您好,欢迎访问一九零五行业门户网

mod_rewrite 如何避过Apache的URL检测例程?

有以下规则
rewriteengine on rewriteoptions allowanyuri options +followsymlinks rewritebase / rewritecond %{request_filename} !-d rewritecond %{request_filename} !-f rewriterule ^(.*)$ /index.php/$1 [qsa,pt,l]

我需要如下的url模式:/resource:36
log:[wed oct 12 09:02:01.484346 2016] [core:error] [pid 17112:tid 1888] (20024)the given path is misformatted or contained invalid characters: [client 127.0.0.1:60133] ah00036: access to /resource:36 failed (filesystem path 'd:/server/three/public/resource:36')[wed oct 12 09:02:01.486347 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] ah01626: authorization result of require all granted: granted[wed oct 12 09:02:01.486347 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] ah01626: authorization result of : granted[wed oct 12 09:02:01.488348 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] ah01626: authorization result of require all granted: granted[wed oct 12 09:02:01.489347 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] ah01626: authorization result of : granted[wed oct 12 09:02:01.490349 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] ah01626: authorization result of require all granted: granted[wed oct 12 09:02:01.490349 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] ah01626: authorization result of : granted[wed oct 12 09:02:01.492351 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] ah01626: authorization result of require all granted: granted[wed oct 12 09:02:01.492351 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] ah01626: authorization result of : granted

不重写就没问题:/index.php/resource:36
我找到了如下参考
mod_rewriteallowanyuriwhen rewriterule is used in virtualhost or server context with version 2.2.22 or later of httpd, mod_rewrite will only process the rewrite rules if the request uri is a url-path. this avoids some security issues where particular rules could allow surprising pattern expansions (see cve-2011-3368 and cve-2011-4317). to lift the restriction on matching a url-path, the allowanyuri option can be enabled, and mod_rewrite will apply the rule set to any request uri string, regardless of whether that string matches the url-path grammar required by the http specification.
available in apache http server 2.4.3 and later.
是我理解错了么?
ps:sourceforge有这样格式的url:
https://sourceforge.net/directory/natlanguage:chinesesimplified/os:windows/
补充:
类似如下的重写机制,个人亲测,在apache的url检测时期就返回403了,根本轮不到url重写模块
rewriterule ^(.*)$ index.php?str=$1 [qsa,pt,l]


回复内容: 有以下规则
rewriteengine on rewriteoptions allowanyuri options +followsymlinks rewritebase / rewritecond %{request_filename} !-d rewritecond %{request_filename} !-f rewriterule ^(.*)$ /index.php/$1 [qsa,pt,l]

我需要如下的url模式:/resource:36
log:[wed oct 12 09:02:01.484346 2016] [core:error] [pid 17112:tid 1888] (20024)the given path is misformatted or contained invalid characters: [client 127.0.0.1:60133] ah00036: access to /resource:36 failed (filesystem path 'd:/server/three/public/resource:36')[wed oct 12 09:02:01.486347 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] ah01626: authorization result of require all granted: granted[wed oct 12 09:02:01.486347 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] ah01626: authorization result of : granted[wed oct 12 09:02:01.488348 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] ah01626: authorization result of require all granted: granted[wed oct 12 09:02:01.489347 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] ah01626: authorization result of : granted[wed oct 12 09:02:01.490349 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] ah01626: authorization result of require all granted: granted[wed oct 12 09:02:01.490349 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] ah01626: authorization result of : granted[wed oct 12 09:02:01.492351 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] ah01626: authorization result of require all granted: granted[wed oct 12 09:02:01.492351 2016] [authz_core:debug] [pid 17112:tid 1888] mod_authz_core.c(806): [client 127.0.0.1:60133] ah01626: authorization result of : granted

不重写就没问题:/index.php/resource:36
我找到了如下参考
mod_rewriteallowanyuriwhen rewriterule is used in virtualhost or server context with version 2.2.22 or later of httpd, mod_rewrite will only process the rewrite rules if the request uri is a url-path. this avoids some security issues where particular rules could allow surprising pattern expansions (see cve-2011-3368 and cve-2011-4317). to lift the restriction on matching a url-path, the allowanyuri option can be enabled, and mod_rewrite will apply the rule set to any request uri string, regardless of whether that string matches the url-path grammar required by the http specification.
available in apache http server 2.4.3 and later.
是我理解错了么?
ps:sourceforge有这样格式的url:
https://sourceforge.net/directory/natlanguage:chinesesimplified/os:windows/
补充:
类似如下的重写机制,个人亲测,在apache的url检测时期就返回403了,根本轮不到url重写模块
rewriterule ^(.*)$ index.php?str=$1 [qsa,pt,l]


思路大概是这样的,你写正则表达式的规则从url抓取字符串,转发到index.php,当成一个参数,然后你自己写逻辑去解析这个字符串
所以你重写规则应该改成类似
rewriterule ^(.*)$ index.php?str=$1 [qsa,pt,l]


然后尝试在str中解析,然后内部路由到具体类、方法执行再响应
其它类似信息

推荐信息