.htaccess没有删除.php扩展名

时间:2015-09-12 04:48:30

标签: php apache .htaccess mod-rewrite

我的.htaccess没有删除我设置的.php扩展名。 :/

我已经尝试了所有东西,甚至搞砸了一些愚蠢的东西。

我的mod_rewrite已启用并已在我的Apache配置中多次检查过我AllowOverride All

我可能做错了什么?

我目前的配置是:

<Files .htaccess>
    deny from all
</Files> 
<Files ~ "^(.*)\.(inc|inc\.php|tpl|log)$">
    deny from all
</Files>
<IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>

RewriteEngine On
RewriteBase /

#### Apache Exploits ####
RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$)
RewriteRule .* - [F]

SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range
# optional logging, uncomment and set path to log matches
# CustomLog /var/log/range-CVE-2011-3192.log common env=bad-range
RequestHeader unset Range

#### Common Exploits ####
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteCond %{QUERY_STRING} SELECT(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} UNION(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} UPDATE(=|\[|\%[0-9A-Z]{0,2}) [OR]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]

1 个答案:

答案 0 :(得分:0)

您似乎在漏洞利用条件下缺少RewriteRule指令。在你的.htaccess中试试这些规则:

RewriteEngine On
RewriteBase /

#### Apache Exploits ####
RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$)
RewriteRule ^ - [F]

SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range
# optional logging, uncomment and set path to log matches
# CustomLog /var/log/range-CVE-2011-3192.log common env=bad-range
RequestHeader unset Range

#### Common Exploits ####
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteCond %{QUERY_STRING} SELECT(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} UNION(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} UPDATE(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^ - [F]

## hide .php extension

# To externally redirect /dir/foo.php to /dir/foo
RewriteCond %{THE_REQUEST} \s/+(.+?)\.php[\s?] [NC]
RewriteRule ^ /%1 [R=302,L]

## To internally redirect /dir/foo to /dir/foo.php
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.+?)/?$ $1.php [L]
相关问题
最新问题