apache 有没有办法强制apache返回404而不是403?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1486304/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Is there a way to force apache to return 404 instead of 403?
提问by fuenfundachtzig
Is there a way how I can configure the Apache web server to return a 404 (not found) error code instead of 403 (forbidden) for some specific directories which I want to disallow to be accessed?
有没有一种方法可以配置 Apache Web 服务器以返回 404(未找到)错误代码而不是 403(禁止),用于某些我想禁止访问的特定目录?
I found some solutions suggesting the use of mod_rewrite, like e.g.
我发现了一些建议使用 mod_rewrite 的解决方案,例如
RewriteEngine On
RewriteRule ^.*$ /404 [L]
As the purpose of sending 404 instead of 403 is to obfuscate the directory structure, this solution is too revealing, because it redirects to some different location which makes it obvious that the directory originally accessed does in fact exist.
由于发送 404 而不是 403 的目的是混淆目录结构,这个解决方案太暴露了,因为它重定向到一些不同的位置,这使得最初访问的目录确实存在。
采纳答案by fuenfundachtzig
RedirectMatchas in e.g.
重定向匹配,例如
RedirectMatch 404 /\.
does the trick, it prohibits access to all files or directories starting with a dot, giving a "404 Not Found" error.
诀窍是,它禁止访问以点开头的所有文件或目录,并给出“404 Not Found”错误。
From the Apache manual: "The Redirect[Match] directive maps an old URL into a new one by asking the client to refetch the resource at the new location." By default, Redirectsends a 302 return code, but it can also return other status codes as shown above.
来自 Apache 手册:“Redirect[Match] 指令通过要求客户端在新位置重新获取资源来将旧 URL 映射到新 URL。” 默认情况下,重定向发送 302 返回码,但它也可以返回其他状态码,如上所示。
回答by Tomer
You can make something like this:
你可以做这样的事情:
.htaccess
.htaccess
ErrorDocument 403 /error/404.php
错误文档 403 /error/404.php
404.php
404.php
<?php
$status = $_SERVER['REDIRECT_STATUS'] = 404;
header( $_SERVER['SERVER_PROTOCOL'] . ' ' . $status);
?>
404 Error
回答by jff
After having the same problem, I ended up with the following .htaccess file
遇到同样的问题后,我最终得到了以下 .htaccess 文件
Options -Indexes
RewriteCond %{HTTP_HOST} ^(www\.)?mydomain.com [NC]
RewriteRule ^(.*)/$ - [R=404,NC]
The 1st and 3rd line ensure that you can't list the folder content, and if you do it you will receive a 404 error. The RewriteConddirective ensures that this rewrite rule only applies to main domain. Since I have several subdomains, without the rewritecond, accessing www.mydomain.com/subdomain was also returning a 404, which was not what I intended.
第 1 行和第 3 行确保您无法列出文件夹内容,如果您这样做,您将收到 404 错误。该的RewriteCond指令可确保该重写规则只适用于主域名。由于我有几个子域,没有 rewritecond,访问 www.mydomain.com/subdomain 也会返回 404,这不是我想要的。
回答by Adam Kozlowski
In my opinion making this task in .htaccessis quite ugly solution.
在我看来,完成这项任务.htaccess是非常丑陋的解决方案。
It is possible to make it in apache configuration. Take a look:
可以在 apache 配置中进行。看一看:
Add to your apache config:
添加到您的 apache 配置:
ErrorDocument 403 /404
Then restart apache:
然后重启apache:
service apache2 restart
That is all.
就这些。
回答by ImmortalPC
To change all 403,400 errors into 404 errors, put this at the end of /etc/apache2/conf.d/localized-error-pagesOR into a .htaccess
要将所有 403,400 错误更改为 404 错误,请将其放在/etc/apache2/conf.d/localized-error-pages的末尾或放入.htaccess
# Will raise a 404 error, because the file <fake_file_for_apache_404.php> doesn't exist.
# We change 403 or 400 to 404 !
ErrorDocument 400 /fake_file_for_apache_404.php
ErrorDocument 403 /fake_file_for_apache_404.php
# We need to rewrite 404 error, else we will have "fake_file_for_apache_404.php not found"
ErrorDocument 404 "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL <script type=\"text/javascript\">document.write(document.location.pathname);</script> was not found on this server.</p></body></html>"
ErrorDocument 500 "Server in update. Please comme back later."
