我应该为图像和样式表目录禁用mod_rails吗?
[英]Should I disable mod_rails for images and stylesheets directories?
问题描述
I had a rare error in my Rails application. 
我在Rails应用程序中遇到一个罕见的错误。 A CSS file was referring to non existing image files. 一个CSS文件引用了不存在的图像文件。 And missing PNG file was somehow mapped to a controller action. 丢失的PNG文件以某种方式映射到控制器操作。 Fortunately the action wasn't changing DB. 幸运的是,该操作并没有改变数据库。 This seems to be not OK that missing PNG can trigger controller action. 缺少PNG可能会触发控制器动作,这似乎并不正确。
So should I disable mod_rails for static asset directories? 那么我应该为静态资产目录禁用mod_rails吗? However I've never heard this is required for Rails apps. 但是我从未听说过Rails应用程序需要这样做。
2 个解决方案
解决方案1
0 已采纳 2009-09-29 14:42:07
It is definitely a good idea, since if you allow any kind of image upload the target destination is usually the asset directory. 绝对是个好主意,因为如果您允许上传任何类型的图像,则目标位置通常是资产目录。 Normally the user can quite easily upload a php or ruby file instead, so disabling all mod_evil_script for these directories is a good idea in general. 通常,用户可以很容易地上传php或ruby文件,因此,禁用这些目录的所有mod_evil_script通常是一个好主意。
解决方案2
0 2009-09-29 15:01:55
You should be serving static assets directly via Apache anyway, because it's faster. 无论如何,您应该直接通过Apache服务静态资产,因为它更快。 Let Rails do what it's designed to do which is handle dynamic requests. 让Rails进行旨在处理动态请求的设计。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.