[英]Apache2, php5-fpm - file extension not required
I've set up a server using PHP5-FPM (using PHP 5.3.27) and apache2. 我已经使用PHP5-FPM(使用PHP 5.3.27)和apache2设置了服务器。
There is an api.php
file in the doc root, and using mod_rewrite i've got this rule in .htaccess: 在文档根目录中有一个
api.php
文件,使用mod_rewrite我在.htaccess中有了以下规则:
RewriteEngine on
RewriteRule ^api/rest api.php?type=rest [QSA,L]
RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule .* index.php [L]
So what i want is for everything except exact file matches to be passed to index.php
所以我想要的是除精确文件匹配项之外的所有内容都传递给
index.php
What is happening, however, is when i go to /api/
the api.php
is being loaded, instead of the request being forwarded to the index.php
但是,发生的是当我转到
/api/
,正在加载api.php
,而不是将请求转发到index.php
I've gone through the documentation, googled thoroughly (unless i'm not using the right keywords), and checked out both the apache and php configuration. 我仔细阅读了文档,对Google进行了彻底的搜索(除非我没有使用正确的关键字),并检查了apache和php的配置。 This doesn't happen on our live server or our development servers that use a conbination of nginx and php5-fpm or apache and mod_php5
这在使用nginx和php5-fpm或apache和mod_php5的组合的实时服务器或开发服务器上不会发生
My Apache config for the vhost is: 我的虚拟主机的Apache配置是:
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName admin.localhost
ServerAlias *.localhost
<Directory "/var/www/html">
Options FollowSymLinks MultiViews ExecCGI
AllowOverride All
Order deny,allow
Allow from all
</Directory>
# Wire up Apache to use Travis CI's php-fpm.
<IfModule mod_fastcgi.c>
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -host 127.0.0.1:9000 -pass-header Authorization
</IfModule>
</VirtualHost>
EDIT I've investigated further: 编辑我已经进一步调查:
RewriteCond %{REQUEST_FILENAME} !-f
- the rewrite works RewriteCond %{REQUEST_FILENAME} !-f
- RewriteCond %{REQUEST_FILENAME} !-f
重写有效 .php
file they get loaded without the extension - not non-php files only work with the extension. .php
文件-并非非PHP文件仅适用于扩展名。 Try replacing: 尝试更换:
Options FollowSymLinks MultiViews ExecCGI
By: 通过:
Options FollowSymLinks -MultiViews ExecCGI
The MultiViews keyword comes from mod_negociation and can have a lot of side-effects. MultiViews关键字来自mod_negociation ,可能会有很多副作用。 One of theses effect is that it can scan for known extensions, when you request 'api' it can scan for api.php' or 'api.html' files and redirect internally the requests on theses files.
这些影响之一是,它可以扫描已知的扩展名,当您请求“ api”时,它可以扫描api.php'或'api.html'文件,并在内部重定向对这些文件的请求。
From http://httpd.apache.org/docs/2.2/content-negotiation.html#multiviews : 来自http://httpd.apache.org/docs/2.2/content-negotiation.html#multiviews :
The effect of MultiViews is as follows: if the server receives a request for /some/dir/foo, if /some/dir has MultiViews enabled, and /some/dir/foo does not exist, then the server reads the directory looking for files named foo.*, and effectively fakes up a type map which names all those files, assigning them the same media types and content-encodings it would have if the client had asked for one of them by name.
MultiViews的作用如下:如果服务器收到对/ some / dir / foo的请求,如果/ some / dir启用了MultiViews,并且/ some / dir / foo不存在,则服务器将读取目录以查找名为foo。*的文件,并有效地伪造了一个类型图,该类型图对所有这些文件进行了命名,为它们分配了与客户端要求通过名称提供的相同的媒体类型和内容编码。 It then chooses the best match to the client's requirements.
然后,它选择最符合客户要求的匹配项。
To me this seems like a big hole, some considers it a feature. 对我来说,这似乎是个大漏洞,有人认为这是一个功能。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.