Is there a .htacces way to block all request starting with exactly /index.php?action=?
I figured out:
RewriteCond %{QUERY_STRING} \baction=\b [NC]
RewriteRule ^ - [F]
But how do I put the part /index.php? in front of that pattern. I tried a lot, but it didn't work and only this part of the pattern also blocks &action= parameters somewhere else in a URL
Hope you can help. Many thanks in advance,
Nico
You can use THE_REQUEST variable to match full URL and block it like this:
RewriteCond %{THE_REQUEST} /index\.php\?action= [NC]
RewriteRule ^ - [F]
RewriteCond %{QUERY_STRING} \baction=\b [NC]
RewriteRule ^ - [F]
But how do I put the part /index.php? in front of that pattern.
The RewriteRule pattern (ie. ^ in your example) matches the URL-path part of the URL (less the slash prefix). So, you can do it like this:
RewriteCond %{QUERY_STRING} ^action= [NC]
RewriteRule ^index\.php$ - [NC,F]
This matches any request that starts /index.php?action= (case-insensitive).
The regex you had initially (ie. ^) is successful for everything, so would match any URL that starts /<anything>?action=.
The difference between this approach and checking against THE_REQUEST (as in #anubhava's answer) is that this will also block requests that have been internally rewritten to /index.php?action=, whereas THE_REQUEST will only block direct requests from the client.
Related
I'm aware this has already been asked, but I've tried countless solutions but I'm still not getting the desired result.
I've a page which shows a list of names and the variables data are the starting letter (variable l which can also be a number) and the page number (page_no) and the page number is optional as it should not be displayed in the page 1.
The original URL is the following
https://www.example.com/allnames.php?l=A&page_no=1
I've the following rule
RewriteCond %{QUERY_STRING} ^l=([\w]+)$
RewriteRule ^allnames.php$ /allnames/%1? [R=301,L]
which works fine for page 1, but it doesn't include the page_no variable, so I tried this one but I'm unable to understand what's wrong.
RewriteCond %{QUERY_STRING} ^l=([\w]+)?page_no=([0-9]+)$
RewriteRule ^allmovies.php$ /allmovies/%1/%2? [R=301,L]
the result expected would be, for example
allnames/A or allnames/A/1 for letter A, page 1
allnames/S/8 for letter S, page 8
And the following is the content of the htaccess file
RewriteEngine On
Options +FollowSymLinks -MultiViews
# to prevent loops
RewriteCond %{ENV:REDIRECT_STATUS} !200
#remove index.php
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
# Sets the HTTP_AUTHORIZATION header removed by apache
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^index\.php(/(.*)|$) %{ENV:BASE}/$2 [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule .? - [L]
RewriteRule .? %{ENV:BASE}/index.php [L]
# allnames.php
RewriteCond %{QUERY_STRING} ^l=([\w]+)$
RewriteRule ^allnames.php$ /allnames/%1? [R=301,L]
RewriteRule allnames/ /allnames.php?l=$1&page_no=$2 [L]
RewriteCond %{QUERY_STRING} ^l=([\w]+)?page_no=([0-9]+)$
The regex in the condition (CondPattern) does not allow for the & delimiter between URL parameters. You are also allowing the l parameter value to be entirely omitted (which would result in an ambiguous URL) or contain multiple characters (which you've stated should be a single "letter").
You would seem to need something like the following instead:
RewriteCond %{QUERY_STRING} ^l=([\w])&page_no=([0-9]+)$
But note that this will fail if the l parameter value contains more than one character (or is omitted entirely).
the result expected would be, for example
allnames/A or allnames/A/1 for letter A, page 1
Note that you would still need your first rule (without the page_no URL param) to get allnames/A. You could instead make page_no optional in the second rule, but you would still get a trailing slash (ie. allnames/A/) if that is an issue?
Trying to redirect index.php?page=11. (with the period) to index.php?page=11 (no period). This is a page that somehow was indexed in Google, that breaks with the period in the URL.
RewriteRule ^index\.php\?page\=11\.$ index.php?page=11 [R=301]
This is not catching.
You can't match against the query string (everything after the ?) in a rewrite rule, you need to match against the %{QUERY_STRING} variable in a condition:
RewriteCond %{QUERY_STRING} ^page=11\.$
RewriteRule ^index\.php$ /index.php?page=11 [L,R=301]
.htaccess and regular expressions is twisting my mind :)
I'm trying to catch a variable number of variables from the query string, write them in a cookie and redirect removing query string. I got it working with only one variable but sometimes I need it to catch 2 or 3. Here's the code that works with one variable:
RewriteCond %{QUERY_STRING} ^(tag|aid|flu)=([a-z0-9]+)$ [NC] # look for interesting variables in url
RewriteRule ^(.*)$ $1? [CO=%1:%2:foo.com:14400:/,R=301,L] # capture url strip for vars, write cookie, redir
but clearly this is not going to work if the requested url is foo.com?tag=xx&aid=yyy&flu=bbb or with just two variables. I just can't seem to wrap my head around how to do this. Also it would be nice if the order of the variables didn't matter.
Thanks!
I don't know if it's possible to do that:
# tag
RewriteCond %{QUERY_STRING} (?:^|&)tag=([a-z0-9]+)(?:&|$) [NC]
RewriteRule ^ - [CO=tag:%1:foo.com:14400:/]
# aid
RewriteCond %{QUERY_STRING} (?:^|&)aid=([a-z0-9]+)(?:&|$) [NC]
RewriteRule ^ - [CO=aid:%1:foo.com:14400:/]
# flu
RewriteCond %{QUERY_STRING} (?:^|&)flu=([a-z0-9]+)(?:&|$) [NC]
RewriteRule ^ - [CO=flu:%1:foo.com:14400:/]
# Final
RewriteCond %{QUERY_STRING} (?:tag|aid|flu)=.+ [NC]
RewriteRule ^(.*)$ $1? [R=301,L]
I am having problems understanding the rewriting rules. Basically what I am trying to do is change this:
http://domain.com/Intern/guangjian/gallery/?page=admin_login
Into this:
http://domain.com/Intern/guangjian/gallery/admin_login
I keep getting 500 Internal Server Error when I applied various rules to my .htaccess file. Please help. Currently I have the below:
RewriteEngine ON
RewriteCond %{QUERY_STRING} ^(\w+)=(\w+)$
RewriteRule ^/%2
I admit I don't really understand what all the symbols mean.
The symbols are converting the characters into a sequence of bytes in a specific set using character encoding
Example
Original URL.
Eg. http://flickr.com/users.php?id=username&page=2
Rewriting Friendly URL.
Eg. http://flickr.com/username/2
//First Parameter
RewriteEngine On
RewriteRule ^([a-zA-Z0-9_-]+)$ users.php?user=$1
RewriteRule ^([a-zA-Z0-9_-]+)/$ users.php?user=$1
//Second Parameter
RewriteEngine On
RewriteRule ^([a-zA-Z0-9_-]+)/([0-9]+)$ users.php?user=$1&page=$2
RewriteRule ^([a-zA-Z0-9_-]+)/([0-9]+)/$ users.php?user=$1&page=$2
Place this code in /Intern/guangjian/gallery/.htaccess file:
RewriteEngine On
RewriteBase /Intern/guangjian/gallery/
RewriteCond %{THE_REQUEST} /\?page=([^\s&]+) [NC]
RewriteRule ^ %1? [R=302,L]
RewriteRule ^([^/.]+)/?$ ?page=$1 [L,QSA]
Rewrite Rule syntax is: RewriteRule Pattern Substitution [flags].
This means only the flags (L, NC, R, etc...) are optional, the pattern to match and the substitution parts are mandatory. But you only specified one, which is why you are getting a 500 Internal Server Error.
You don't need RewriteCond. Try this:
RewriteEngine ON
RewriteRule ^(.*)\?(\w+)=(\w+)$ $1/$3
You are getting everything up to the ?, and then attaching the value of page, or whatever argument of the query string, to the url. This of course only works when you have only one argument in the query string, the regex won't match in other case.
So here's what I have.
www.website.com/foo (pretty URL to use on marketing pieces)
www.website.com/foobar (URL that actually exists on site)
I can get www.website.com/foo working perfectly with this:
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /foo [NC]
RewriteRule ^ http://www.website.com/redirected/url-goes-here/ [L,R=301]
But that makes the www.website.com/foobar URL go there as well.
I'm sure this is a regex issue and I just don't know the correct symbol to get things working properly, but how can I make /foo redirect properly without effecting /foobar ?
Thanks.
Try this instead:
RewriteCond %{REQUEST_URI} ^/foo$ [NC]
RewriteRule ^ http://www.website.com/redirected/url-goes-here/ [L,R=301]
REQUEST_URI will get rid of the extra request headers that THE_REQUEST has. Then you can match the beginning and end of the requested URL with ^ and $.
You don't need the RewriteCond. Just be specific with the RewriteRule pattern
RewriteRule ^foo$ http://www.website.com/redirected/url-goes-here/ [L,R]
See more about regular expression.
Never test with 301 enabled, see this answer Tips for debugging .htaccess rewrite rules for details.