If foo is a parameter in QUERY STRING, Rewrite request to static page

Forum Moderators: phranque

Message Too Old, No Replies

If foo is a parameter in QUERY STRING, Rewrite request to static page

QUERY_STRING ReWrite

Stoobert

2:47 am on Sep 4, 2009 (gmt 0)

I really love these forums, thanks for looking. I'm a first time poster but long time lurker.

I want to reject certain searches from occuring on my site by rejecting or rewriting requests containing a certain string in a QUERY_STRING parameter. This is not for security, but for bandwith (googlebot) purposes.

Here is as actual URL:


http://www.example.com/civicrm/profile?q=/civicrm/profile&force=1&gid=9&custom_12=Septic+Disposal%2CHydrology

GOAL: *If* any parameter is in the URL that contains the string "custom_" I would like it rewritten, the query_string discarded, and sent to a static HTML page (http://www.mysite.com/foo.html) or simply rejected as a 403 error. Potentially any 2 digit number could follow "custom_" -- it could be custom_43 or custom_13 or custom_99. I would like the request sent to:

Any help you can offer would be great, THANKS!

[edited by: jdMorgan at 1:09 pm (utc) on Sep. 4, 2009]
[edit reason] example.com [/edit]

jdMorgan

1:14 pm on Sep 4, 2009 (gmt 0)

Your desired 'send to' URL is missing in your post above.

Use a RewriteCond in mod_rewrite to test the query string, and a RewriteRule to redirect the request if the query string contains the parameter you don't want.

Please see our Apache Forum Charter [webmasterworld.com] for links to useful resources and information about how to get the most from this forum. We also have a site search facility, and you may find our Apache Forum Library to be useful.

Thanks,
Jim

Stoobert

4:29 pm on Sep 4, 2009 (gmt 0)

that was a typo, sorry.

I only want the request sent to either:

1) a static html page such as http://www.example.com/foo.html with no parameters
2) a 403 error
--- either will suit my purposes

I have experimented with at least 6 different options to test the query string, but none of them are working for me. I have searched this forum and others for answers. None of them detect the string "custom_" and take action. That is why I have posted asking for help.

It is of possible relevance that I am using Drupal and making this RewriteRule in the .htaccess file for drupal tha already contains two ReWriteRule. I have copied and pasted the contents of the entire .htaccess file below.

Any ideas? Your continued help would be wonderful.

Thanks

# # Apache/PHP/Drupal settings: ## Protect files and directories from prying eyes. <FilesMatch "\.(engine¦inc¦info¦install¦module¦profile¦test¦po¦sh¦.*sql¦theme¦tpl(\.php)?¦xtmpl¦svn-base)$¦^(code-style\.pl¦Entries.*¦Repository¦Root¦Tag¦Template¦all-wcprops¦entries¦format)$"> Order allow,deny </FilesMatch> # Don't show directory listings for URLs which map to a directory. Options -Indexes # Follow symbolic links in this directory. Options +FollowSymLinks # Make Drupal handle any 404 errors. ErrorDocument 404 /index.php # Force simple error message for requests for non-existent favicon.ico. <Files favicon.ico> # There is no end quote below, for compatibility with Apache 1.3. ErrorDocument 404 "The requested file favicon.ico was not found. </Files> # Set the default handler. DirectoryIndex index.php # Override PHP settings. More in sites/default/settings.php # but the following cannot be changed at runtime. # PHP 4, Apache 1. <IfModule mod_php4.c> php_value magic_quotes_gpc 0 php_value register_globals 0 php_value session.auto_start 0 php_value mbstring.http_input pass php_value mbstring.http_output pass php_value mbstring.encoding_translation 0 </IfModule> # PHP 4, Apache 2. <IfModule sapi_apache2.c> php_value magic_quotes_gpc 0 php_value register_globals 0 php_value session.auto_start 0 php_value mbstring.http_input pass php_value mbstring.http_output pass php_value mbstring.encoding_translation 0 </IfModule> # PHP 5, Apache 1 and 2. <IfModule mod_php5.c> php_value magic_quotes_gpc 0 php_value register_globals 0 php_value session.auto_start 0 php_value mbstring.http_input pass php_value mbstring.http_output pass php_value mbstring.encoding_translation 0 </IfModule> # Requires mod_expires to be enabled. <IfModule mod_expires.c> # Enable expirations. ExpiresActive On # Cache all files for 2 weeks after access (A). ExpiresDefault A1209600 # Do not cache dynamically generated pages. ExpiresByType text/html A1 </IfModule> # Various rewrite rules. <IfModule mod_rewrite.c> RewriteEngine on # If your site can be accessed both with and without the 'www.' prefix, you # can use one of the following settings to redirect users to your preferred # URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option: # # To redirect all users to access the site WITH the 'www.' prefix, # (http://example.com/... will be redirected to http://www.example.com/...) # adapt and uncomment the following: RewriteCond %{HTTP_HOST} ^example\.org$ [NC] RewriteRule ^(.*)$ http://www.example.org/$1 [L,R=301] # # To redirect all users to access the site WITHOUT the 'www.' prefix, # (http://www.example.com/... will be redirected to http://example.com/...) # uncomment and adapt the following: # RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC] # RewriteRule ^(.*)$ http://example.com/$1 [L,R=301] # Modify the RewriteBase if you are using Drupal in a subdirectory or in a # VirtualDocumentRoot and the rewrite rules are not working properly. # For example if your site is at http://example.com/drupal uncomment and # modify the following line: # RewriteBase /drupal # # If your site is running in a VirtualDocumentRoot at http://example.com/, # uncomment the following line: # RewriteBase / # need rule to prevent google from finding inappropriate, database heavy searches and crashing site ########## # Rewrite URLs of the form 'x' to the form 'index.php?q=x'. RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] </IfModule>

# $Id: .htaccess,v 1.90.2.3 2008/12/10 20:04:08 goba Exp $

jdMorgan

10:11 pm on Sep 4, 2009 (gmt 0)

> I have experimented with at least 6 different options to test the query string, but none of them are working for me.

That's OK, but it would really be helpful to see your best-effort code, even if it doesn't work. At the very least, it might encourage contributors to post replies, given that they'll understand at least part of the scope of the specific problem...

Jim

Stoobert

10:42 pm on Sep 4, 2009 (gmt 0)

sure here are my best examples of what I tried, THANKS!


RewriteCond %{QUERY_STRING} (^¦&)custom(&¦$)
RewriteRule ^(.*)$ http://www.example.com/inappropriate_search.html [R]RewriteCond %{QUERY_STRING} custom_
RewriteRule ^(.*)$ http://www.example.com/inappropriate_search.html [R]RewriteCond %{REQUEST_URI} ^civicrm/profile$
RewriteCond %{QUERY_STRING} custom_
RewriteRule ^(.*)$ http://www.example.com/inappropriate_search.html [R]

oh, it would be slick if the rewrite rule could also only be applied on this page of the site, below:

http://www.example.com/civicrm/profile

[edited by: jdMorgan at 12:03 am (utc) on Sep. 5, 2009]

jdMorgan

12:05 am on Sep 5, 2009 (gmt 0)

If this code is in example.com/.htaccess, then:


RewriteCond %{QUERY_STRING} &?custom_
RewriteRule ^civicrm/profile http://www.example.com/inappropriate_search.html? [R=302,L]

should do what you want.

Note the "soft anchor" on the query string pattern, so that if any character precedes "custom_" it must be an ampersand. The query pattern is otherwise un-anchored and so will match "anything before" and "anything after."

The RewriteCond is only processed and the RewriteRule is only invoked if the URL-path starts with "/civicrm/profile" (Note that the leasing slash is implied due the the .htaccess file's location). The question mark at the end of the substitution URL clears the query string, if that matters.

Completely-flush (delete) your browser cache after changing your server-side code.

Jim

Stoobert

4:22 pm on Sep 8, 2009 (gmt 0)

jdMorgan, thank you for your thoughtful reply.

I have placed the above code into my .htaccess file (taking care to replace example.com with my real domain) and unfortunately the result is nothing. It appears the RewriteCond is not recognizing the string, because nothing happens when a URL such as this is entered:

http://www.example.com/civicrm/profile?force=1&gid=9&custom_12=Wetlands&crmPID=1&crmRowCount=25&crmSID=3_d

Do you have any ideas as to why it is not functioning?

It is also worth noting that when I make this simple change there is still no effect:
RewriteCond %{QUERY_STRING} custom_

I have placed this RewriteRule above all others in the .htaccess file. Is there something wrong with my environment?

jdMorgan

4:56 pm on Sep 8, 2009 (gmt 0)

1) This new ruleset must be placed just ahead of the Drupal "Rewrite URLs of the form x to the form index.php?q=x" ruleset, or it will never execute.

2) Flush your browser cache after making any change to server-side code.

3) No changes to the code I supplied are needed, especially changes made without knowing exactly what the result of the changes will be; This code is trivial.

Jim

Stoobert

8:00 pm on Sep 8, 2009 (gmt 0)

Thank you again for your time. I assure you I am trying my best to follow your instructions and when that fails also attempting to be proactive and add possible insight to the situation.

I accept that this code is trivial and should work exactly as you describe.

Unfortunately it still doesn't work.

To prove to you that I have followed your instructions to the letter, I have included a copy of the .htaccess file below. <snip>

Do you see any problems with the code .htaccess file below?


# Apache/PHP/Drupal settings:
#
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine¦inc¦info¦install¦module¦profile¦test¦po¦sh¦.*sql¦theme¦tpl(\.php)?¦xtmpl¦svn-base)$¦^(code-style\.pl¦Entries.*¦Repository¦Root¦Tag¦Template¦all-wcprops¦entries¦format)$">
 Order allow,deny
</FilesMatch>
#
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
#
# Follow symbolic links in this directory.
Options +FollowSymLinks
#
# Make Drupal handle any 404 errors.
ErrorDocument 404 /index.php
#
# Force simple error message for requests for non-existent favicon.ico.
<Files favicon.ico>
 # There is no end quote below, for compatibility with Apache 1.3.
 ErrorDocument 404 "The requested file favicon.ico was not found.
</Files>
#
# Set the default handler.
DirectoryIndex index.php
#
# Override PHP settings. More in sites/default/settings.php
# but the following cannot be changed at runtime.
#
# PHP 4, Apache 1.
<IfModule mod_php4.c>
 php_value magic_quotes_gpc 0
 php_value register_globals 0
 php_value session.auto_start 0
 php_value mbstring.http_input pass
 php_value mbstring.http_output pass
 php_value mbstring.encoding_translation 0
</IfModule>
#
# PHP 4, Apache 2.
<IfModule sapi_apache2.c>
 php_value magic_quotes_gpc 0
 php_value register_globals 0
 php_value session.auto_start 0
 php_value mbstring.http_input pass
 php_value mbstring.http_output pass
 php_value mbstring.encoding_translation 0
</IfModule>
#
# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
 php_value magic_quotes_gpc 0
 php_value register_globals 0
 php_value session.auto_start 0
 php_value mbstring.http_input pass
 php_value mbstring.http_output pass
 php_value mbstring.encoding_translation 0
</IfModule>
#
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
 # Enable expirations.
 ExpiresActive On
#
 # Cache all files for 2 weeks after access (A).
 ExpiresDefault A1209600
#
 # Do not cache dynamically generated pages.
 ExpiresByType text/html A1
</IfModule>
#
# Various rewrite rules.
<IfModule mod_rewrite.c>
 RewriteEngine on
#
 # If your site can be accessed both with and without the 'www.' prefix, you
 # can use one of the following settings to redirect users to your preferred
 # URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
 #
 # To redirect all users to access the site WITH the 'www.' prefix,
 # (http://example.com/... will be redirected to http://www.example.com/...)
 # adapt and uncomment the following:
 #
 RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
 RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
 #
 #
 # To redirect all users to access the site WITHOUT the 'www.' prefix,
 # (http://www.example.com/... will be redirected to http://example.com/...)
 # uncomment and adapt the following:
 # RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
 # RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]
#
 # Modify the RewriteBase if you are using Drupal in a subdirectory or in a
 # VirtualDocumentRoot and the rewrite rules are not working properly.
 # For example if your site is at http://example.com/drupal uncomment and
 # modify the following line:
 # RewriteBase /drupal
 #
 # If your site is running in a VirtualDocumentRoot at http://example.com/,
 # uncomment the following line:
 # RewriteBase /
#
 RewriteCond %{QUERY_STRING} &?custom_
 RewriteRule ^civicrm/profile http://www.example.com/inappropriate_search.html? [R=302,L]
#
 #
 # Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteCond %{REQUEST_URI} !=/favicon.ico
 RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
 #
#
</IfModule>
#
# $Id: .htaccess,v 1.90.2.3 2008/12/10 20:04:08 goba Exp $

--------------------------------------------
Just in case this is relevant, my permissions are as follows:


-rw-r--r-- 1 example example.com 3973 Sep 8 12:49 .htaccess

Again, thank you very much for your continued diligence.

[edited by: jdMorgan at 7:06 pm (utc) on Sep. 9, 2009]
[edit reason] example.com [/edit]

jdMorgan

7:28 pm on Sep 9, 2009 (gmt 0)

I lost some time bringing this post into compliance with our TOS, but returning to it now, I'm afraid I don't see anything in the code that's there that would stop that new rule from working if all of the requirements I listed above (as to .htaccess location and flushing of the browser cache) have been met.

You may wish to try disabling content-negotiation if your site does not use it, by adding -MultiViews to your Options directive(s). Note that you have two Options directives, and that these can be merged as well, resulting in


Options -Indexes -MultiViews +FollowSymLinks

Unless you want this code to fail silently on servers where mod_expires and mod_rewrite are not installed, you can delete those section tags as well. I'd advise leaving the php-version containers as-is, though, as you're more likely to encounter Apache server or PHP upgrades than to host on a server where mod_expires and mod_rewrite aren't installed.

Jim

Stoobert

9:05 pm on Sep 9, 2009 (gmt 0)

Yes I have repeatedly cleared my browser (Firefox) cache, made sure that all the options for clearing "Private Information" are checked. I have gone so far as to completely restart my machine and use other machines. There is no change in result. The RewriteRule continues to non function.

I have ensured that the .htaccess file resides in the web document root.

It is worth noting that the other RewriteRules in this .htaccess do function properly.

I appreciate your time. I will have to accept that this RewriteRule will not work for me and look for another solution.

Stoobert

10:05 pm on Sep 9, 2009 (gmt 0)

As a follow up, I discovered that a co-worker had put RewriteRules directly in the httpd.conf file that were interfering with the proper execution of this particular RewriteRule in .htaccess file. Presuably this is because httpd.conf is executed first by the web server.

When I moved these RewriteRules out of httpd.conf and below my RewriteRule in the .htaccess everything is working properly.

jdMorgan

10:47 pm on Sep 9, 2009 (gmt 0)

Be sure that you modified the new rule for use in .htaccess if it was NOT within a <Directory> container in httpd.conf. If that was the case, then the RewriteRule's pattern may start with a slash, and that slash will need to be removed if the pattern is to match in a per-directory .htaccess context.

Glad you found the trouble... it was a real head-scratcher.

Jim