[英]Should I disable mod_rails for images and stylesheets directories?
I had a rare error in my Rails application. 我在Rails应用程序中遇到一个罕见的错误。 A CSS file was referring to non existing image files. 一个CSS文件引用了不存在的图像文件。 And missing PNG file was somehow mapped to a controller action. 丢失的PNG文件以某种方式映射到控制器操作。 Fortunately the action wasn't changing DB. 幸运的是,该操作并没有改变数据库。 This seems to be not OK that missing PNG can trigger controller action. 缺少PNG可能会触发控制器动作,这似乎并不正确。
So should I disable mod_rails for static asset directories? 那么我应该为静态资产目录禁用mod_rails吗? However I've never heard this is required for Rails apps. 但是我从未听说过Rails应用程序需要这样做。
It is definitely a good idea, since if you allow any kind of image upload the target destination is usually the asset directory. 绝对是个好主意,因为如果您允许上传任何类型的图像,则目标位置通常是资产目录。 Normally the user can quite easily upload a php or ruby file instead, so disabling all mod_evil_script
for these directories is a good idea in general. 通常,用户可以很容易地上传php或ruby文件,因此,禁用这些目录的所有mod_evil_script
通常是一个好主意。
You should be serving static assets directly via Apache anyway, because it's faster. 无论如何,您应该直接通过Apache服务静态资产,因为它更快。 Let Rails do what it's designed to do which is handle dynamic requests. 让Rails进行旨在处理动态请求的设计。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.