htaccess 规则在 URL 中存在 index.php 时不起作用

问题描述 投票:0回答:1

以下 

.htaccess
规则将 
OLDNAME
更改为 
NEWNAME
并从 URL 末尾删除字符串 
-2
(如果存在)。

RewriteRule ^OLDNAME/(.+?)(?:-2)?/?$ /NEWNAME/$1 [L,NC,R=302,NE]

规则由@anubhava 在这篇文章中编写(How to use htaccess to change a folder name and remove a string from the end of a URL)。它适用于以下网址。

  • https://example.com/OLDNAME/item/a-long-file-name-separated-by-hyphens-2
  • https://example.com/OLDNAME/item/a-long-file-name-separated-by-hyphens

在深入研究时,我发现如果 URL 包含 

index.php
,则会导致此规则失败。该规则不适用于以下任一网址。

  • https://example.com/index.php/OLDNAME/item/a-long-file-name-separated-by-hyphens-2
  • https://example.com/index.php/OLDNAME/item/a-long-file-name-separated-by-hyphens

我试过像下面的规则一样将

index.php
添加到规则中,但是没有用。

RewriteRule ^index.php/OLDNAME/(.+?)(?:-2)?/?$ /NEWNAME/$1 [L,NC,R=302,NE]

感谢任何帮助。

apache .htaccess mod-rewrite
1个回答
0
投票

这是我的 htaccess 文件的内容。这是一个安装了 AdminTools 的 Joomla 3 站点。

##### RewriteEngine enabled - BEGIN
RewriteEngine On

##### MVC updates - BEGIN
RewriteRule ^OLDNAME/(.+?)(?:-2)?/?$ /NEWNAME/$1 [L,NC,R=302,NE]

##### RewriteBase set - BEGIN
RewriteBase /


##### File execution order -- BEGIN
DirectoryIndex index.php index.html


##### No directory listings -- BEGIN
IndexIgnore *
Options -Indexes


# Disable caching of administrator/index.php
<Files "administrator/index.php">
    <IfModule mod_expires.c>
        ExpiresActive Off
    </IfModule>
    <IfModule mod_headers.c>
        Header unset ETag
        Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
        Header set Pragma "no-cache"
        Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
    </IfModule>
</Files>


##### Redirect index.php to / -- BEGIN
RewriteCond %{THE_REQUEST} !^POST
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ / [R=301,L]

##### Redirect www to non-www -- BEGIN
# HTTP
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
# HTTPS
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} !=http
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

##### Rewrite rules to block out some common exploits -- BEGIN
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code\(.*\) [OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F]

##### File injection protection -- BEGIN
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http[s]?:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
RewriteRule .* - [F]


##### Advanced server protection rules exceptions -- BEGIN
RewriteRule ^administrator\/components\/com_akeeba\/restore\.php$ - [L]
RewriteRule ^administrator\/components\/com_joomlaupdate\/restore\.php$ - [L]
RewriteRule ^administrator\/components\/com_akeebabackup\/restore\.php$ - [L]
RewriteRule ^administrator\/components\/com_joomlaupdate\/extract\.php$ - [L]
RewriteRule ^sitemap\.xml$ - [L]
RewriteCond %{REQUEST_FILENAME} !(\.php)$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^\.well\-known/ - [L]
RewriteCond %{REQUEST_FILENAME} !(\.php)$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^cache\/widgetkit/ - [L]
RewriteCond %{REQUEST_FILENAME} !(\.php)$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^cache\/com_zoo\/images/ - [L]
RewriteRule ^plugins\/system\/bfnetwork/ - [L]
RewriteRule ^cache\/template/ - [L]


##### Advanced server protection -- BEGIN

## Disable PHP Easter Eggs
RewriteCond %{QUERY_STRING} \=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} [NC]
RewriteRule .* - [F]
#### Back-end protection
RewriteRule ^administrator/?$ - [L]
RewriteRule ^administrator/index\.(php|html?)$ - [L]
RewriteRule ^administrator/(components|modules|templates|images|plugins)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|woff2|eot|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT|webp|WEBP|xsl)$ - [L]
RewriteRule ^administrator/ - [F]
#### Disable client-side risky behavior in backend static content
<If "%{REQUEST_URI} =~ m#^/administrator/(components|modules|templates|images|plugins)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|woff2|eot|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT|webp|WEBP|xsl)$#">
    <IfModule mod_headers.c>
        Header always set Content-Security-Policy "default-src 'self'; script-src 'none';"
    </IfModule>
</If>
#### Front-end protection
## Allow limited access for certain directories with client-accessible content
RewriteRule ^(components|modules|templates|images|plugins|media|libraries|media/jui/fonts)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|ico|htm|ttf|woff|woff2|eot|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT|webp|WEBP|xsl)$ - [L]
RewriteRule ^(components|modules|templates|images|plugins|media|libraries|media/jui/fonts)/ - [F]
#### Disable client-side risky behavior in frontend static content
<If "%{REQUEST_URI} =~ m#^/(components|modules|templates|images|plugins|media|libraries|media/jui/fonts)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|ico|htm|ttf|woff|woff2|eot|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT|webp|WEBP|xsl)$#">
    <IfModule mod_headers.c>
        Header always set Content-Security-Policy "default-src 'self'; script-src 'none';"
    </IfModule>
</If>
## Disallow front-end access for certain Joomla! system directories (unless access to their files is allowed above)
RewriteRule ^includes/js/ - [L]
RewriteRule ^(cache|includes|language|logs|log|tmp)/ - [F]
RewriteRule ^(configuration\.php|CONTRIBUTING\.md|htaccess\.txt|joomla\.xml|LICENSE\.txt|phpunit\.xml|README\.txt|web\.config\.txt) - [F]

## Explicitly allow access to the site's index.php main entry point file
RewriteRule ^index.php(/.*){0,1}$ - [L]
## Explicitly allow access to the site's robots.txt file
RewriteRule ^robots.txt$ - [L]

## Disallow access to all other PHP files throughout the site, unless they are explicitly allowed
RewriteCond %{REQUEST_FILENAME} (\.php)$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule (.*\.php)$ - [F]
##### Advanced server protection rules exceptions also bypass the “disable client-side risky behavior” features -- BEGIN
<If "%{REQUEST_URI} == '/administrator/components/com_akeeba/restore.php'">
    <IfModule mod_headers.c>
        Header always unset Content-Security-Policy
    </IfModule>
</If>
<If "%{REQUEST_URI} == '/administrator/components/com_joomlaupdate/restore.php'">
    <IfModule mod_headers.c>
        Header always unset Content-Security-Policy
    </IfModule>
</If>
<If "%{REQUEST_URI} == '/administrator/components/com_akeebabackup/restore.php'">
    <IfModule mod_headers.c>
        Header always unset Content-Security-Policy
    </IfModule>
</If>
<If "%{REQUEST_URI} == '/administrator/components/com_joomlaupdate/extract.php'">
    <IfModule mod_headers.c>
        Header always unset Content-Security-Policy
    </IfModule>
</If>
<If "%{REQUEST_URI} == '/sitemap.xml'">
    <IfModule mod_headers.c>
        Header always unset Content-Security-Policy
    </IfModule>
</If>
<If "%{REQUEST_URI} =~ m#^\.well\-known/#">
    <IfModule mod_headers.c>
        Header always unset Content-Security-Policy
    </IfModule>
</If>
<If "%{REQUEST_URI} =~ m#^cache\/widgetkit/#">
    <IfModule mod_headers.c>
        Header always unset Content-Security-Policy
    </IfModule>
</If>
<If "%{REQUEST_URI} =~ m#^cache\/com_zoo\/images/#">
    <IfModule mod_headers.c>
        Header always unset Content-Security-Policy
    </IfModule>
</If>
<If "%{REQUEST_URI} =~ m#^plugins\/system\/bfnetwork/#">
    <IfModule mod_headers.c>
        Header always unset Content-Security-Policy
    </IfModule>
</If>
<If "%{REQUEST_URI} =~ m#^cache\/template/#">
    <IfModule mod_headers.c>
        Header always unset Content-Security-Policy
    </IfModule>
</If>


## Disallow access to htaccess.txt, php.ini, .user.ini and configuration.php-dist
RewriteRule ^(htaccess\.txt|configuration\.php-dist|php\.ini|\.user\.ini)$ - [F]
# Disallow access to all other front-end folders
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_URI} !^/
RewriteRule .* - [F]

# Disallow access to all other front-end files
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule !^index.php$ - [F]
## Protect against clickjacking
<IfModule mod_headers.c>

    Header always append X-Frame-Options SAMEORIGIN

    # The `X-Frame-Options` response header should be send only for
    # HTML documents and not for the other resources.

    <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$">
        Header unset X-Frame-Options
    </FilesMatch>

</IfModule>
## Reduce MIME type security risks
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
</IfModule>
## Reflected XSS prevention
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
</IfModule>

# mod_headers cannot match based on the content-type, however,
# the X-XSS-Protection response header should be sent only for
# HTML documents and not for the other resources.

<IfModule mod_headers.c>
    <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
        Header unset X-XSS-Protection
    </FilesMatch>
</IfModule>
## Remove Apache and PHP version signature
<IfModule mod_headers.c>
    Header always unset X-Powered-By
    Header always unset X-Content-Powered-By
</IfModule>

ServerSignature Off
## Prevent content transformation
<IfModule mod_headers.c>
    Header merge Cache-Control "no-transform"
</IfModule>


## Referrer-policy
<IfModule mod_headers.c>
    Header always set Referrer-Policy "unsafe-url"
</IfModule>
## Set the UTF-8 character set as the default
#  Serve all resources labeled as `text/html` or `text/plain`
#  with the media type `charset` parameter set to `UTF-8`.

AddDefaultCharset utf-8

# Serve the following file types with the media type `charset`
# parameter set to `UTF-8`.
#
# https://httpd.apache.org/docs/current/mod/mod_mime.html#addcharset

<IfModule mod_mime.c>
    AddCharset utf-8 .atom \
                     .bbaw \
                     .css \
                     .geojson \
                     .js \
                     .json \
                     .jsonld \
                     .rdf \
                     .rss \
                     .topojson \
                     .vtt \
                     .webapp \
                     .xloc \
                     .xml
</IfModule>
##### Joomla! core SEF Section -- BEGIN
# PHP FastCGI fix for HTTP Authorization
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
##### Joomla! core SEF Section -- BEGIN
RewriteCond %{REQUEST_URI} !^/index\.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [L]
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.