Dot-Htaccess

htaccess 重寫規則不適用於文件擴展

  • December 29, 2021

我在伺服器上的同一文件夾中設置了兩個域。

IE

dl.d123.com      @ /var/www/public_html/dl.domain123.com
dl.domain123.com @ /var/www/public_html/dl.domain123.com

我在 /var/www/public_html/domain123.com 中有一個 htaccess 文件,其中包含以下幾行:

RewriteEngine On
#Rewrite URLs to one SSL domain
RewriteCond %{HTTP_HOST} ^dl\.d123\.com [NC]
RewriteRule ^(.*)$ https://dl.domain123.com/$1 [L,R=301,NC]

此規則適用於任何不包含文件副檔名的 URL

dl.d123.com/folder1/folder2 redirects to dl.domain123.com/folder1/folder2

但不適用於任何包含文件副檔名的 URL

dl.d123.com/folder1/folder2/index.html stays the same.

它不僅僅是 html 擴展。與 ie png 文件相同。

伺服器設置為 nginx 作為代理。 nginx:80/443 -> apache:8080/8443

編輯:(為隱私/安全更改了域名和 IP)Nginx 配置:80

server {
   listen 123.123.123.123:80;  
   server_name dl.domain123.org  www.dl.domain123.org;

   access_log /usr/local/apache/domlogs/dl.domain123.org.bytes bytes;
   access_log /usr/local/apache/domlogs/dl.domain123.org.log full;
   error_log /usr/local/apache/domlogs/dl.domain123.org.error.log error;

   location / {
       location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh|webp)$ {
           root /home/s4h/dl.domain123.org;                    
           expires max;
           try_files $uri $uri/ @backend;
       }
       
       error_page 405 = @backend;
       error_page 500 = @custom;
       add_header X-Cache "HIT from Backend";
       add_header X-XSS-Protection "1; mode=block" always;
       add_header X-Content-Type-Options "nosniff" always;
       proxy_pass http://123.123.123.123:8181;
       include proxy.inc;
   }

   location @backend {
       internal;
       proxy_pass http://123.123.123.123:8181;
       include proxy.inc;
   }

   location @custom {
       internal;
       proxy_pass http://123.123.123.123:8181;
       include proxy.inc;
   }

   location ~ .*\.(php|jsp|cgi|pl|py)?$ {
       proxy_pass http://123.123.123.123:8181;
       include proxy.inc;
   }

   location ~ /\.ht    {deny all;}
   location ~ /\.svn/  {deny all;}
   location ~ /\.git/  {deny all;}
   location ~ /\.hg/   {deny all;}
   location ~ /\.bzr/  {deny all;}
   location ~\.(ini|log|conf)$ {deny all;error_page 403 =404 / ;}

   disable_symlinks if_not_owner from=/home/s4h/dl.domain123.org;

   location /.well-known/acme-challenge {
       default_type "text/plain";
       alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
   }

   location /.well-known/pki-validation {
       default_type "text/plain";
       alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
   }
}

Nginx 配置:443

server {
   listen 123.123.123.123:443 ssl ;
   server_name dl.domain123.org  www.dl.domain123.org;
   
   access_log /usr/local/apache/domlogs/dl.domain123.org.bytes bytes;
   access_log /usr/local/apache/domlogs/dl.domain123.org.log full;
   error_log /usr/local/apache/domlogs/dl.domain123.org.error.log error;

   ssl_certificate      /etc/pki/tls/certs/dl.domain123.org.bundle;
   ssl_certificate_key  /etc/pki/tls/private/dl.domain123.org.key;
   ssl_protocols TLSv1.2;
   ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
   ssl_prefer_server_ciphers   on;

   ssl_session_cache   shared:SSL:10m;
   ssl_session_timeout 60m;

   location / {
       location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh|webp)$ {
           root /home/s4h/dl.domain123.org;
           expires max;
           try_files $uri $uri/ @backend;
       }
       
       error_page 405 = @backend;
       error_page 500 = @custom;
       add_header X-Cache "HIT from Backend";
       add_header Strict-Transport-Security "max-age=31536000";
       add_header X-XSS-Protection "1; mode=block" always;
       add_header X-Content-Type-Options "nosniff" always;
       proxy_pass http://123.123.123.123:8181;
       include proxy.inc;
   }

   location @backend {
       internal;
       proxy_pass http://123.123.123.123:8181;
       include proxy.inc;
   }

   location @custom {
       internal;
       proxy_pass http://123.123.123.123:8181;
       include proxy.inc;
   }

   location ~ .*\.(php|jsp|cgi|pl|py)?$ {
       proxy_pass http://123.123.123.123:8181;
       include proxy.inc;
   }

   location ~ /\.ht    {deny all;}
   location ~ /\.svn/  {deny all;}
   location ~ /\.git/  {deny all;}
   location ~ /\.hg/   {deny all;}
   location ~ /\.bzr/  {deny all;}
   location ~\.(ini|log|conf)$ {deny all;error_page 403 =404 / ;}

   disable_symlinks if_not_owner from=/home/s4h/dl.domain123.org;

   location /.well-known/acme-challenge {
       default_type "text/plain";
       alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
   }

   location /.well-known/pki-validation {
       default_type "text/plain";
       alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
   }
}

dl.d123.com Nginx,僅埠 80,未安裝 SSL。

server {
   listen 123.123.123.123:80;  
   server_name dl.d123.com  www.dl.d123.com;

   access_log /usr/local/apache/domlogs/dl.d123.com.bytes bytes;
   access_log /usr/local/apache/domlogs/dl.d123.com.log full;
   error_log /usr/local/apache/domlogs/dl.d123.com.error.log error;

   location / {
       location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh|webp)$ {
           root /home/s4h/dl.domain123.com;                    
           expires max;
           try_files $uri $uri/ @backend;
       }
       
       error_page 405 = @backend;
       error_page 500 = @custom;
       add_header X-Cache "HIT from Backend";
       add_header X-XSS-Protection "1; mode=block" always;
       add_header X-Content-Type-Options "nosniff" always;
       proxy_pass http://123.123.123.123:8181;
       include proxy.inc;
   }

   location @backend {
       internal;
       proxy_pass http://123.123.123.123:8181;
       include proxy.inc;
   }

   location @custom {
       internal;
       proxy_pass http://123.123.123.123:8181;
       include proxy.inc;
   }

   location ~ .*\.(php|jsp|cgi|pl|py)?$ {
       proxy_pass http://123.123.123.123:8181;
       include proxy.inc;
   }

   location ~ /\.ht    {deny all;}
   location ~ /\.svn/  {deny all;}
   location ~ /\.git/  {deny all;}
   location ~ /\.hg/   {deny all;}
   location ~ /\.bzr/  {deny all;}
   location ~\.(ini|log|conf)$ {deny all;error_page 403 =404 / ;}

   disable_symlinks if_not_owner from=/home/s4h/dl.domain123.com;

   location /.well-known/acme-challenge {
       default_type "text/plain";
       alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
   }

   location /.well-known/pki-validation {
       default_type "text/plain";
       alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
   }
}

原因是 nginx 配置中的以下塊:

location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh|webp)$ {
   root /home/s4h/dl.domain123.org;
   expires max;
   try_files $uri $uri/ @backend;
}

這告訴 nginx 直接使用上述副檔名提供文件。請注意,該列表具有.html.png副檔名。

您應該在 nginx 中進行重定向:

server {
   listen 123.123.123.123:80;  
   server_name dl.d123.com  www.dl.d123.com;

   access_log /usr/local/apache/domlogs/dl.d123.com.bytes bytes;
   access_log /usr/local/apache/domlogs/dl.d123.com.log full;
   error_log /usr/local/apache/domlogs/dl.d123.com.error.log error;

   location / {
       return 301 https://www.dl.domain123.org$request_uri;
   }
}

引用自:https://serverfault.com/questions/1088413