我使用FastCGI和php-fpm运行Apache 2.2。我想复制以下逻辑:
<FilesMatch "^(admin|api|app)?(_dev)?$">
#ForceType application/x-httpd-php
SetHandler php-fcgi
</FilesMatch>
这允许我将admin.php符号链接为admin,因此我可以删除.php扩展名。似乎用php-fpm执行此操作的唯一方法是将security.limit_extension文件的www.conf设置为空,但是,正如评论所示,这是一个相当大的安全漏洞,在那个php中现在可以在任何文件中执行代码,无论扩展名如何。
实现上述目标的首选方法是什么,但仍保持一定的安全性?
答案 0 :(得分:2)
到目前为止看起来最好的解决方案是手动将已知的符号链接添加到列表中(位于/etc/php-fpm.d/www.conf中):
security.limit_extension php admin admin_dev api api_dev app app_dev
不确定security.limit_extension指令是否甚至可以使用正则表达式,看起来不像它,所以这和它一样好。如OP中所述,您仍然需要在vhost配置中维护filesmatch指令:
<FilesMatch "^(admin|api|app)?(_dev)?$">
SetHandler php-fcgi
</FilesMatch>
- 更新 -
根据tftd的评论,添加当前的重写指令:
RewriteBase /
# we skip all files with .something
RewriteCond %{REQUEST_URI} \..+$
RewriteCond %{REQUEST_URI} !\.html$
RewriteRule .* - [L]
# we check if the .html version is here (caching)
RewriteRule ^$ index.html [QSA]
RewriteRule ^([^.]+)$ $1.html [QSA]
RewriteCond %{REQUEST_FILENAME} !-f
# no, so we redirect to our front web controller
RewriteRule ^(.*)$ index.php [QSA,L]
答案 1 :(得分:1)
@Mike,根据您更新的答案,类似于此.htaccess文件的内容应该能够处理您尝试执行的操作:
# Enable the rewrite engine
RewriteEngine on
# Set the rewrite base path (i.e. if this .htaccess will be running at root context "/" or a subdir "/path")
RewriteBase /
# If the file exists, process as usual.
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule .* - [NC,L]
# If the dir exists, process as usual (if you don't need this, just comment/remove the next two lines).
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule .* - [NC,L]
# If (requested_file_name).html exists, rewrite to that file instead.
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.*)$ $1.html [QSA,L]
# If (requested file name).php exists, rewrite to that file instead.
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.html [QSA,L]
# If none of the above rules were triggered, fallback to index.php.
RewriteRule ^(.*)$ index.php [QSA,L]
通过一些调整,这应该能够完成工作,而无需深入研究httpd.conf和<VirtualHost>或<FilesMatch>指令。希望这会有所帮助。