All geek questions in one place

Mod_rewrite to prevent query string

Ok, I am testing cms (joomla) installed on my personal web server before putting it live. And I want to be able to prevent the use of the query string or more, to prevent users from entering material into the query string (changing like articleid, etc.), but still allow the internal redirect to use the query string.

Example to prevent someone from entering the URL http://www.doamin.com/index.php?option=com_user&view=register
display error page or redirect to index.php without query string

But still enable the rewrite rule
RewriteRule ^ Register $ index.php? Option = com_user & view = register

RewriteCond% {QUERY_STRING}! ^ $
RewriteRule ^ index.php $ index.php? [R = 301] explicitly redirects all query strings (but it also redirects / Register, which is not what I want)

The [L] flag at the end of the rewriting registry register also does not stop the rule processing.

EDIT: Ended up responding with a boost from Daniel. See answer below.

+4
source share
2 answers

The mod_rewrite documentation says:

If you want to delete an existing query string, complete the wildcard with only a question mark.

Although not mentioned in this sentence, the rewrite rule should not use the QSA flag.

How much is the rewrite rule allowed:

 RewriteRule ^Register$ index.php?option=com_user&view=register

You probably want this to appear under the rewrite rule to remove the query string. When it matches, the variable %{ENV:REDIRECT_STATUS} set to 200, and mod_rewrite starts the rewrite rules again. The rewrite rule for the query string will match on this second pass if the check that %{ENV:REDIRECT_STATUS} not 200 was not used.

This will display all requests for index.php (with or without a query string) to index.php without a query string, but still allow /Register be processed as /index.php?option=com_user&view=register :

 RewriteCond %{ENV:REDIRECT_STATUS} !=200 RewriteRule ^index.php$ index.php? RewriteRule ^Register$ index.php?option=com_user&view=register

Or, if you want to redirect to the error page if the request for index.php has a query string:

 RewriteCond %{ENV:REDIRECT_STATUS} !=200 RewriteCond %{QUERY_STRING} !="" RewriteRule ^index.php$ error.php? [R,L] RewriteRule ^Register$ index.php?option=com_user&view=register

But I would just use the F flag:

 RewriteCond %{ENV:REDIRECT_STATUS} !=200 RewriteCond %{QUERY_STRING} !="" RewriteRule ^index.php$ - [F,L] RewriteRule ^Register$ index.php?option=com_user&view=register
+4
source

Well, when Daniels answered that he was not working completely, he started me on the right track.

in the end, two parts were needed to do what I wanted, some of them used the variable REDIRECT_STATUS

first you need

 RewriteCond %{QUERY_STRING} !=""<br> RewriteCond %{ENV:REDIRECT_STATUS} 200<Br> RewriteRule .* - [L]<br>

.....
all my internal redirects
For example: RewriteRule ^Register$ index.php?option=com_register&view=register [L]
.....

then finally

 RewriteRule .* - [F,L]

This makes it so that the only thing that can be used is URLs defined by internal redirects.

+2
source

Source: https://habr.com/ru/post/1334013/

More articles:


All Articles