| Rewriting query strings
|
glimbeek
msg:4124297 | 1:00 pm on Apr 29, 2010 (gmt 0) |
I actually did search a solution for this but I guess it's to specific because I couldn't find a solution to fit my needs.
Anyway on to my "problem".
I'm looking for a way to rewrite all query strings.
Why? Well I don't want http://www.example.com/ to display the same as http://www.example.com/? or http://www.example.com/?test or http://www.example.com/?=test or http://www.example.com/test? etc...
Here come's the tricky bit.
I'm using Joomla! 1.5.x with SEO/SEF url's turned on, so I don't have any query strings in the "front-end". There are query strings in the back-end however.
http://www.example.com/administrator/ and everything within this folder is not supposed to be effected.
I did find the following:
[webmasterworld.com...]
# Create 404 on all root folder requests with query strings
# appended by rewriting to a file that does not exist
RewriteCond %{QUERY_STRING} &?ID=
RewriteRule ^[^/]*$ /non-existent-file.hmtl? [L]
and
RewriteCond %{THE_REQUEST} ^[A-Z]+\ /[^?\ ]*\?[^\ ]*\ HTTP/
RewriteRule ^ /non-existent-file.hmtl? [L]
Obviously the above examples don't take the /administrator/ folder into account. Nor am I a 100% the above code does what I need.
If I need to provide more info give me a shout.
Thanks in advance for any help/tips provided.
|
jdMorgan
msg:4124307 | 1:10 pm on Apr 29, 2010 (gmt 0) |
Well, you can add an exclusion prevent rewriting requests for the /administrator/ folder path -- Either in a RewriteCond examining %{REQUEST_URI} or even in the RewriteRule pattern itself.
The first example you posted detects a specific query string value, while the second detects any request that has any query string appended, even a blank one.
Be very careful in deciding what to do with these requests. You can indeed 404 them, but I suggest 301-redirecting them to the requested page after removing the query string, unless that query string is malicious (e.g. an SQL-injection attempt) in which case I suggest a 403-Forbidden response and blocking the requestor's IP address.
Jim
|
glimbeek
msg:4124312 | 1:17 pm on Apr 29, 2010 (gmt 0) |
Hi Jim,
Thanks for the fast reply.
At the moment we have no "bad" url's. We want to prevent this by doing what Google does: [google.com...]
|
|
|
