Welcome to WebmasterWorld Guest from 54.158.228.55

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Removing query string

website has been spammed...

     
1:42 pm on Jan 18, 2009 (gmt 0)

5+ Year Member



Hi

My website has been spammed using my search function with urls like:

site.com/search/index.php?somepammydirect?andlots-of-variables

in modrewrite is there a way to redirect all the {query_strings} after the .php and simply redirect them to /search/index.html

?

thanks

5:00 pm on Jan 18, 2009 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Does /search/index.php accept any *valid* query strings?

If not, then


RewriteCond %{QUERY_STRING} .
RewriteRule ^search/index.php$ http://www.example.com/search/index.ph[b]p?[/b] [R=301,L]

can be used in your Web root .htaccess file to redirect to remove *all* query strings from those requests.

I assume you already have other working rewriterules, so I'm not showing the mod_rewrite "setup" directives here.

Make sure the hostname in the substitution URL is your canonical domain, and place this rule ahead of any general domain canonicalization redirect rule. (Order your rules by external redirects first, from most-specific URL-pattern to least-specific, followed by internal rewrites, again from most-specific to least specific. This avoids chained or stacked redirects, and avoids having an external redirect expose your internal script filepaths to clients.)

Jim

6:13 pm on Jan 18, 2009 (gmt 0)

5+ Year Member



Hi - thanks for that - it all worked

I also added the line below to redirect /search/index.php to /search/index.html directly after the code above (as it was stripping the query but putting to index.php)

Redirect 301 /search/index.php http://www.example.com/search/index.html

6:26 pm on Jan 18, 2009 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Do not mix mod_alias and mod_rewrite directives. If you ever change servers, there's no guarantee that the two modules will execute in the same order.

Code in .htaccess is 'scanned' by the Apache modules in LoadModule order, and each module processes only the directives it understands. As such, the order of directives in your .htaccess file does not control execution order, except among directives handled by the same module.

If index.html is the proper URL, then put that in the substitution URL of the code I posted. Do not force the user and server to go through two client redirects to get to the proper content.

Also, consider redirecting /<any_dir>/index.<anything> to "/<any_dir>/" -- There is no benefit to "exposing" your index page URL-path or "technology" to the client. It looks cluttered in search results, and for direct type-ins it's just extra unneeded characters. Let's put it this way: Do you go to www.google.com, or to www.google.com/index.py?

Jim

6:28 pm on Jan 18, 2009 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Don't mix rules with
Redirect
and rules with
RewriteRule
in the same .htaccess file.

Order of processing is not guaranteed because stuff is processed in the order of which Apache module needs to handle it, and you have commands from two different modules (Mod_Alias and Mod_Rewrite) listed.

If you use

RewriteRule
for one of them, then use
RewriteRule
for all of them.

Here you can install a site-wide redirect that strips index.html from all requests and forces www at the same time.

Finally, link to the shorter URL from within your site.

Typically, this index redirect is listed just before your site-wide non-www to www 301 redirect.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month