无意间发现访问网站xxx.com/aaazajns时,自动加斜杠变成xxx.com/aaazajns/ 依然可以访问主页,这个文件夹都不存在,把那aaa一串字符改成任意字母不带斜杠访问,又自动加了斜杠直接正常访问主页,刚开始以为是主题的锅,换了wp官方的主题也是这样,全部插件停用还是这样。
按照正常来说,访问网站不存在的目录或文件会禁止访问跳转到404,我这特么还自动加了斜杠直接正常访问首页了。用的军哥lnmp,wordpress为静态都是军哥默认的,wp5.5.1,nginx1.18版本,都没改动配置
网站配置
server
{
listen80;
#listen[::]:80;
server_namexxxo.com;
charsetutf-8;
rewrite^/(.*)https://xxxo.com/$1permanent;
indexindex.htmlindex.htmindex.phpdefault.htmldefault.htmdefault.php;
root /home/website;
include/usr/local/nginx/rocket-nginx/default.conf;
includerewrite/wordpress.conf;
#error_page 404 /404.html;
#DenyaccesstoPHPfilesinspecificdirectory
#location~/(wp-content|uploads|wp-includes|images)/.*.php${denyall;}
includeenable-php-pathinfo.conf;
location~.*.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location~.*.(js|css)?$
{
expires 12h;
}
access_logoff;
}
server
{
listen443sslhttp2;
#listen[::]:443sslhttp2;
server_namexxx.com;
charsetutf-8;
indexindex.htmlindex.htmindex.phpdefault.htmldefault.htmdefault.php;
root /home/website;
location~.*.(gif|jpg|jpeg|png|bmp|swf|mp4)$
{
valid_referersnoneblockedxxx.com;
if($invalid_referer)
{
rewrite^/https://xxx.com/usr/uploads/mov/404.PNG;
return404;
}
}
ssl_certificate/usr/ssl/inwao.ecc.pem;
ssl_certificate_key/usr/ssl/private.key;
ssl_certificate/usr/ssl/xxxo.com.crt;
ssl_certificate_key/usr/ssl/xxxo.com.key; ssl_staplingon;
ssl_stapling_verifyon;
ssl_trusted_certificate/usr/ssl/xxxao.com.crt;
ssl_session_timeout5m;
ssl_protocols TLSv1.2TLSv1.3;
ssl_prefer_server_cipherson;
ssl_ciphers"TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5";
ssl_session_cachebuiltin:1000shared:SSL:10m;
#openssldhparam-out/usr/local/nginx/conf/ssl/dhparam.pem2048
ssl_dhparam/usr/local/nginx/conf/ssl/dhparam.pem;
add_headerStrict-Transport-Security"max-age=63072000;includeSubdomains;preload";
include/usr/local/nginx/rocket-nginx/default.conf;
includerewrite/wordpress.conf;
#error_page 404 /404.html;
#DenyaccesstoPHPfilesinspecificdirectory
#location~/(wp-content|uploads|wp-includes|images)/.*.php${denyall;}
includeenable-php-pathinfo.conf;
location~.*.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location~.*.(js|css)?$
{
expires 12h;
}
access_logoff;
}
-----------------------------------------------------
**网友回复**:
wa,好长,18CM差不多了
可惜一点不懂!!
帮顶,等技术大佬们!
网友回复:
引用:llmwxt发表于2020-9-2110:07
wa,好长,18CM差不多了
可惜一点不懂!!
网友回复:
引用:Vickers发表于2020-9-2110:22
大佬,咋哪都有你。无处不在
网友回复:
引用:iks发表于2020-9-2111:18
伪静态,转发到index后被补齐的,字数补丁
网友回复:
includerewrite/wordpress.conf;
网友回复:
引用:malaohu发表于2020-9-2118:40
这个里面是啥
网友回复:
把includeenable-php-pathinfo.conf;
改成这个
includeenable-php.conf;
enable-php-pathinfo.conf这个只有在使用thinkphp或者laravel那种框架时候才要使用的
网友回复:
引用:cyclists发表于2020-9-2119:12
有谁知道咋解决不?
网友回复:
引用:lazy发表于2020-9-2119:23
WP后台设置-固定链接里看下是设置是什么
网友回复:
引用:adminplus发表于2020-9-2119:21
把includeenable-php-pathinfo.conf;
改成这个
网友回复:
引用:cyclists发表于2020-9-2119:30
果然是这个,感谢大佬,牛逼,PM我你的微信,我请你抽烟喝奶茶
网友回复:
引用:cyclists发表于2020-9-2119:30
果然是这个,感谢大佬,牛逼,PM我你的微信,我请你抽烟喝奶茶
网友回复:
引用:adminplus发表于2020-9-2119:21
把includeenable-php-pathinfo.conf;
改成这个