Hi , i've looked a lil into it and can't find really anything relevant. I'm trying to rewrite a url in the form of http://www.mysite.com/script.php?something=http or www To access restricted. However http://www.mysite.com/script.php?something=0 must stay the same. i tried using the escape character (\?) but anything after the "?" don't seem to get checked via regex ... Is there any way? I read something about apache not supporting this... Thanx for any help.
Why do you need the address to stay the same ? Without knowing exactly what you're trying to do all I can offer is this. RewriteEngine On RewriteCond %{QUERY_STRING} somthing=(http|www) RewriteRule ^script\.php$ script.php [forbidden,last] Code (markup): It will send a 403-forbidden HTTP status back to the browser, the browser will remain at that URL, but "script.php" will never be executed because sending a 403 status immediately terminates the request.
Thanx i'll give it a try, it's to countermeasure a xss vuln. I thought i needed to add a ^(.*) before something= now i get it tho %{QUERY_STRING} stands for what's after the "?" right? apache's manual is pretty vague...
http://httpd.apache.org/docs/mod/mod_rewrite.html#rewritecond QUERY_STRING is the standard variable name for the query string, so yes in this case it means what you think it does.