问题描述
大家好,现在使用 urlrewrite, web框架 ssh + freemarker,目前对于 urlrewrite 的配置文件不是很了解<?xml version="1.0" encoding="utf-8"?><!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 2.6//EN" "http://tuckey.org/res/dtds/urlrewrite2.6.dtd"><!-- Configuration file for UrlRewriteFilter http://tuckey.org/urlrewrite/--><urlrewrite><!-- <rule> <note> The rule means that requests to /test/status/ will be redirected to /rewrite-status the url will be rewritten. </note> <from>/test/status/</from> <to type="redirect">%{context-path}/rewrite-status</to> </rule> <outbound-rule> <note> The outbound-rule specifies that when response.encodeURL is called (if you are using JSTL c:url) the url /rewrite-status will be rewritten to /test/status/. The above rule and this outbound-rule means that end users should never see the url /rewrite-status only /test/status/ both in thier location bar and in hyperlinks in your pages. </note> <from>/rewrite-status</from> <to>/test/status/</to> </outbound-rule> <rule> <condition name="user-agent">Mozilla/[1-4]</condition> <from>/some/page.html</from> <to>/some/page-for-old-browsers.html</to> </rule> <outbound-rule> <from>^/world.jsp?country=([a-z]+)&city=([a-z]+)$</from> <to>/world/$1/$2</to> </outbound-rule> --> <rule> <from>/some/welcome.jsp</from> <to>/welcome.jsp</to> </rule> <rule> <from>^/qxxx/cache/images/([_0-9a-zA-Z]+)/([_0-9a-zA-Z]+)/([_.0-9a-zA-Z]+)$</from> <to>/qxxx/displayPicture.cache?tName=$1&fName=$2&FLNM=$3</to> </rule><rule> <from>^/qxxx/cache/images/([_0-9a-zA-Z]+)-([_0-9a-zA-Z]+)-([0-9]+)-([0-9]+).JPEG$</from> <to>/qxxx/tflj/displayPicture?errorPicName=Noname.gif&tName=$1&fName=$2&NUMID=$3&SRCID=$4</to> </rule> <rule> <from>^/download/video-([_.0-9a-zA-Zu4E00-u9FA5uF900-uFA2D]+)$</from> <to>/video/$1</to> <set type="content-type">application/force-download</set> </rule> <!-- <outbound-rule> <from>^/([_a-zA-Z]+)/qxxx/displayPicture.cache?tName=([_0-9a-zA-Z]+)&fName=([_0-9a-zA-Z]+)&FLNM=([_0-9a-zA-Z]+)</from> <to>/$1/qxxx/cache/image/$2/$3/$4</to> </outbound-rule>--> <!-- INSTALLATION in your web.xml add... <filter> <filter-name>UrlRewriteFilter</filter-name> <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class> <init-param> <param-name>logLevel</param-name> <param-value>WARN</param-value> </init-param> </filter> <filter-mapping> <filter-name>UrlRewriteFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> EXAMPLES Redirect one url <rule> <from>/some/old/page.html</from> <to type="redirect">/very/new/page.html</to> </rule> Redirect a directory <rule> <from>/some/olddir/(.*)</from> <to type="redirect">/very/newdir/$1</to> </rule> Clean a url <rule> <from>/products/([0-9]+)</from> <to>/products/index.jsp?product_id=$1</to> </rule> eg, /products/1234 will be passed on to /products/index.jsp?product_id=1234 without the user noticing. Browser detection <rule> <condition name="user-agent">Mozilla/[1-4]</condition> <from>/some/page.html</from> <to>/some/page-for-old-browsers.html</to> </rule> eg, will pass the request for /some/page.html on to /some/page-for-old-browsers.html only for older browsers whose user agent srtings match Mozilla/1, Mozilla/2, Mozilla/3 or Mozilla/4. --></urlrewrite>大家能否讲解一下 配置文件相关 节点说明谢谢
解决方案
<rule> <note> The rule means that requests to /test/status/ will be redirected to /rewrite-status the url will be rewritten. </note> <from>/test/status/</from> <to type="redirect">%{context-path}/rewrite-status</to> </rule> 表示请求的urlnote,说明,注释一样from 就表示你请求的url(伪造的),经过urlrewrite 转化,就变成to里面的url了。to表示真正的url、<outbound-rule> <note> The outbound-rule specifies that when response.encodeURL is called (if you are using JSTL c:url) the url /rewrite-status will be rewritten to /test/status/. The above rule and this outbound-rule means that end users should never see the url /rewrite-status only /test/status/ both in thier location bar and in hyperlinks in your pages. </note> <from>/rewrite-status</from> <to>/test/status/</to> </outbound-rule> 这个表示应答的urlnote说明from 服务器返回的urlto 经过urlrewrite后的。变成伪造的。那么真实的就被隐藏掉了。安全性
解决方案二:
其实很简单,这里面没多少东西,首先web.xml里的过滤器是不可少的org.tuckey.web.filters.urlrewrite.UrlRewriteFilter其次就是rule节点下的from节点和to节点,from是地址栏的url,to是实际请求的地址。就是你配置from匹配规则,想把什么样的url,转到哪个地址上。。最后就是outbound-rule,这里面也是from和to。。就是把你的动态url,比如show.do?id=1&name=2正阳的,可以给你转化成你配置的静态规则俄,比如show_1_2.html。这里给你点参考资料http://www.blogjava.net/suda/archive/2006/12/30/90962.htmlhttp://super2.iteye.com/blog/247328
解决方案三:
这个很简单吧! 讨论过好几次了!http://7454103.iteye.com/blog/476626我的帖子你先看下吧! 需要再深入的话咱再讨论! 关.注中