.htaccess 中不需要的重写答案

【问题标题】：Unwanted Rewrite in .htaccess.htaccess 中不需要的重写
【发布时间】：2019-01-22 17:03:16
【问题描述】：

我的网站后端有一个应用程序在访问时出现问题。该站点本身使用 .htaccess 进行路由，但我的规则似乎不正确或其他。我基本上是在尝试将不包含目录tools/ 或ajax/ 的所有内容路由到index.php：

DirectoryIndex index.php

Options -MultiViews
RewriteEngine on
RewriteBase /

RewriteCond %{REQUEST_FILENAME} !-f
# the folders mentioned here will be accessible and not rewritten
RewriteCond %{THE_REQUEST} !/(ajax|tools)/
# but rewrite everything else
RewriteRule ^ index.php [L]

# ----------------------------------------------------------------------
# UTF-8 encoding
# ----------------------------------------------------------------------

# Use UTF-8 encoding for anything served text/plain or text/html
AddDefaultCharset utf-8

# Force UTF-8 for a number of file formats
AddCharset utf-8 .atom .css .js .json .rss .vtt .xml

# ----------------------------------------------------------------------
# A little more security
# ----------------------------------------------------------------------

# "-Indexes" will have Apache block users from browsing folders without a
# default document Usually you should leave this activated, because you
# shouldn't allow everybody to surf through every folder on your server (which
# includes rather private places like CMS system folders).
<IfModule mod_autoindex.c>
  Options -Indexes
</IfModule>

# Block access to "hidden" directories or files whose names begin with a
# period. This includes directories used by version control systems such as
# Subversion or Git.
<IfModule mod_rewrite.c>
  RewriteCond %{SCRIPT_FILENAME} -d [OR]
  RewriteCond %{SCRIPT_FILENAME} -f
  RewriteRule "(^|/)\." - [F]
</IfModule>

# Block access to backup and source files. These files may be left by some
# text/html editors and pose a great security danger, when anyone can access
# them.
<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$">
  Order allow,deny
  Deny from all
  Satisfy All
</FilesMatch>

# prevent access to PHP error log
<Files php_errors.log>
 Order allow,deny
 Deny from all
 Satisfy All
</Files>

<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access 1 month"
    ExpiresByType image/jpeg "access 1 month"
    ExpiresByType image/gif "access 1 month"
    ExpiresByType image/png "access 1 month"
    ExpiresByType text/css "access 1 month"
    ExpiresByType application/pdf "access 1 month"
    ExpiresByType application/javascript "access 1 month"
    ExpiresByType application/x-javascript "access 1 month"
    ExpiresByType application/x-shockwave-flash "access 1 month"
    ExpiresByType image/x-icon "access 1 year"
    ExpiresDefault "access 6 hours"
</IfModule>

但是，当尝试在工具目录中运行长时间执行的脚本时，它最终给了我一个致命错误，说找不到路径 ./controllers/tools.php，这意味着该 URI 已被路由处理不应该出现的系统。有什么想法吗？

编辑 - 使用完整的 .htaccess 更新。

【问题讨论】：

标签： .htaccess url rewriting

【解决方案1】：

这样吧：

Options -MultiViews
RewriteEngine on
RewriteBase /

# the folders mentioned here will be accessible and not rewritten
RewriteCond %{THE_REQUEST} !/(ajax|tools)/ [NC]
# but rewrite everything else
RewriteRule ^ index.php [L]

THE_REQUEST 变量表示 Apache 从您的浏览器收到的原始请求，并且在执行某些重写规则后它不会被覆盖。该变量的示例值为GET /index.php?id=123 HTTP/1.1

【讨论】：

这在我的 Apache 上运行良好。发布有问题的完整 .htaccess 并查看您的 Apache error.log 是否出现 500 错误。
更新了帖子。我可以在日志中找到的唯一错误是“标题前脚本输出结束”
这是 apache 错误日志中的确切错误：[Mon Aug 20 12:27:39.060106 2018] [core:error] [pid 8471] [client 66.249.88.33:62447] End of script output before headers: player.php。这就是它提供的所有信息。
没有 Apache 日志根据自定义配置位于我的网络服务器的根目录中，并且我的 php 日志输出到每个单独网站的根目录。从字面上看，我得到的只是脚本结束错误和浏览器中的内部服务器错误。那里显示的文件位于/tools/ 目录中，该目录应该是安全的，不会被重写
我应该能够使用 https 或 http 访问 kocbyte.axiomaticenigma.com/tools/player.php 和 kocbyte.axiomaticenigma.com/tools/scan.php，以及 kocbyte.axiomaticenigma.com/ajax/infoListener.php 和 kocbyte.axiomaticenigma.com/ajax/mapListener.php，而无需将它们路由到我的控制器。如上所示，当前的 .htaccess 会导致错误 500，并且只会在 apache error.log 中产生 end of script output before headers 错误