Page is a not externally linkable
jdMorgan - 3:09 pm on Oct 5, 2009 (gmt 0)
I'd recommend: The purpose of testing THE_REQUEST is to differentiate between direct clients requests for /search.php (forbidden), and client requests for URL-paths such as /search/2/xyz which were internally-rewritten to /search.php (allowed). Jim
Not sure if the code in the above post was accidentally truncated or what, but don't try to take a 'short-cut' on the RewriteCond pattern -- The URL-path part of the pattern for THE_REQUEST should correspond very closely to the RewriteRule pattern if you expect it to work properly.
RewriteCond %{THE_REQUEST} ^[A-Z]+\ /search\.php[^\ ]*\ /HTTP
RewriteRule ^search\.php$ - [F]
That is, if the currently-requested URL-path is "/search.php" *and* if "/search.php" is the URL-path originally requested by the client, then return a 403. If the currently-requested URL-path is "/search.php" but the client requested a different URL-path (e.g. the client requested the 'friendly' "/search/2/xyz" path), then don't execute the rule.