mod_rewrite rule to prevent query string
Question
Ok i am testing a cms(joomla) installed on my personal webserver before putting it live. And i want to be able to prevent the use of the query string, or more to the point prevent users from entering stuff on the query string (changing like articleid etc), but still allow the internal redirecting to use the query string.
Example prevent someone from entering as the url
http://www.doamin.com/index.php?option=com_user&view=register
display Error page or redirect to index.php without query string
But still allow the rewrite rule
RewriteRule ^Register$ index.php?option=com_user&view=register
RewriteCond %{QUERY_STRING} !^$
RewriteRule ^index.php$ index.php? [R=301] obviously redirects all query strings (but it also redirects /Register which isnt what i want)
The [L] flag on the end of the Register rewriterule doesnt make it stop the rule processing either.
EDIT: Ended up answering this with a nudge from Daniel. See answer below
2 answers
solution1
4 ACCPTED 2011-01-02 23:10:52
The mod_rewrite documentation says:
When you want to erase an existing query string, end the substitution string with just a question mark.
And though not mentioned in this sentence, the rewrite rule must not use the QSA flag.
As far as still allowing the rewrite rule:
RewriteRule ^Register$ index.php?option=com_user&view=register
You probably want that to appear below the rewrite rule to strip the query string. When it matches, the %{ENV:REDIRECT_STATUS} variable is set to 200 and mod_rewrite runs through the rewrite rules again. The rewrite rule to strip the query string would match on this second pass if a check that %{ENV:REDIRECT_STATUS} is not 200 were not used.
This will map all requests for index.php (with or without a query string) to index.php without a query string, but still allow /Register to be treated like /index.php?option=com_user&view=register :
RewriteCond %{ENV:REDIRECT_STATUS} !=200
RewriteRule ^index.php$ index.php?
RewriteRule ^Register$ index.php?option=com_user&view=register
Or, if you want to redirect to an error page if a request for index.php has a query string:
RewriteCond %{ENV:REDIRECT_STATUS} !=200
RewriteCond %{QUERY_STRING} !=""
RewriteRule ^index.php$ error.php? [R,L]
RewriteRule ^Register$ index.php?option=com_user&view=register
But I would just use the F flag:
RewriteCond %{ENV:REDIRECT_STATUS} !=200
RewriteCond %{QUERY_STRING} !=""
RewriteRule ^index.php$ - [F,L]
RewriteRule ^Register$ index.php?option=com_user&view=register
solution2
2 2011-01-03 01:37:05
Ok while Daniels answer did not fully work, it got me started on the right track.
ended up needing two parts to do what i wanted, part of it was using the REDIRECT_STATUS variable
first needed
RewriteCond %{QUERY_STRING} !=""<br>
RewriteCond %{ENV:REDIRECT_STATUS} 200<Br>
RewriteRule .* - [L]<br>
.....
all my internal redirects
Like: RewriteRule ^Register$ index.php?option=com_register&view=register [L]
.....
then finally
RewriteRule .* - [F,L]
Makes it so that only thing able to be used are the urls defined by the internal redirects.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.