htaccess：保护手动重写URL地址

Question

Is it possible to protect single website URL or multiple from being manually altered?

Example:

www.example.com/here-is-example-url/1234/page/ - this is correct URL

www.example.com/here-is-example - bad URL (manually altered) or

www.example.com/here-is- - bad URL (manually altered) or

www.example.com/here-is-example-2 - bad URL (manually altered)

At the moment I do redirect such altered addresses to homepage with last RewriteRule , but I rather see some solution to detect manual altering of URLs and block access for such visitor.

What RewriteRule or RewriteCond will prevent this?

here is what i have so far:

#redirect to canonical url if no ending slash
RewriteRule ^([A-Za-z0-9-]+)/([0-9]+)/page$ $1/$2/page/ [R,L]
#redirect to canonical url if anything behind slash
RewriteRule ^([A-Za-z0-9-]+)/([0-9]+)/page/(.+)$ $1/$2/page/ [R,L]
#rewrite to PHP file if visiting the canonical url
RewriteRule ^([A-Za-z0-9-]+)/([0-9]+)/page/$ page.php?val1=$1&val2=$2 [L]

#redirect to Homepage url if no other rule match with missing ending slash
RewriteCond %{REQUEST_URI} !(/$|\.) 
RewriteRule (.*) http://www.domain.com/ [R,L]

In case this can't be resolved by some RewriteRule is it possible to redirect such behavior to 500 access denied?

Answer 1

You can use the F orbidden flag

RewriteRule here-is-example$ - [F,L]

as you mentioned, the above rule only catches the first example.

Most people don't see HTTP status codes, you could use an ErrorDocument to display a custom error message.

ErrorDocument 404 /access-denied.html 

https://httpd.apache.org/docs/2.4/custom-error.html

Be careful, because there is no way to know whether someone has the wrong URL due to a cut and paste error or deliberate probing of your site.

This isn't something you should worry about.