[英]htaccess: Protecting manual re-write of URL address
Is it possible to protect single website URL or multiple from being manually altered? 是否可以防止单个网站URL或多个 网站URL被手动更改?
Example: 例:
www.example.com/here-is-example-url/1234/page/
- this is correct URL www.example.com/here-is-example-url/1234/page/
这是正确的网址
www.example.com/here-is-example
- bad URL (manually altered) or www.example.com/here-is-example
错误的网址(手动更改)或
www.example.com/here-is-
- bad URL (manually altered) or www.example.com/here-is-
错误的网址(手动更改)或
www.example.com/here-is-example-2
- bad URL (manually altered) www.example.com/here-is-example-2
错误的网址(手动更改)
At the moment I do redirect such altered addresses to homepage with last RewriteRule , but I rather see some solution to detect manual altering of URLs and block access for such visitor. 目前,我确实使用上一个RewriteRule将这样更改的地址重定向到主页,但是我宁愿看到一些解决方案来检测URL的手动更改并阻止此类访问者的访问。
What RewriteRule or RewriteCond will prevent this? 什么RewriteRule或RewriteCond可以防止这种情况?
here is what i have so far: 这是我到目前为止所拥有的:
#redirect to canonical url if no ending slash
RewriteRule ^([A-Za-z0-9-]+)/([0-9]+)/page$ $1/$2/page/ [R,L]
#redirect to canonical url if anything behind slash
RewriteRule ^([A-Za-z0-9-]+)/([0-9]+)/page/(.+)$ $1/$2/page/ [R,L]
#rewrite to PHP file if visiting the canonical url
RewriteRule ^([A-Za-z0-9-]+)/([0-9]+)/page/$ page.php?val1=$1&val2=$2 [L]
#redirect to Homepage url if no other rule match with missing ending slash
RewriteCond %{REQUEST_URI} !(/$|\.)
RewriteRule (.*) http://www.domain.com/ [R,L]
In case this can't be resolved by some RewriteRule is it possible to redirect such behavior to 500 access denied? 如果某些RewriteRule无法解决此问题,是否可以将这种行为重定向到500次访问被拒绝?
You can use the F orbidden flag 您可以使用F禁止标志
RewriteRule here-is-example$ - [F,L]
as you mentioned, the above rule only catches the first example. 正如您提到的,以上规则仅捕获第一个示例。
Most people don't see HTTP status codes, you could use an ErrorDocument to display a custom error message. 大多数人看不到HTTP状态代码,您可以使用ErrorDocument来显示自定义错误消息。
ErrorDocument 404 /access-denied.html
https://httpd.apache.org/docs/2.4/custom-error.html https://httpd.apache.org/docs/2.4/custom-error.html
Be careful, because there is no way to know whether someone has the wrong URL due to a cut and paste error or deliberate probing of your site. 请小心,因为无法知道某人是由于剪切和粘贴错误还是对您的网站的故意探测而输入了错误的URL。
This isn't something you should worry about. 这不是您应该担心的事情。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.