RewriteCond using .htaccess to redirect - .htaccess

How to redirect below url and match with RewriteCond
http://example.com/team/home/index.cgi/"><script>alert(7229)</script>
http://example.com/team/home/index.cgi/?"onmouseover="alert(173)"
i need RewriteCond which can match the above url and redirect to rewriterule which is set for other RewriteCond's
Updated query for .htaccess file, please check below code is written for xxs,sql injection prevention, but not solving problem completley
------------------------------------------------------
Header set X-XSS-Protection "1; mode=block"
RewriteBase /
RewriteEngine On
#RewriteCond %{HTTP_USER_AGENT} !^.*Chrome.* [NC]
#RewriteCond %{HTTP_USER_AGENT} !^.*Firefox.* [NC]
RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} \.\./\.\. [OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]
#RewriteRule ^/script/i$ [NE,L]
#RewriteRule ^([^\"]+\.cgi)/.* $1 [R=301,L]
RewriteRule ^(.*)$ /cgi-bin/team/home/index.cgi? [R]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
#END OF XSS FIX


You can also check for REQUEST_URI in addition to QUERY_STRING:
RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [NC,OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} \.\./\.\. [OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{REQUEST_URI} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{REQUEST_URI} onmouseover [NC]
RewriteRule ^ - [F]

Related

.htaccess exclude URI

Have working htaccess, which block specific countries and/or languages,
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^NL$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^BY$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^UA$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^RU$ [NC,OR]
RewriteCond %{HTTP:Accept-Language} (nl) [NC,OR]
RewriteCond %{HTTP:Accept-Language} (be) [NC,OR]
RewriteCond %{HTTP:Accept-Language} (uk) [NC,OR]
RewriteCond %{HTTP:Accept-Language} (ru) [NC]
RewriteRule ^(.*)$ cap.html [L]
but I need to give access to specific route eg api.html to any country/language.
I try to add exception
RewriteCond %{REQUEST_URI} !^/api\.html
but it does not work, I've tried hundreds of conditions but gave up for 6 hours, please advise what I'm doing wrong.
RewriteEngine On
# Exclude countries, forbidden by law
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^NL$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^BY$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^UA$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^RU$ [NC,OR]
RewriteCond %{HTTP:Accept-Language} (nl) [NC,OR]
RewriteCond %{HTTP:Accept-Language} (be) [NC,OR]
RewriteCond %{HTTP:Accept-Language} (uk) [NC,OR]
RewriteCond %{HTTP:Accept-Language} (ru) [NC]
RewriteCond %{REQUEST_URI} !^/api\.html
RewriteRule ^(.*)$ cap.html [L]
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [L]
RewriteRule ^.*$ index.php [L]

Try :
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^NL$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^BY$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^UA$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^RU$ [NC,OR]
RewriteCond %{HTTP:Accept-Language} (nl) [NC,OR]
RewriteCond %{HTTP:Accept-Language} (be) [NC,OR]
RewriteCond %{HTTP:Accept-Language} (uk) [NC,OR]
RewriteCond %{HTTP:Accept-Language} (ru) [NC]
#rewrite everything to "cap.html" except "api.html"
RewriteRule ^((?!api\.html).*)$ cap.html [L]

Your current code seems logical, but you can try by merging the conditions together, and moving the last condition to the top:
RewriteCond %{REQUEST_URI} !^/api\.html [NC]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(?:NL|BY|UA|RU)$ [NC,OR]
RewriteCond %{HTTP:Accept-Language} (?:nl|be|uk|ru) [NC]
RewriteRule ^ cap.html [L]

I solved problem in little bit different way
Just created api.php file and added rule to skip existing files
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(?:NL|BY|UA|RU)$ [NC,OR]
RewriteCond %{HTTP:Accept-Language} (?:nl|be|uk|ru) [NC]
RewriteRule ^ cap.html [L]
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [L]
RewriteRule ^.*$ index.php [L]

two types of redirections on .htaccess getting error

I want to do two things using .htaccess
redirect non www (http://domain.com) to www (http://www.domain.com)
I am also trying to redirect mobiles to go for a different URL
(http://www.domain.com/mobile) from (http://www.domain.com)
the code I am using:
RewriteCond %{HTTP_HOST} ^domain.com [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} "android|blackberry|googlebotmobile|iemobile|iphone|ipod|#opera mobile|palmos|webos" [NC]
RewriteCond %{HTTP_USER_AGENT} "acs|alav|alca|amoi|audi|aste|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT}"dang|doco|eric|hipt|inno|ipaq|java|jigs|kddi|keji|leno|lgc|lg-d|lg-g|lge-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|opwv" [NC,OR]
RewriteCond %{HTTP_USER_AGENT}"palm|pana|pant|pdxg|phil|play|pluc|port|prox|qtek|qwap|sage|sams|sany" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|w3cs|wap-|wapa|wapi" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "wapp|wapr|webc|winw|winw|xda|xda-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "up.browser|up.link|windowssce|iemobile|mini|mmp" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "symbian|midp|wap|phone|pocket|mobile|pda|psp" [NC]
RewriteRule ^$ http://www.domain.com/mobile [L,R=302]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /default.htm [L]
</IfModule>
can someone help me please?

RewriteCond HTTP_REFERER to allow own site as url parameters and block other url

I want to receive own site's url as $_GET parameter in few of my pages but don't want any other url to pass as $_GET parameter on any webpages. For this the .htaccess code with few other measures mentioned here.:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|concat|insert|union|declare).* [NC]
RewriteCond %{QUERY_STRING} !^loggedout=true
RewriteCond %{QUERY_STRING} !^action=rp
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$
RewriteCond %{HTTP_REFERER} !^http://mysite\.com(.*)$
RewriteRule ^(.*)$ - [F,L]
</IfModule>
Even after adding
RewriteCond %{HTTP_REFERER} !^http://mysite\.com(.*)$
at the 3rd line from end, if I try to pass any url of my website as GET parameter in any of my webpages like including http (ex: 'http://mysite\.com'), it returns 403 error.
Here is the way I am trying to access my site's url as GET parameter:
'http://mysite\.com/abc_page?url=http://mysite\.com/efg_page'
Please point me what I am doing wrong with the above code. The code was actually added by Word Press Better Security Plugin and I added RewriteCond %{HTTP_REFERER} !^http://mysite\.com(.*)$ to allow url of my own website.
'\' added before .com because stackoverflow does not allow to use mysite.com name to place inside body.

needed to remove image extension using htaccess

I need to change or redirect the "example.com/photos/logo.jpg" to "example.com/photos/logo" when user comes from google image search.
Therefore I've used:
RewriteCond %{REQUEST_URI} photos/.*\.(gif|jpg|jpeg|png)$ [NC]
RewriteCond %{HTTP_REFERER} ^http://www.google.[a-z]{2,4}(.[a-z]{2,4})?/url\?.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://www.bing.com/images/search?q=\?.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_USER_AGENT} !(.*bot.*|slurp) [NC]
RewriteRule ^gallery/(.*) /$1 [L,R=301]

Try:
RewriteCond %{HTTP_REFERER} ^http://www.google.[a-z]{2,4}(.[a-z]{2,4})?/url\?.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://www.bing.com/images/search?q=\?.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_USER_AGENT} !(.*bot.*|slurp) [NC]
RewriteRule ^photos/(.*)\.(jpe?g|png|gif)$ /photos/$1 [L,NC,R=301]

.htaccess file blocks Payment Notification from paypal

Here is an example of $_POST data from paypal's IPN:
cmd=_notify-validate
&test_ipn=1
&payment_type=instant
&payment_date=18%3A49%3A30+Nov+01%2C+2010+PDT
&payment_status=Completed
&address_status=unconfirmed
&payer_status=unverified
&first_name=John
&last_name=Smith
&payer_email=buyer
%40paypalsandbox.com
&payer_id=TESTBUYERID01
&address_name=John+Smith
&address_country=United+States
&address_country_code=US
&address_zip=95131
&address_state=CA
&address_city=San+Jose
&address_street=123%2C+any+street
&business=seller%40paypalsandbox.com
&receiver_email=seller%40paypalsandbox.com
&receiver_id=TESTSELLERID1
&residence_country=US
&item_name=something
&item_number=AK-1234
&quantity=1
&shipping=3.04
&tax=2.02
&mc_currency=USD
&mc_fee=0.44
&mc_gross=10
&mc_gross_1=10
&txn_type=web_accept
&txn_id=30112149
&notify_version=2.1
&custom=10points
&charset=windows-1252
&verify_sign=AFcWxV21C7Zyy8mw-cdzleMW.oxFXxXE
When I try to send this with my .htaccess file I get an 403 error.
.htaccess:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)(<|>|’|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{HTTP_COOKIE} ^.*(<|>|’|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|”>|”<|/|\\\.\.\\).{0,9999}.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|scan).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|’|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(;|<|>|’|”|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*\.[A-Za-z0-9].* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(<|>|’|%0A|%0D|%27|%3C|%3E|%00).* [NC]
RewriteRule .* - [F]
How do I change the .htaccess file to make it allow the $_POST data?

You can enable logging on the rewrite engine. (Just for debugging.) You will see the exact rule where is dies.

Possibly this line:
RewriteCond %{QUERY_STRING} ^.*\.[A-Za-z0-9].* [NC,OR]
I believe that is matching on any full stop following by an alpha-numeric character in the query string. Seems like that would fail requests like "shipping=3.04"

Found the sinner:
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]

Resources