正则义务,显然您已经恢复了“通用卡”图案匹配的混合。请记住,在Regex说话中,
*量词匹配上一个令牌0或更多次。它与“任何字符”不匹配,例如通配符模式匹配。这仍然与“ .htaccess”匹配,但这仅仅是因为该模式没有锚定。例如,
^\。ht*$(带有串线锚)将 not> not 匹配“ .htaccess”。使用
文件指令,〜参数启用REGEX模式匹配。 (正如您所说的。)这与〜在Regex模式本身内使用时有很大不同。我认为您正在将事情混合在一起。在您的第一个示例中,它不是正则是“通用卡”模式(如上所述)。在这种情况下,
。不得反斜击esc。它匹配字面的。(dot)。。在这里没有特殊的含义。。仅在需要匹配正则表达式中的字面点中时才能逃脱。例如,以下内容是等效的:(
但是
,最好使用
files -match而不是files〜避免任何混乱。Files> Files Match Match是 “较新”语法。在这方面,
更新:
可以简化。您无需从字面上匹配整个文件名。您只需要断言文件名以一个点开头(这要高得多)。因此,您不需要 capture (括号为子图案)文件名 - 您没有对此做任何事情。
要断言文件名从使用Regex的点开始,然后只需使用
^\。- 仅此而已。例如:请记住,默认情况下,正则量音量词(例如
*)是 greedy ,因此您无需遵循。*在匹配文件名时,用串联锚定锚。因此,在此上下文中,Regex。*实际上是相同的。两者都匹配整个文件名。 (在此上下文中没有新的字符。)^。*$和可以通过根本不使用正则表达式并使用带有香草
&lt;文件&gt;Directive的通用卡字符串模式来进一步“简化”。例如,这与:nb:这不是正则。这是一个字面的点,后跟任何数量的字符(通用卡语法)。
In this context,
.ht*is not a regular expression (regex). It is a "wild-card string", where?matches any single character, and*matches any sequence of characters. (Whilst this is also a valid regex - a regex would match differently).This is a regex (it cannot be used in the
<Files>directive as you have written above, without enabling regex pattern matching with the~argument - as you have used later.)In this regex,
~$matches any string that ends with a literal~(tilde character). This is sometimes used to mark backup files.It also matches...
.ht(which naturally includes.htaccess).backorBACKorbackup(matchingbackupis obviously redundant).BACKUP.Consequently, this does not look like it's doing quite what you think it's doing.
Whilst this is a valid regex, you've obviously reverted back to a mix of "wild-card" pattern matching. Bear in mind that in regex speak, the
*quantifier matches the previous token 0 or more times. It does not match "any characters", as in wild-card pattern matching.This still matches ".htaccess", but only because the pattern is not anchored. For example,
^\.ht*$(with an end-of-string anchor) would not match ".htaccess".With the
Filesdirective, the~argument enables regex pattern matching. (As you've stated.) This is quite different from when~is used inside the regex pattern itself.I think you're mixing things up. In your first example, it's not a regex, it's a "wild-card" pattern (as stated above). In this context, the
.must not be backslash-escaped. It matches a literal.(dot). The.carries no special meaning here. The.should only be escaped if you need to match a literal dot in a regular expression.For example, the following are equivalent:
and
(However, it is preferable to use
FilesMatchinstead ofFiles ~to avoid any confusion.FilesMatchis "newer" syntax.)There is no difference between
httpd.confand.htaccessin this regard.UPDATE:
This can be simplified. You do not need to literally match the entire filename. You simply need to assert that the filename starts with a dot (and this is much more efficient). Consequently, you do not need to capture (parenthesised subpattern) the filename - you are not doing anything with it.
To assert that the filename starts with a dot using regex, then just use
^\.- nothing more. For example:Bear in mind that regex quantifiers (eg.
*) are greedy by default, so you do not need to follow a pattern like.*with an end-of-string anchor when matching a filename. So, the regex^.*$and.*are effectively the same in this context. Both match the entire filename. (There are no newline characters in this context.)This can be further "simplified" by not using regex at all and using a wild-card string pattern with a vanilla
<Files>directive. For example, this is the same as:NB: This is not a regex. It is a literal dot followed by any number of characters (wild-card syntax).
apache手册涵盖了这一点。
〜启用Regex。没有它,您只需访问通配符?和*即可。据我所知,Apache使用了Regex的PCRE风味。
因此,一旦您通过
〜启用了正则态度,然后使用 https:// regex101。 com/r/lpkmhk/1 测试您编写的正则表达式的行为。The Apache manual covers this.
~enables regex. Without it, you just get access to wildcards?and*.As far as I know Apache uses the PCRE flavor of regex.
So once you've enabled regex via
~then use https://regex101.com/r/lPkMHK/1 to test the behavior of the regex you've written.