为什么 .htaccess 重写根据表单内容表现不同?
why does .htaccess rewrite behave differently based on form content?
我正在提交的表单字段中与 "having x," 进行 post 交易。我的 .htaccess 确保 https: 和 www。我的重定向正在将 post 更改为获取前面提到的数据。如果我几乎改变任何东西它重定向 post 就好了。
我正在寻找的是让它像测试 2 一样运行,换句话说,作为具有关联 post 数据的 post 事务转发。表单的内容可能会影响重写的行为,这似乎真的很奇怪。任何想法都非常受欢迎。谢谢!
编辑:
根据下面接受的答案,这是主机 运行 mod-security 以防止 sql 注入攻击。我本可以要求他们将其关闭,但决定保留它并检查 $_SERVER['REDIRECT-STATUS'] 是否有“403”,以便用适当的消息进行响应。
这是我的测试代码,我用 /test uri 调用它来获取表单。
<?php
$uri = $_SERVER['REQUEST_URI'];
if ($uri == '/test') {
?>
<html>
<head>
</head>
<body>
<form
name="testForm"
method="post"
action="/testpost">
<input type="text"
name="testName"
value="having x,"/>
<input type="submit" name="submit" id="submit" value="test" />
</form>
</body>
</html>
<?php
} elseif ($uri == '/testpost') {
echo '<pre>';
var_dump($_POST);
var_dump($_SERVER);
}
下面是测试,显示了 $_POST 数据和 $_SERVER 的相关部分:
Test 1 having x,
array(0) {
}
array(56) {
["CONTENT_TYPE"]=>
string(33) "application/x-www-form-urlencoded"
["CONTENT_LENGTH"]=>
string(2) "32"
["HTTP_USER_AGENT"]=>
string(120) "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36"
["HTTP_X_FORWARDED_PROTO"]=>
string(5) "https"
["HTTP_X_HTTPS"]=>
string(2) "on"
["REDIRECT_REDIRECT_HTTPS"]=>
string(2) "on"
["REDIRECT_REDIRECT_SERVER_PORT"]=>
string(3) "443"
["REDIRECT_REDIRECT_REQUEST_METHOD"]=>
string(4) "POST"
["REDIRECT_REDIRECT_STATUS"]=>
string(3) "403"
["REDIRECT_HTTPS"]=>
string(2) "on"
["REDIRECT_SERVER_PORT"]=>
string(3) "443"
["REDIRECT_STATUS"]=>
string(3) "403"
["HTTPS"]=>
string(2) "on"
["SERVER_PORT"]=>
string(3) "443"
["REQUEST_SCHEME"]=>
string(5) "https"
["CONTEXT_PREFIX"]=>
string(0) ""
["REMOTE_PORT"]=>
string(5) "39916"
["REDIRECT_URL"]=>
string(10) "/403.shtml"
["SERVER_PROTOCOL"]=>
string(8) "HTTP/1.1"
["REQUEST_METHOD"]=>
string(3) "GET"
["QUERY_STRING"]=>
string(0) ""
["REQUEST_URI"]=>
string(9) "/testpost"
["SCRIPT_NAME"]=>
string(10) "/index.php"
["PHP_SELF"]=>
string(10) "/index.php"
}
Test 2 havng x,
在测试 2 中注意 having as havng 的拼写错误
array(2) {
["testName"]=>
string(8) "havng x,"
["submit"]=>
string(4) "test"
}
array(51) {
["CONTENT_TYPE"]=>
string(33) "application/x-www-form-urlencoded"
["CONTENT_LENGTH"]=>
string(2) "31"
["HTTP_USER_AGENT"]=>
string(120) "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36"
["HTTP_X_FORWARDED_PROTO"]=>
string(5) "https"
["HTTP_X_HTTPS"]=>
string(2) "on"
["REDIRECT_HTTPS"]=>
string(2) "on"
["REDIRECT_SERVER_PORT"]=>
string(3) "443"
["REDIRECT_STATUS"]=>
string(3) "200"
["HTTPS"]=>
string(2) "on"
["SERVER_PORT"]=>
string(3) "443"
["REQUEST_SCHEME"]=>
string(5) "https"
["CONTEXT_PREFIX"]=>
string(0) ""
["REMOTE_PORT"]=>
string(5) "42046"
["REDIRECT_URL"]=>
string(9) "/testpost"
["SERVER_PROTOCOL"]=>
string(8) "HTTP/1.1"
["REQUEST_METHOD"]=>
string(4) "POST"
["QUERY_STRING"]=>
string(0) ""
["REQUEST_URI"]=>
string(9) "/testpost"
["SCRIPT_NAME"]=>
string(10) "/index.php"
["PHP_SELF"]=>
string(10) "/index.php"
}
它也适用于:
having x
having,
aving x,
having something else,
etc.
但不适用于
having something,
having somethingelse,
Here is the htaccess code:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ /index.php [NC,L]
您的主机正在阻止 having x。它认为这是对您的服务器的 SQL 注入攻击。如果您希望他们允许,您需要与您的房东交谈。
我正在提交的表单字段中与 "having x," 进行 post 交易。我的 .htaccess 确保 https: 和 www。我的重定向正在将 post 更改为获取前面提到的数据。如果我几乎改变任何东西它重定向 post 就好了。
我正在寻找的是让它像测试 2 一样运行,换句话说,作为具有关联 post 数据的 post 事务转发。表单的内容可能会影响重写的行为,这似乎真的很奇怪。任何想法都非常受欢迎。谢谢!
编辑: 根据下面接受的答案,这是主机 运行 mod-security 以防止 sql 注入攻击。我本可以要求他们将其关闭,但决定保留它并检查 $_SERVER['REDIRECT-STATUS'] 是否有“403”,以便用适当的消息进行响应。
这是我的测试代码,我用 /test uri 调用它来获取表单。
<?php
$uri = $_SERVER['REQUEST_URI'];
if ($uri == '/test') {
?>
<html>
<head>
</head>
<body>
<form
name="testForm"
method="post"
action="/testpost">
<input type="text"
name="testName"
value="having x,"/>
<input type="submit" name="submit" id="submit" value="test" />
</form>
</body>
</html>
<?php
} elseif ($uri == '/testpost') {
echo '<pre>';
var_dump($_POST);
var_dump($_SERVER);
}
下面是测试,显示了 $_POST 数据和 $_SERVER 的相关部分:
Test 1 having x,
array(0) {
}
array(56) {
["CONTENT_TYPE"]=>
string(33) "application/x-www-form-urlencoded"
["CONTENT_LENGTH"]=>
string(2) "32"
["HTTP_USER_AGENT"]=>
string(120) "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36"
["HTTP_X_FORWARDED_PROTO"]=>
string(5) "https"
["HTTP_X_HTTPS"]=>
string(2) "on"
["REDIRECT_REDIRECT_HTTPS"]=>
string(2) "on"
["REDIRECT_REDIRECT_SERVER_PORT"]=>
string(3) "443"
["REDIRECT_REDIRECT_REQUEST_METHOD"]=>
string(4) "POST"
["REDIRECT_REDIRECT_STATUS"]=>
string(3) "403"
["REDIRECT_HTTPS"]=>
string(2) "on"
["REDIRECT_SERVER_PORT"]=>
string(3) "443"
["REDIRECT_STATUS"]=>
string(3) "403"
["HTTPS"]=>
string(2) "on"
["SERVER_PORT"]=>
string(3) "443"
["REQUEST_SCHEME"]=>
string(5) "https"
["CONTEXT_PREFIX"]=>
string(0) ""
["REMOTE_PORT"]=>
string(5) "39916"
["REDIRECT_URL"]=>
string(10) "/403.shtml"
["SERVER_PROTOCOL"]=>
string(8) "HTTP/1.1"
["REQUEST_METHOD"]=>
string(3) "GET"
["QUERY_STRING"]=>
string(0) ""
["REQUEST_URI"]=>
string(9) "/testpost"
["SCRIPT_NAME"]=>
string(10) "/index.php"
["PHP_SELF"]=>
string(10) "/index.php"
}
Test 2 havng x,
在测试 2 中注意 having as havng 的拼写错误
array(2) {
["testName"]=>
string(8) "havng x,"
["submit"]=>
string(4) "test"
}
array(51) {
["CONTENT_TYPE"]=>
string(33) "application/x-www-form-urlencoded"
["CONTENT_LENGTH"]=>
string(2) "31"
["HTTP_USER_AGENT"]=>
string(120) "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36"
["HTTP_X_FORWARDED_PROTO"]=>
string(5) "https"
["HTTP_X_HTTPS"]=>
string(2) "on"
["REDIRECT_HTTPS"]=>
string(2) "on"
["REDIRECT_SERVER_PORT"]=>
string(3) "443"
["REDIRECT_STATUS"]=>
string(3) "200"
["HTTPS"]=>
string(2) "on"
["SERVER_PORT"]=>
string(3) "443"
["REQUEST_SCHEME"]=>
string(5) "https"
["CONTEXT_PREFIX"]=>
string(0) ""
["REMOTE_PORT"]=>
string(5) "42046"
["REDIRECT_URL"]=>
string(9) "/testpost"
["SERVER_PROTOCOL"]=>
string(8) "HTTP/1.1"
["REQUEST_METHOD"]=>
string(4) "POST"
["QUERY_STRING"]=>
string(0) ""
["REQUEST_URI"]=>
string(9) "/testpost"
["SCRIPT_NAME"]=>
string(10) "/index.php"
["PHP_SELF"]=>
string(10) "/index.php"
}
它也适用于:
having x
having,
aving x,
having something else,
etc.
但不适用于
having something,
having somethingelse,
Here is the htaccess code:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ /index.php [NC,L]
您的主机正在阻止 having x。它认为这是对您的服务器的 SQL 注入攻击。如果您希望他们允许,您需要与您的房东交谈。