HTACCESS ModRewrite隐藏额外的URL属性

时间:2016-02-04 09:02:42

标签: php .htaccess

我的网址如下:http://localhost/blog/web-design-for-speed/post/?pid=CMATWA6YTXT6LSKYVXE3已经使用了ModRewrite条件:

# rewrite URL from ?url=slug to /slug
RewriteEngine on
# BaseRewrite /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php?url=$1 [L,QSA]
# redirect www to non www
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

上面的代码确实将?url =更改为blog /但是,我仍然留下了?pid。我的问题是,是否可以隐藏?pid但是仍然可以通过$ _GET使用PHP访问它?

1 个答案:

答案 0 :(得分:0)

即使使用重写规则,仍然需要将PID传递给服务器,你可以实现的最好的事情就是让PID作为虚拟目录结构的一部分出现在URL中,我已经实现了这一点以下......

的.htaccess 

## No directory listings
IndexIgnore *

## Can be commented out if causes errors, see notes above.
Options +FollowSymlinks
Options -Indexes

## Mod_rewrite in use.

RewriteEngine On

# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects


RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteCond %{REQUEST_URI} !^/index\.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [L]

在您的代码中,您需要做的就是获取$_SERVER['REQUEST_URI']超级全局并解析它,使用explode("/", $_SERVER['REQUEST_URI'])将其展开然后最终得到一个数组,其中URL中的每个元素都有自己的数组索引从零开始,然后您可以将任何您想要的内容放入URL并通过爆炸数组访问它。

相关问题
最新问题