stackoom
  简体   繁体   中英

.htaccess redirect is showing absolute path of the 404.php file. How to avoid that?

 原文  2021-02-19 22:50:11       php/ apache/ .htaccess/ redirect/ http-status-code-404

Question

I have main domain xyz.com and it's home folder is /home/username/public_html/

On the same server I also have subdomain sub.xyz.com and it's home folder is /home/username/public_html/subfolder/

I am creating a web site for subdomain and I'm trying to do some redirects using .htaccess file. I have placed 404.php file in subdomain's home directory. There is also .htaccess file for subdomain and.htpassword file too. For the purpose of this test I have renamed .htaccess file of the main domain and simplified version of my subdomain's .htaccess file looks like this:

ErrorDocument 404 /404.php
RewriteEngine on
RewriteRule ^\. /404.php [R=404,L]

When I write non-existing filename eg sub.xyz.com/non.existing the address in browser stays the same and I'm presented with the content of 404.php file. Fine.

But when I write existing filename eg sub.xyz.com/.htpassword , the address in browser change to this: sub.xyz.com/home/username/public_html/subfolder/404.php thus revealing my directory structure.

Oddly enough same happens when I write non-existing filename sub.xyz.com/.htpasswords , but everything is OK for non-existing filenames sub.xyz.com/.htpasswor & sub.xyz.com/.htpassword1

What should I do so that behaviour would be the same for existing & non-existing files?

Address should stay the same equally for all cases or change to sub.xyz.com/404.php equally for all cases.

1 answers

solution1
 0  2021-02-21 13:07:50

Since @arkascha choose not to gave straightforward answer but to hint what should be changed, I'm going to write it down. Now, when I knew where exactly is the problem I have found in Apache documentation on page RewriteRule Flags under "Forbidden" the answer to my question

This example uses the "-" syntax for the rewrite target, which means that the requested URI is not modified.

So the proper .htaccess part look like this:

ErrorDocument 404 /404.php
RewriteEngine on
RewriteRule ^\. - [R=404,L]

So this way, URI stays the same and user is presented with the content of 404.php file, like I wanted.

Another important notice: example I have used is a bad one and I have moved file.htpassword bellow folder public_html, but it is useful for other files that you don't want to reveal their presence to malicious user

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ErrorDocument 404 /404.php is not working in .htaccess file in PHP How to redirect 404 error to 404.php page? How to Change echo Error Query to redirect 404.php? Redirect query string to 404.php .htaccess not redirecting to 404.php instead shows page name Unable to redirect Not Found Page to 404.php (gae php yaml) How can I redirect to 404.php when the page doesn't really exist? How can i redirect to my ownpage before the 404.php page redirection? Redirect using .htaccess file. How? Wordpress 404.php 301 redirect but exclude one directory
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM