In my .htaccess file I have defined the following rule to make my register page URL as http://example.com/register/
在我的.htaccess文件中,我定义了以下规则,使我的注册页面URL为http://example.com/register/
RewriteRule register/ /register.php
The above rule is perfectly fine but I can access my register page from http://example.com/register/ as well as from http://example.com/register.php.
上面的规则非常好,但我可以从http://example.com/register/以及http://example.com/register.php访问我的注册页面。
I don't want that user will be able to access the URL from http://example.com/register.php URL, is there any RULE which I can define in .htaccess to stop execution of register.php URL or simply redirect any direct register.php request to /register/
我不希望该用户能够访问http://example.com/register.php URL中的URL,是否有我可以在.htaccess中定义的RULE来停止执行register.php URL或只是重定向任何直接register.php请求/ register /
6 个解决方案
#1
If you are doing this to avoid getting multiple links to the same content, you can simply don't use "register.php" anywhere on your page. I think no search engine will "guess" for a certain file type and if there are no security concerns you are on the safe side, because in my opinion no user will link to this file either. However if you want to be certain just reroute all your functionality through an index.php via one line in your .htaccess which should be placed inside your www-root directory:
如果您这样做是为了避免获得相同内容的多个链接,您可以在页面的任何位置使用“register.php”。我认为没有搜索引擎会“猜测”某种文件类型,如果没有安全问题,那么你是安全的,因为我认为没有用户会链接到这个文件。但是,如果您想确定通过index.php通过.htaccess中的一行重新路由所有功能,该行应放在www-root目录中:
RewriteEngine on
RewriteRule ^(.*?)$ index.php?file=$1
In your index.php you can then simply choose which function/file to invoke by breaking down and checking the $_GET["file"] parameter. To make 100% certain no one can access your register.php file directly just move it (and all your others) to a separate directory and include a .htaccess file with the following line:
在index.php中,您可以通过分解并检查$ _GET [“file”]参数来简单地选择要调用的函数/文件。要100%确定没有人可以直接访问您的register.php文件,只需将它(以及所有其他人)移动到一个单独的目录,并包含一个.htaccess文件,其中包含以下行:
DENY from all
There are a couple of other options to prevent direct access. Just define() a variable somewhere in your index.php and at the top of your register.php just put
还有其他一些选项可以阻止直接访问。只需在index.php中的某个地方定义()一个变量,然后在register.php的顶部放置
defined('access') or die('Intruder alert!');
at the top. Another way could be to be honest and simply tell search engines that your content has been moved and that they no longer should use the old link:
在顶部。另一种方法可能是诚实,只是告诉搜索引擎您的内容已被移动,他们不再使用旧链接:
header("Status: 301"); /* Content moved permanently */
header("Location: http://yourserver/Register/");
exit;
Update
Just one more thing that crossed my mind, you can also check $_SERVER["REQUEST_URI"], whether the user attached any ".php" and act accordingly by either denying access completely or just redirecting to the new location.
还有一件事在我脑海中浮现,您还可以检查$ _SERVER [“REQUEST_URI”],无论用户是否附加任何“.php”并通过完全拒绝访问或仅重定向到新位置来采取相应行动。
#2
It is true that you cannot use location directive, but you can actually paste .htaccess file into any directory.
确实,您不能使用location指令,但您实际上可以将.htaccess文件粘贴到任何目录中。
Just if you put this into it, say:
如果你把它放进去,说:
Options -Indexes
order allow,deny
deny from all
you can copy paste this file into any (root) directory you want to protect from external execution.
您可以将此文件复制粘贴到要防止外部执行的任何(根)目录中。
#3
To check the initial requested URL path, you need to use the request line. So try this rule:
要检查初始请求的URL路径,您需要使用请求行。所以试试这个规则:
RewriteCond %{THE_REQUEST} ^GET\ /[^?\s]+\.php[/?\s]
RewriteRule (.+)\.php$ /$1 [L,R=301]
And then again your rule (in a slightly modified way):
然后再次你的规则(略微修改):
RewriteRule ^register/$ register.php
#4
Try this.
RewriteCond %{REQUEST_FILENAME} ^register\.php$ [NC]
RewriteRule ^/register register.php
Or this
Redirect register.php /register
#5
Ignoring the user-experience part, you can implement the new rel=canonical link to sort out the search engines.
忽略用户体验部分,您可以实现新的rel = canonical链接来整理搜索引擎。
Although, for this case you should probably just use a 301 redirect from /register.php to /register/
虽然,对于这种情况,您应该只使用/register.php中的301重定向到/ register /
In register.php
if ( stristr( $_SERVER['REQUEST_URI'], '.php' ) )
{
header ('HTTP/1.1 301 Moved Permanently');
header ('Location: /register');
}
#6
If you want to completely block /register.php by using mod_rewrite, use a variant of SleepyCod's answer:
如果你想通过使用mod_rewrite完全阻止/register.php,请使用SleepyCod的答案变体:
RewriteCond %{REQUEST_FILENAME} register\.php [NC]
RewriteCond %{IS_SUBREQ} false
RewriteRule .* - [F,L]
Explanation:
-
[NC]: Makes the condition case-insensitive, just in case you're on a windows box. - Condition 1: The requested filename is 'register.php', and
- Condition 2: The request is no subrequest (this is important, since every new round through RewriteRules actually creates subrequests).
- Rule: essentially do nothing
- Flags:
[F]: Send an 403 Forbidden header,[L]: This is the last rule to apply, skip all following rewrite rules
[NC]:使条件不区分大小写,以防您在Windows框中。
条件1:请求的文件名是'register.php',和
条件2:请求不是子请求(这很重要,因为通过RewriteRules的每个新轮实际上都会创建子请求)。
规则:基本上什么都不做
标志:[F]:发送403 Forbidden标头,[L]:这是要应用的最后一条规则,跳过所有后续重写规则
Rewriting correctly is an art by itself. I suggest you carefully read http://httpd.apache.org/docs/2.2/rewrite/.
正确地重写本身就是一门艺术。我建议你仔细阅读http://httpd.apache.org/docs/2.2/rewrite/。
Cheers,
#1
If you are doing this to avoid getting multiple links to the same content, you can simply don't use "register.php" anywhere on your page. I think no search engine will "guess" for a certain file type and if there are no security concerns you are on the safe side, because in my opinion no user will link to this file either. However if you want to be certain just reroute all your functionality through an index.php via one line in your .htaccess which should be placed inside your www-root directory:
如果您这样做是为了避免获得相同内容的多个链接,您可以在页面的任何位置使用“register.php”。我认为没有搜索引擎会“猜测”某种文件类型,如果没有安全问题,那么你是安全的,因为我认为没有用户会链接到这个文件。但是,如果您想确定通过index.php通过.htaccess中的一行重新路由所有功能,该行应放在www-root目录中:
RewriteEngine on
RewriteRule ^(.*?)$ index.php?file=$1
In your index.php you can then simply choose which function/file to invoke by breaking down and checking the $_GET["file"] parameter. To make 100% certain no one can access your register.php file directly just move it (and all your others) to a separate directory and include a .htaccess file with the following line:
在index.php中,您可以通过分解并检查$ _GET [“file”]参数来简单地选择要调用的函数/文件。要100%确定没有人可以直接访问您的register.php文件,只需将它(以及所有其他人)移动到一个单独的目录,并包含一个.htaccess文件,其中包含以下行:
DENY from all
There are a couple of other options to prevent direct access. Just define() a variable somewhere in your index.php and at the top of your register.php just put
还有其他一些选项可以阻止直接访问。只需在index.php中的某个地方定义()一个变量,然后在register.php的顶部放置
defined('access') or die('Intruder alert!');
at the top. Another way could be to be honest and simply tell search engines that your content has been moved and that they no longer should use the old link:
在顶部。另一种方法可能是诚实,只是告诉搜索引擎您的内容已被移动,他们不再使用旧链接:
header("Status: 301"); /* Content moved permanently */
header("Location: http://yourserver/Register/");
exit;
Update
Just one more thing that crossed my mind, you can also check $_SERVER["REQUEST_URI"], whether the user attached any ".php" and act accordingly by either denying access completely or just redirecting to the new location.
还有一件事在我脑海中浮现,您还可以检查$ _SERVER [“REQUEST_URI”],无论用户是否附加任何“.php”并通过完全拒绝访问或仅重定向到新位置来采取相应行动。
#2
It is true that you cannot use location directive, but you can actually paste .htaccess file into any directory.
确实,您不能使用location指令,但您实际上可以将.htaccess文件粘贴到任何目录中。
Just if you put this into it, say:
如果你把它放进去,说:
Options -Indexes
order allow,deny
deny from all
you can copy paste this file into any (root) directory you want to protect from external execution.
您可以将此文件复制粘贴到要防止外部执行的任何(根)目录中。
#3
To check the initial requested URL path, you need to use the request line. So try this rule:
要检查初始请求的URL路径,您需要使用请求行。所以试试这个规则:
RewriteCond %{THE_REQUEST} ^GET\ /[^?\s]+\.php[/?\s]
RewriteRule (.+)\.php$ /$1 [L,R=301]
And then again your rule (in a slightly modified way):
然后再次你的规则(略微修改):
RewriteRule ^register/$ register.php
#4
Try this.
RewriteCond %{REQUEST_FILENAME} ^register\.php$ [NC]
RewriteRule ^/register register.php
Or this
Redirect register.php /register
#5
Ignoring the user-experience part, you can implement the new rel=canonical link to sort out the search engines.
忽略用户体验部分,您可以实现新的rel = canonical链接来整理搜索引擎。
Although, for this case you should probably just use a 301 redirect from /register.php to /register/
虽然,对于这种情况,您应该只使用/register.php中的301重定向到/ register /
In register.php
if ( stristr( $_SERVER['REQUEST_URI'], '.php' ) )
{
header ('HTTP/1.1 301 Moved Permanently');
header ('Location: /register');
}
#6
If you want to completely block /register.php by using mod_rewrite, use a variant of SleepyCod's answer:
如果你想通过使用mod_rewrite完全阻止/register.php,请使用SleepyCod的答案变体:
RewriteCond %{REQUEST_FILENAME} register\.php [NC]
RewriteCond %{IS_SUBREQ} false
RewriteRule .* - [F,L]
Explanation:
-
[NC]: Makes the condition case-insensitive, just in case you're on a windows box. - Condition 1: The requested filename is 'register.php', and
- Condition 2: The request is no subrequest (this is important, since every new round through RewriteRules actually creates subrequests).
- Rule: essentially do nothing
- Flags:
[F]: Send an 403 Forbidden header,[L]: This is the last rule to apply, skip all following rewrite rules
[NC]:使条件不区分大小写,以防您在Windows框中。
条件1:请求的文件名是'register.php',和
条件2:请求不是子请求(这很重要,因为通过RewriteRules的每个新轮实际上都会创建子请求)。
规则:基本上什么都不做
标志:[F]:发送403 Forbidden标头,[L]:这是要应用的最后一条规则,跳过所有后续重写规则
Rewriting correctly is an art by itself. I suggest you carefully read http://httpd.apache.org/docs/2.2/rewrite/.
正确地重写本身就是一门艺术。我建议你仔细阅读http://httpd.apache.org/docs/2.2/rewrite/。
Cheers,