[英]Is there a way to force apache to return 404 instead of 403?
Is there a way how I can configure the Apache web server to return a 404 (not found) error code instead of 403 (forbidden) for some specific directories which I want to disallow to be accessed?有没有一种方法可以配置 Apache web 服务器返回 404(未找到)错误代码而不是 403(禁止)对于我不想允许访问的某些特定目录?
I found some solutions suggesting the use of mod_rewrite, like eg我发现了一些建议使用 mod_rewrite 的解决方案,例如
RewriteEngine On
RewriteRule ^.*$ /404 [L]
As the purpose of sending 404 instead of 403 is to obfuscate the directory structure, this solution is too revealing, because it redirects to some different location which makes it obvious that the directory originally accessed does in fact exist.由于发送 404 而不是 403 的目的是混淆目录结构,这个解决方案太暴露了,因为它重定向到一些不同的位置,这很明显最初访问的目录确实存在。
RedirectMatch as in eg 重定向匹配,例如
RedirectMatch 404 /\.
does the trick, it prohibits access to all files or directories starting with a dot, giving a "404 Not Found" error.诀窍是,它禁止访问以点开头的所有文件或目录,并给出“404 Not Found”错误。
From the Apache manual: "The Redirect[Match] directive maps an old URL into a new one by asking the client to refetch the resource at the new location."来自 Apache 手册:“Redirect[Match] 指令通过要求客户端在新位置重新获取资源来将旧 URL 映射到新 URL。” By default, Redirect sends a 302 return code, but it can also return other status codes as shown above.
默认情况下,重定向发送 302 返回码,但它也可以返回其他状态码,如上所示。
You can make something like this:你可以做这样的事情:
.htaccess .htaccess
ErrorDocument 403 /error/404.php
错误文档 403 /error/404.php
404.php 404.php
<?php
$status = $_SERVER['REDIRECT_STATUS'] = 404;
header( $_SERVER['SERVER_PROTOCOL'] . ' ' . $status);
?>
404 Error
After having the same problem, I ended up with the following .htaccess file遇到同样的问题后,我最终得到了以下 .htaccess 文件
Options -Indexes
RewriteCond %{HTTP_HOST} ^(www\.)?mydomain.com [NC]
RewriteRule ^(.*)/$ - [R=404,NC]
The 1st and 3rd line ensure that you can't list the folder content, and if you do it you will receive a 404 error.第 1 行和第 3 行确保您无法列出文件夹内容,如果您这样做,您将收到 404 错误。 The RewriteCond directive ensures that this rewrite rule only applies to main domain.
RewriteCond指令确保此重写规则仅适用于主域。 Since I have several subdomains, without the rewritecond, accessing www.mydomain.com/subdomain was also returning a 404, which was not what I intended.
由于我有几个子域,没有 rewritecond,访问 www.mydomain.com/subdomain 也会返回 404,这不是我想要的。
In my opinion making this task in .htaccess
is quite ugly solution.在我看来,在
.htaccess
完成这个任务是非常丑陋的解决方案。
It is possible to make it in apache configuration.可以在 apache 配置中进行。 Take a look:
看一看:
Add to your apache config:添加到您的 apache 配置:
ErrorDocument 403 /404
Then restart apache:然后重启apache:
service apache2 restart
That is all.就这些。
To change all 403,400 errors into 404 errors, put this at the end of /etc/apache2/conf.d/localized-error-pages OR into a .htaccess要将所有 403,400 错误更改为 404 错误,请将其放在/etc/apache2/conf.d/localized-error-pages的末尾或放入.htaccess
# Will raise a 404 error, because the file <fake_file_for_apache_404.php> doesn't exist.
# We change 403 or 400 to 404 !
ErrorDocument 400 /fake_file_for_apache_404.php
ErrorDocument 403 /fake_file_for_apache_404.php
# We need to rewrite 404 error, else we will have "fake_file_for_apache_404.php not found"
ErrorDocument 404 "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL <script type=\"text/javascript\">document.write(document.location.pathname);</script> was not found on this server.</p></body></html>"
ErrorDocument 500 "Server in update. Please comme back later."
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.