问题描述
我有一个.htaccess文件,该文件目前看起来像:
I have a .htaccess file that currently looks like:
<Files .htaccess>
order allow,deny
deny from all
</Files>
Options All -Indexes
IndexIgnore *
# Respond to /include/ with 404 instead of 403
RewriteEngine On
RedirectMatch 404 ^/include(/?|/.*)$
我试图阻止所有人都知道/include/的存在,但是我遇到了一个问题.
I'm trying to prevent everyone from knowing that /include/ exists, however I've come across an issue.
尽管访问 http://www.example.com/include 会给出404,但浏览器会添加斜杠(因此给出 http://www.example.com/include/)表示该目录实际上在那里,但正在被伪装.当访问实际的404时,不添加斜杠.
Although visiting http://www.example.com/include gives a 404, the browser adds an end slash (thus giving http://www.example.com/include/) which shows that the directory is in fact there, but is being disguised. When an actual 404 is visited, an end slash is not appended.
有没有办法防止这种行为?
Is there a way to prevent this behavior?
推荐答案
1..您可以使用DirectorySlash Off
告诉Apache不要在目录末尾添加斜杠.
1. You can use DirectorySlash Off
to tell Apache to not to add trailing slash at the end of directories.
2..如果您实际上不使用重写引擎(基于提供的代码),为什么要使用RewriteEngine On
? RedirectMatch
与mod_rewrite
无关.
2. Why use RewriteEngine On
if you do not actually use rewrite engine (based on the code you have provided)? RedirectMatch
has nothing to do with mod_rewrite
.
3..如果您想在此处使用 mod_rewrite ,请尝试使用此规则-它会为/include
文件夹返回404代码(带斜杠和不带斜杠)以及该文件中的任何资源(例如/include/main.php
等).
3. If you want to use mod_rewrite here, then try this rule -- it will return 404 code for /include
folder (with and without trailing slash) as well as ANY resource inside that file (e.g. /include/main.php
etc).
RewriteEngine On
RewriteRule ^include(/|/.+)?$ - [R=404,L]
这篇关于.htaccess-使目录不可见的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!