homepage Welcome to WebmasterWorld Guest from 54.161.191.254
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Rewriting query strings
glimbeek




msg:4124297
 1:00 pm on Apr 29, 2010 (gmt 0)

I actually did search a solution for this but I guess it's to specific because I couldn't find a solution to fit my needs.

Anyway on to my "problem".

I'm looking for a way to rewrite all query strings.
Why? Well I don't want http://www.example.com/ to display the same as http://www.example.com/? or http://www.example.com/?test or http://www.example.com/?=test or http://www.example.com/test? etc...

Here come's the tricky bit.

I'm using Joomla! 1.5.x with SEO/SEF url's turned on, so I don't have any query strings in the "front-end". There are query strings in the back-end however.

http://www.example.com/administrator/ and everything within this folder is not supposed to be effected.

I did find the following:
[webmasterworld.com...]
# Create 404 on all root folder requests with query strings
# appended by rewriting to a file that does not exist
RewriteCond %{QUERY_STRING} &?ID=
RewriteRule ^[^/]*$ /non-existent-file.hmtl? [L]

and

RewriteCond %{THE_REQUEST} ^[A-Z]+\ /[^?\ ]*\?[^\ ]*\ HTTP/
RewriteRule ^ /non-existent-file.hmtl? [L]

Obviously the above examples don't take the /administrator/ folder into account. Nor am I a 100% the above code does what I need.

If I need to provide more info give me a shout.

Thanks in advance for any help/tips provided.

 

jdMorgan




msg:4124307
 1:10 pm on Apr 29, 2010 (gmt 0)

Well, you can add an exclusion prevent rewriting requests for the /administrator/ folder path -- Either in a RewriteCond examining %{REQUEST_URI} or even in the RewriteRule pattern itself.

The first example you posted detects a specific query string value, while the second detects any request that has any query string appended, even a blank one.

Be very careful in deciding what to do with these requests. You can indeed 404 them, but I suggest 301-redirecting them to the requested page after removing the query string, unless that query string is malicious (e.g. an SQL-injection attempt) in which case I suggest a 403-Forbidden response and blocking the requestor's IP address.

Jim

glimbeek




msg:4124312
 1:17 pm on Apr 29, 2010 (gmt 0)

Hi Jim,

Thanks for the fast reply.

At the moment we have no "bad" url's. We want to prevent this by doing what Google does: [google.com...]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved