禁用 UserDir 功能 - apache httpd 2.2.29 mod_userdir 已禁用,但 ~ 查询仍在提供

禁用 UserDir 功能 - apache httpd 2.2.29 mod_userdir 已禁用,但 ~ 查询仍在提供

我有一台服务器,我试图禁用 ~user 行为。我通过重命名模块目录中的 .so 强制禁用了 mod_userdir 模块。我通过在其中一个 conf 中留下“UserDir”指令并看到重新加载失败来确认它不会加载。

此外,我检查了已加载的模块并验证该模块未列出:

apachectl -M
Loaded Modules:
 core_module (static)
 mpm_prefork_module (static)
 http_module (static)
 so_module (static)
 auth_basic_module (shared)
 auth_digest_module (shared)
 authn_file_module (shared)
 authn_alias_module (shared)
 authn_anon_module (shared)
 authn_dbm_module (shared)
 authn_default_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 authz_owner_module (shared)
 authz_groupfile_module (shared)
 authz_dbm_module (shared)
 authz_default_module (shared)
 ldap_module (shared)
 authnz_ldap_module (shared)
 include_module (shared)
 log_config_module (shared)
 logio_module (shared)
 env_module (shared)
 ext_filter_module (shared)
 mime_magic_module (shared)
 expires_module (shared)
 deflate_module (shared)
 headers_module (shared)
 usertrack_module (shared)
 setenvif_module (shared)
 mime_module (shared)
 dav_module (shared)
 status_module (shared)
 autoindex_module (shared)
 info_module (shared)
 dav_fs_module (shared)
 vhost_alias_module (shared)
 negotiation_module (shared)
 dir_module (shared)
 actions_module (shared)
 speling_module (shared)
 alias_module (shared)
 substitute_module (shared)
 rewrite_module (shared)
 proxy_module (shared)
 proxy_balancer_module (shared)
 proxy_ftp_module (shared)
 proxy_http_module (shared)
 proxy_ajp_module (shared)
 proxy_connect_module (shared)
 cache_module (shared)
 suexec_module (shared)
 disk_cache_module (shared)
 cgi_module (shared)
 version_module (shared)
 passenger_module (shared)
 ssl_module (shared)
Syntax OK

但是,如果我向服务器查询我的测试文件(~nobody/test),我仍然会得到结果。

是否有其他模块提供该功能?如何关闭它?

这里是 httpd.conf 文件的链接(合并了 conf.d/*):https://www.dropbox.com/s/73htej25ffs9a20/httpd.conf_merged?dl=0

更新:

我已将原因缩小到特定的 conf.d 文件:

NameVirtualHost 987.654.32.1:8080

LoadModule passenger_module /app/rvm/gems/ruby-1.9.2-p290@bzd/gems/passenger-3.0.19/ext/apache2/mod_passenger.so
PassengerRoot /app/rvm/gems/ruby-1.9.2-p290@bzd/gems/passenger-3.0.19
PassengerRuby /app/rvm/wrappers/ruby-1.9.2-p290@bzd/ruby

<VirtualHost 987.654.32.1:8080>
  LogFormat "%{XFF_IP}e %{Host}i %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"[XFF=%{X-Forwarded-For}i]\" %D" cgm_fmt
  ServerName dashboard.foobar.com
  ServerAlias dashboard-alias.foobar.com
  DocumentRoot /app/dashboard/prod/current/public
  PassengerAppRoot /app/dashboard/prod/current
  RackBaseURI /
  RailsEnv 'production'
  PassengerLogLevel 3
  CustomLog "/var/log/httpd/dashboard_access-log" cgm_fmt
  ErrorLog "/var/log/httpd/dashboard_error-log"
  <Directory /app/dashboard/prod/current>
    Options FollowSymLinks
    AllowOverride all
    Order deny,allow
    Allow from all
    Options -MultiViews
    PassengerEnabled On
  </Directory>

  RewriteEngine on

  RewriteRule (.*) $1 [E=REDIRECT:TRUE]

  # always allow healthchecks
  RewriteCond %{REQUEST_URI} ^/healthcheck$
  RewriteRule (.*) $1 [E=REDIRECT:FALSE]

  RewriteCond %{HTTP_HOST} ^dashboard.foobar.com$
  RewriteRule (.*) $1 [E=REDIRECT:FALSE]

  RewriteCond %{HTTP_HOST} ^dashboard-alias.foobar.com$
  RewriteRule (.*) $1 [E=REDIRECT:FALSE]

  RewriteCond %{ENV:REDIRECT} TRUE
  RewriteRule ^/(.*) http://dashboard-alias.foobar.com/$1 [NC,R,L]

</VirtualHost>

答案1

事实证明,这是由于错误的重写规则造成的:

RewriteRule (.*) $1

我把它们改成:

RewriteRule - -

感谢大家的推动

相关内容