Rewrite rule & escaping (encoded) forward slashes within URL - .htaccess

I have developed this RewriteRule which has been working great, up until I discovered an issue.
This is the rule here:
RewriteCond %{REQUEST_URI} ^/([^/]+)/([^/]+)/([^/]+)/(.*)$
RewriteCond %{DOCUMENT_ROOT}/%1/%2/%4.php -f
RewriteRule ^ /%1/%2/%4.php?id=%3 [QSA,L]
The URL format is like so: /home/service/ID/scriptname
note that ID is dynamic and the RewriteRule does not take not of it when checking for the files existence.
But in this one scenario I found out, one of the IDs I'm using contains a '%2F' - which when decoded is translated to a forward slash (/) - And for some reason, the Rewrite rule when breaks because it thinks there's another directory.
My question is, why is %2F being decoded within the RewriteRule, and how can I engineer a solution? - Preferably other than a quick hack or changing the ID.

I think you need to add the B flag in the rewrite rule, like this:
RewriteRule ^ /%1/%2/%4.php?id=%3 [QSA,L,B]
Check this link for more information.

Related

my .htaccess rewriteRule is failing

I'm having trouble understanding why this rewrite isn't doing what its told.
NOTE: the first rewrite in my .htaccess file works properly so its not a problem with using mod_rewrite on local host.
i have URIs which i know will be in the format:
http://localhost/managerhub/my-manager.php?i=1&t=dashboard
when site goes live:
http://themanagerhub.com/my-manager.php?i=1&t=dashboard
my .htaccess file reads thus:
RewriteEngine On
RewriteRule ^([a-z\-]+)$ $1.php [L]
RewriteRule ^my-manager-([0-9]+)-([a-z]+) my-manager.php?i=$1&t=$2 [PT]
To achieve clean URls like:
http://localhost/managerhub/my-manager-1-dashboard
Ideally i dont really want the first capture group ([0-9]+) since i dont really want the 'i' value in the resultant
clean url - so ideally id like:
http://localhost/managerhub/my-manager-dashboard
However ive not even got the rewrite to work so far at all having tried:
leading forward-slash on the target (though i dont think it was necessary)
tried changing the '&' ampersand in the target to use &
removing the [PT] passthru flag replaced with and without [L] flag
tried most 'least' restrictive character classes in the pattern i.e. (.*) instead of ([0-9]+)
commented 'out' the first RewriteRule which works flawlessly BTW - so using the troublesome rule in isolation
Non of these have worked - the second rewrite rule has no effect on the target urls so i cant even see were the discrepancy is. I'm still new to mod_rewrite so sort of rely on an informative fail so i can work out were my reg-ex is wrong but i suspect its just being ignored since im getting 'zilch' back!!
Any help appreciated - maybe with a pointer to my folly.
thanks
Your htaccess file, I'm assuming, is in the "managerhub" directory. That's where those rules need to be. You may need to add a base as well:
RewriteEngine On
RewriteBase /managerhub/
RewriteRule ^([a-z\-]+)$ $1.php [L]
RewriteRule ^my-manager-([0-9]+)-([a-z]+)$ my-manager.php?i=$1&t=$2 [L,PT]
which you'd need to change when they get to the live site. You can remove the first capture group via:
RewriteRule ^my-manager-([a-z]+)$ my-manager.php?t=$1 [L,PT]
The L flag isn't exactly 100% needed.

Targeting single directory for rewrite rule

I have edited this question to use the actual URLs. I need the url
http://westernmininghistory.com/mine_db/main.php?page=mine_detail&dep_id=10257227
To be rewritten like
http://westernmininghistory.com/mine_detail/10257227/
I have tried
RewriteRule ^([^/]*)/([^/]*)/$ /mine_db/main.php?page=$1&dep_id=$2 [L]
Which works on this page but breaks every other page on the site. I was wondering if there was a way to force the rewriterule to only operate on files within the mine_db directory. I had tried RewriteCond but with no success:
#RewriteCond %{REQUEST_URI} ^/mine_db
I really don't know they proper syntax for this though. Any ideas?
First of your rule can be shortened and written without needing RewriteCond. Also it appears that you want to capture 2 variables after test_db.
You can try this rule instead:
RewriteRule ^(mine_detail)/([0-9]+)/?$ /mine_db/main.php?page=$1&dep_id=$2 [QSA,L,NC]
Which will work with URIs like /mine_detail/12345 (trailing slash is optional). Also note that above rewrite will happen silently (internally) without changing the URLi in browser. If you want to change URL in browser then use R flag as well like this:
RewriteRule ^(mine_detail)/([0-9]+)/?$ /mine_db/main.php?page=$1&dep_id=$2 [QSA,L,NC,R]

mod rewrite exclude all but php

Is it possible to edit htacces in such a way that only the following url is rewritten and the rest isn't?
http://www.example.com/index.php?x=foobar
to
http://www.example.com/foobar/
I want the pages not having x=... as a variable to behave normally
I got the following but that doesn't work
Options +FollowSymLinks
RewriteEngine on
RewriteRule (.*)/ index.php?x=$1
RewriteCond $1 !\.(js|ico|gif|jpg|png|css|html|swf|mp3|wav|txt)$
Who can help me?
First off, the RewriteCond must be put before the RewriteRule to which it belongs.
But I think that you need another approach for your case, something like this:
RewriteRule (.*)\.php - [PT,L]
RewriteRule ^(.*)/$ index.php?x=$1
The first rule Passes Through (PT) every PHP page, so the second rule is only applied to all non-PHP requests.
That second rule only applies to a "simple path", no matter if this path has a dot in it or not (e.g. hello.gif/ will match, too).
If this does not work for you, then you might consider one of these points to start further research:
the pattern ([^\.]*) matches everything that does not have a dot in it
see RewriteCond to skip rule if file or directory exists for RewriteConds where the following RewriteRule is only used if the request does not point to an existing file or directory
Hope this helps.

mod_rewrite rules not working as expected

I am using the following code
RewriteEngine on
RewriteRule ^/(certain|folders|on|server) - [NC,L]
RewriteRule (.*) http://newserver/blog$1 [L,NS]
I would expect it to ignore my list of folders, and redirect to everything else. Instead, it seems to always be redirecting to "newserver". Changing the "-" to a URL in the first statement does work, but I don't actually want those folders directed anywhere.
Why does my statement not work as expected?
Also, I have noticed that for all the folders not listed, I have "newserver/", while the ones I listed are just "newserver" (no uri)
You need to remove the leading slash in your rule. Rewrite rules in an htaccess file are given a URI to match against with the leading slash stripped off. Change your first rule by adding a ? after the slash:
RewriteRule ^/?(certain|folders|on|server) - [NC,L]
Or you can change it into a condition:
RewriteCond %{REQUEST_URI} !^/(certain|folders|on|server)
that will be applied to the rule that follows it.
Turns out my rules do work as expected. I was previously trying using these rules in apache.conf. Moving it to the sites "VirtualDirectory" tag seemed to do the trick

mod_rewrite doesn't actually... re-write the URL

Basically, I've been trying to make some friendly URL's via .htaccess using mod_rewrite - and I've managed to get it to work... but only with basic stuff like:
RewriteEngine On
RewriteBase /
RewriteRule ^profile.php http://www.google.co.uk [L]
So mod_rewrite works, and I can re-direct to other sites, other files/directories in my server, etc. - but it seems to not work when I use this:
RewriteEngine On
RewriteBase /
RewriteRule ^profile.php?user=$1 ^profile/user/([^/]*)/$ [L]
Any help on this would be great, as I pretty much suck at mod_rewrite, but it's something I need to learn.
Cheers!
Change your [L] to [R,L] to force an actual HTTP redirect. Otherwise it just does the rewriting internally (when possible), which only affects the mapping from the URI to the filesystem. (See the description of the [R] flag at http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriteflags.)
Wrong.
## rewriting from to
RewriteRule ^profile.php?user=$1 ^profile/user/([^/]*)/$ [L]
Should be
## rewriting from to
RewriteRule ^profile/user/([^/]+)$ profile.php?user=$1 [L]
Your configuration currently is this:
RewriteEngine On
RewriteBase /
RewriteRule ^profile.php?user=$1 ^profile/user/([^/]*)/$ [L]
In the RewriteRule you swapped the from and to parameters.
Assuming that on your server there is a directory structure like this:
/var/www/htdocs/profile/user/albert
/var/www/htdocs/profile/user/bob
Then you can use the following rule:
RewriteCond ${QUERY_STRING} ^user=(\w+)$
RewriteRule ^profile\.php$ profile/user/%1 [L]
There are some points that you got wrong here:
The request to "/profile.php?user=bob" first gets split into the Request URI and the Query String. Only the Request URI will be used by mod_rewrite. Therefore you have to handle the query string separately.
I restricted the user name to only [A-Za-z0-9_]. If I had allowed all characters, an attacker could easily call /profile.php?user=../../config.php, which would be rewritten to profile/user/../../config.php, and you probably don't want to share that file with the world.
The arguments to the RewriteRule directive are completely different regarding their syntax.
The first argument (the from part) is a regular expression, which usually starts with a caret ^ and ends with a dollar $.
The second argument (the to part) is the replacement, which is almost only a simple string, with only some special features. This string usually doesn't start with a caret, but looks rather like a pathname.

Resources