Heim  >  Artikel  >  Backend-Entwicklung  >  Wie umgeht mod_rewrite die URL-Erkennungsroutine von Apache?

Wie umgeht mod_rewrite die URL-Erkennungsroutine von Apache?

WBOY
WBOYOriginal
2016-10-12 10:04:101154Durchsuche

有以下规则

<code><IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteOptions AllowAnyURI
  Options +FollowSymLinks 
  RewriteBase /
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteRule ^(.*)$ /index.php/$1 [QSA,PT,L]
</IfModule></code>

我需要如下的URL模式:/resource:36

Log:

<code>[Wed Oct 12 09:02:01.484346 2016] [core:error] [pid 17112:tid 1888] (20024)The given path is misformatted or contained invalid characters: [client 127.0.0.1:60133] AH00036: access to /resource:36 failed (filesystem path 'D:/Server/three/public/resource:36')
[Wed Oct 12 09:02:01.486347 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] AH01626: authorization result of Require all granted: granted
[Wed Oct 12 09:02:01.486347 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] AH01626: authorization result of <RequireAny>: granted
[Wed Oct 12 09:02:01.488348 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] AH01626: authorization result of Require all granted: granted
[Wed Oct 12 09:02:01.489347 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] AH01626: authorization result of <RequireAny>: granted
[Wed Oct 12 09:02:01.490349 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] AH01626: authorization result of Require all granted: granted
[Wed Oct 12 09:02:01.490349 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] AH01626: authorization result of <RequireAny>: granted
[Wed Oct 12 09:02:01.492351 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] AH01626: authorization result of Require all granted: granted
[Wed Oct 12 09:02:01.492351 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] AH01626: authorization result of <RequireAny>: granted</code>

不重写就没问题:/index.php/resource:36
我找到了如下参考

mod_rewrite

AllowAnyURI

When RewriteRule is used in VirtualHost or server context with version 2.2.22 or later of httpd, mod_rewrite will only process the rewrite rules if the request URI is a URL-path. This avoids some security issues where particular rules could allow "surprising" pattern expansions (see CVE-2011-3368 and CVE-2011-4317). To lift the restriction on matching a URL-path, the AllowAnyURI option can be enabled, and mod_rewrite will apply the rule set to any request URI string, regardless of whether that string matches the URL-path grammar required by the HTTP specification.
Available in Apache HTTP Server 2.4.3 and later.

是我理解错了么?
PS:sourceforge有这样格式的url:
https://sourceforge.net/directory/natlanguage:chinesesimplified/os:windows/


补充:
类似如下的重写机制,个人亲测,在Apache的URL检测时期就返回403了,根本轮不到url重写模块

<code>RewriteRule ^(.*)$ index.php?str=$1 [QSA,PT,L]</code>

回复内容:

有以下规则

<code><IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteOptions AllowAnyURI
  Options +FollowSymLinks 
  RewriteBase /
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteRule ^(.*)$ /index.php/$1 [QSA,PT,L]
</IfModule></code>

我需要如下的URL模式:/resource:36

Log:

<code>[Wed Oct 12 09:02:01.484346 2016] [core:error] [pid 17112:tid 1888] (20024)The given path is misformatted or contained invalid characters: [client 127.0.0.1:60133] AH00036: access to /resource:36 failed (filesystem path 'D:/Server/three/public/resource:36')
[Wed Oct 12 09:02:01.486347 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] AH01626: authorization result of Require all granted: granted
[Wed Oct 12 09:02:01.486347 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] AH01626: authorization result of <RequireAny>: granted
[Wed Oct 12 09:02:01.488348 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] AH01626: authorization result of Require all granted: granted
[Wed Oct 12 09:02:01.489347 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] AH01626: authorization result of <RequireAny>: granted
[Wed Oct 12 09:02:01.490349 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] AH01626: authorization result of Require all granted: granted
[Wed Oct 12 09:02:01.490349 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] AH01626: authorization result of <RequireAny>: granted
[Wed Oct 12 09:02:01.492351 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] AH01626: authorization result of Require all granted: granted
[Wed Oct 12 09:02:01.492351 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] AH01626: authorization result of <RequireAny>: granted</code>

不重写就没问题:/index.php/resource:36
我找到了如下参考

mod_rewrite

AllowAnyURI

When RewriteRule is used in VirtualHost or server context with version 2.2.22 or later of httpd, mod_rewrite will only process the rewrite rules if the request URI is a URL-path. This avoids some security issues where particular rules could allow "surprising" pattern expansions (see CVE-2011-3368 and CVE-2011-4317). To lift the restriction on matching a URL-path, the AllowAnyURI option can be enabled, and mod_rewrite will apply the rule set to any request URI string, regardless of whether that string matches the URL-path grammar required by the HTTP specification.
Available in Apache HTTP Server 2.4.3 and later.

是我理解错了么?
PS:sourceforge有这样格式的url:
https://sourceforge.net/directory/natlanguage:chinesesimplified/os:windows/


补充:
类似如下的重写机制,个人亲测,在Apache的URL检测时期就返回403了,根本轮不到url重写模块

<code>RewriteRule ^(.*)$ index.php?str=$1 [QSA,PT,L]</code>

思路大概是这样的,你写正则表达式的规则从URL抓取字符串,转发到index.php,当成一个参数,然后你自己写逻辑去解析这个字符串

所以你重写规则应该改成类似

<code>RewriteRule ^(.*)$ index.php?str=$1 [QSA,PT,L]</code>

然后尝试在str中解析,然后内部路由到具体类、方法执行再响应

Stellungnahme:
Der Inhalt dieses Artikels wird freiwillig von Internetnutzern beigesteuert und das Urheberrecht liegt beim ursprünglichen Autor. Diese Website übernimmt keine entsprechende rechtliche Verantwortung. Wenn Sie Inhalte finden, bei denen der Verdacht eines Plagiats oder einer Rechtsverletzung besteht, wenden Sie sich bitte an admin@php.cn