mod_rewrite规则以防止查询字符串

Question

Ok i am testing a cms(joomla) installed on my personal webserver before putting it live. And i want to be able to prevent the use of the query string, or more to the point prevent users from entering stuff on the query string (changing like articleid etc), but still allow the internal redirecting to use the query string.

Example prevent someone from entering as the url
http://www.doamin.com/index.php?option=com_user&view=register
display Error page or redirect to index.php without query string

But still allow the rewrite rule
RewriteRule ^Register$ index.php?option=com_user&view=register

RewriteCond %{QUERY_STRING} !^$
RewriteRule ^index.php$ index.php? [R=301] obviously redirects all query strings (but it also redirects /Register which isnt what i want)

The [L] flag on the end of the Register rewriterule doesnt make it stop the rule processing either.

EDIT: Ended up answering this with a nudge from Daniel. See answer below

Answer 1

The mod_rewrite documentation says:

When you want to erase an existing query string, end the substitution string with just a question mark.

And though not mentioned in this sentence, the rewrite rule must not use the QSA flag.

As far as still allowing the rewrite rule:

RewriteRule ^Register$ index.php?option=com_user&view=register

You probably want that to appear below the rewrite rule to strip the query string. When it matches, the %{ENV:REDIRECT_STATUS} variable is set to 200 and mod_rewrite runs through the rewrite rules again. The rewrite rule to strip the query string would match on this second pass if a check that %{ENV:REDIRECT_STATUS} is not 200 were not used.

This will map all requests for index.php (with or without a query string) to index.php without a query string, but still allow /Register to be treated like /index.php?option=com_user&view=register :

RewriteCond %{ENV:REDIRECT_STATUS} !=200
RewriteRule ^index.php$ index.php?

RewriteRule ^Register$ index.php?option=com_user&view=register

Or, if you want to redirect to an error page if a request for index.php has a query string:

RewriteCond %{ENV:REDIRECT_STATUS} !=200
RewriteCond %{QUERY_STRING} !=""
RewriteRule ^index.php$ error.php? [R,L]

RewriteRule ^Register$ index.php?option=com_user&view=register

But I would just use the F flag:

RewriteCond %{ENV:REDIRECT_STATUS} !=200
RewriteCond %{QUERY_STRING} !=""
RewriteRule ^index.php$ - [F,L]

RewriteRule ^Register$ index.php?option=com_user&view=register

Answer 2

Ok while Daniels answer did not fully work, it got me started on the right track.

ended up needing two parts to do what i wanted, part of it was using the REDIRECT_STATUS variable

first needed

RewriteCond %{QUERY_STRING} !=""<br>
RewriteCond %{ENV:REDIRECT_STATUS} 200<Br>
RewriteRule .* - [L]<br>

.....
all my internal redirects
Like: RewriteRule ^Register$ index.php?option=com_register&view=register [L]
.....

then finally

RewriteRule .* - [F,L]

Makes it so that only thing able to be used are the urls defined by the internal redirects.