Welcome to WebmasterWorld Guest from 54.196.214.35

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Unknown rewrite rule

     
7:20 pm on Sep 24, 2012 (gmt 0)

New User

10+ Year Member

joined:Nov 19, 2004
posts: 11
votes: 0


Hi!

Today I found a rewrite rule in the .htaccess file on one of my sites that I can't remember putting in there.


RewriteEngine on
RewriteCond %{QUERY_STRING} ^(%20|\+|\ )*(%2d|-)[^=]+$ [NC]
RewriteRule ^(.*) $1? [L]


My knowledge in Apache is not so great so any help in identifying what this rule does would be appreciated.

Thanks in advance
7:48 pm on Sept 24, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


It apparently strips the query string if it begins with a space and then a hyphen and does not contain an equals sign.

It's coded as an internal rewrite, stripping those parameters before passing the query around inside the server.

The lack of a slash before the $1 leaves your server wide open to hacking by path injection.

Here's an object lesson in commenting your code so you know what it is supposed to do, months and years later. :)
7:56 pm on Sept 24, 2012 (gmt 0)

New User

10+ Year Member

joined:Nov 19, 2004
posts: 11
votes: 0


Thanks! My site got hacked a few months ago. Then, this is probably a remnant of that hack.
8:07 pm on Sept 24, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


I'd say it was an attempt to protect against some sort of hack (except for someone accidentally leaving out the slash).