example.com/?something is throwing a 200 for our domain. I asked our it department to help me solve this issue when this came to light, but I just can't get them to take it on. Now I am seeing urls linking to our site using the above.
Problem is we rewrite the urls from our cms example.com/?id=folder/something it rewritten to example.com/folder/something.htm
I have tried to find a fix and just can't seem to understand the way to write the rule to allow the url to rewrite the rule correctly but not allow ?anything to 301 to a 404.
I assume I will have to allow ?id= to go through so the rules are not broken. This is a little over my head and I think our IT departmernt so if possible could some of the more advanced members help me out here.
So your rewrite is blindly removing the ?id= query string parameter and tacking on a .htm?
Then what? Somewhere, you need rules or code that checks to make sure the request is valid before returning a 200 "OK" response. If your response is always a file, you could use the -f check in a RewriteCond.
Can you post an example of the actual rewrite rules from the .htaccess file?
You just need to check THE_REQUEST contains a parameter using a RewriteCond, and then the associated RewriteRule will use the [F] flag to bar access.
It's two lines of code to fix the problem, and long as there are no URLs on the site using parameters.
Of course the server paths use parameters after the rewrite "inside the server", but we need to be sure that parameters are not used in URLs "out on the web".
Problem is we rewrite the URLs from our cms example.com/?id=folder/something it rewritten to example.com/folder/something.htm
Explaining it that way is what is confusing you.
What the rewrite actually does is accept a URL request from "out on the web" for example.com/folder/something.htm and fetch content from the internal path "inside the server" at /index.php?id=folder/something instead of the server internal path suggested by the URL.
A rewrite does not "change" any URLs. It changes where inside the server the content to fulfill a URL request will be fetched from.
Be aware that the slash is NOT a valid character for use in parameters. Using it, breaks the HTTP specifications.
here's a little php thing that i use. all you've got to do is change the blah1 blah2 blah3 bit at the end so it contains the query strings that you actually allow, and then if someone visits a URL that contains anything else it will automatically be written out.
you'll have to add something at the end so that it redirects, though, otherwise nothing will happen.