Block URLS without Parameter rewrite mod

Forum Moderators: phranque

Message Too Old, No Replies

Block URLS without Parameter rewrite mod

I want to block URLS that does not come with parameters

roadrunner99

9:12 am on Feb 17, 2009 (gmt 0)

Hello Forum,

i got stuck with a rewrite Rule.

My Use case goes like this:
We have a jsp on our server that should not be called without parameter.

So i want to have a rewrite rule that works like this, when this jsp is called without a parameter he will bring up a 403 Error.

In this case /dir1/dir2/dir3/dir4/calc.jsp is a bad url
/dir1/dir2/dir3/dir4/calc.jsp?id=1&lang=en is a good url

My effort until now was something like:


 RewriteEngine on
 RewriteLog /tmp/rewritel.log
 RewriteLogLevel 9
 RewriteRule "^/dir1/dir2/dir3/dir4/calc\.jsp$" "-" "[F]"
 #RewriteRule "/dir1/dir2/dir3/dir4/calc\.jsp$" "-" "[F]"

Now there is the step missing where i can say if a parameter is passed starting with a ? it is ok.

I tried rewrite rules like
RewriteRule "/dir1/dir2/dir3/dir4/calc\.jsp$(!(\?.)*)" "-" "[F]"
RewriteRule "/dir1/dir2/dir3/dir4/calc\.jsp$([\?.]*)" "-" "[F]"

But nothing works. Also the search for block urls with paramter leads me to a solution....
I would appreciate your hints and tipps.

wildbest

10:05 am on Feb 17, 2009 (gmt 0)

May be you should put the following htaccess file in dir4:

RewriteEngine On
#
RewriteCond %{THE_REQUEST} ![?]
RewriteCond %{REQUEST_URI} ^/calc\.jsp [NC]
RewriteRule .* - [F,L]

Alternatively, you might wish to use that:

RewriteEngine On
#
RewriteCond %{QUERY_STRING} ^$
RewriteCond %{REQUEST_URI} ^/calc\.jsp [NC]
RewriteRule .* - [F,L]

Depends on if you wish to allow 'empty' query string or no query string at all!

roadrunner99

10:31 am on Feb 17, 2009 (gmt 0)

Thanks for your Answer.
Now i can see in the logifle that he says matched for urls without paramter and not-matched for paramters with parameters.

But the rewrite condition is not working. The page is displed always.

wildbest

3:44 pm on Feb 17, 2009 (gmt 0)

Is that htaccess file in your dir4 or it's in your root directory?

jdMorgan

4:01 pm on Feb 17, 2009 (gmt 0)

Based on the paths shown in the original post, I'd assume the code is in the root .htaccess, and that the directory path needs to be included in the URL-path pattern:


RewriteCond %{QUERY_STRING} ^$
RewriteRule ^dir1/dir2/dir3/dir4/calc\.jsp$ - [F]

Jim

roadrunner99

10:54 am on Feb 18, 2009 (gmt 0)

The .htaccess was placed in the right directory.

Now i solved it like this:
i put it into the virtual host definition httpd.conf for the service. Due to the conditions are locigal AND i have put the rule for detecting the ? after the URI Condition to avoid apache getting into a performace problem when fullfilling the requests.

Here is the rewrite rule that works:


RewriteEngine on
 RewriteLog /tmp/rlogs.log
 RewriteLogLevel 9
 RewriteCond %{REQUEST_URI} "^/dir1/dir2/dir3/dir4/calc\.jsp" [NC]
 RewriteCond %{THE_REQUEST} "![?]"
 RewriteRule ".*" "-" "[F]"

Thanks for all your support
Roadrunner99

jdMorgan

5:31 pm on Feb 18, 2009 (gmt 0)

RewriteConds are not processed unless the RewriteRule pattern matches -- See the mod_rewrie documentation. Also, you do not need all those quotes! Therefore, this will be more efficient:


RewriteCond %{THE_REQUEST} ![?]
RewriteRule ^/dir1/dir2/dir3/dir4/calc\.jsp - [F]

Jim