.htaccess protect urls with query string combinations - .htaccess

I need to protect a "single logical" url in a Joomla CMS with htaccess. I found here .htaccess code to protect a single URL?
this solution, which works great for a specific url:
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/index\.php$
RewriteCond %{QUERY_STRING} ^option=com_content&task=view&id=76$
RewriteRule ^(.*)$ /secure.htm
However, how can I make sure that the url parts can't be swapped around or amended, therefore circumventing the secure access. For example I don't want to allow access to
option=com_content&task=view&id=76&dummy=1
option=com_content&id=76&task=view
either.
I have tried this, which doesn't seem to work:
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/index\.php$
RewriteCond %{QUERY_STRING} option=com_content
RewriteCond %{QUERY_STRING} task=view
RewriteCond %{QUERY_STRING} id=76
RewriteRule ^(.*)$ /secure.htm

Your rules work fine for me when I go to any of these URLs:
http://localhost/index.php?blah=blah&option=com_content&task=view&id=76
http://localhost/index.php?option=com_content&task=view&id=76&dummy=1
http://localhost/index.php?option=com_content&id=76&task=view
I get served the content at /secure.htm
However, you could add sound boundaries to your query string rules:
RewriteCond %{QUERY_STRING} (^|&)option=com_content(&|$)
RewriteCond %{QUERY_STRING} (^|&)task=view(&|$)
RewriteCond %{QUERY_STRING} (^|&)id=76(&|$)
So that you don't end up matching something like id=761

Related

Redirect a single dynamic URL with Apache .htaccess to temporary page

Here is what I need to redirect to a temporary HTML page:
http://www.domain1.com/?Itemid=230
should get redirected to:
http://www.domain2.com/temoporary-solution.html
Here is what I came up with, just not sure if it will cause any issues between the rest of the .htaccess rules (this is the first rule):
RewriteCond %{HTTP_HOST} ^www\.domain1\.com$ [NC]
RewriteCond %{QUERY_STRING} ^Itemid=230$ [NC]
RewriteRule ^$ http://domain2.com/temoporary-solution.html [R=302,NE,NC,L]
Your rule should work fine. Just append ? at the end of target URI to strip off existing query string:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?domain1\.com$ [NC]
RewriteCond %{QUERY_STRING} ^Itemid=230$ [NC]
RewriteRule ^$ http://domain2.com/temoporary-solution.html? [R=302,L]
Those rules are fine. The conditions are pretty strict so as long as it's the first rule, it won't break anything else.

Block search spiders for specific directory with parameters

I'm trying to write .htaccess rewrite for page with categories and search filters.
I want to disallow the special places with .htaccess . I have already specified places in robots.txt, but spiders still crawling the places.
Places i want to allow to crawl:
www.domain.com/path1.html
www.domain.com/path1/path2.html
www.domain.com/path1/path2/path3.html
www.domain.com/path1/path2/path3.html
www.domain.com/path4/path5.html
Places i want to disallow to crawl:
www.domain.com/path1.html?search[param1]=value&...
www.domain.com/path1/path2.html?search=param2&...
www.domain.com/path1/path2/path3.html?searchHash=param3
As i understand .htaccess code for search param will look, something like this, but it's not correct and I'm stack..
RewriteCond %{HTTP_USER_AGENT} (googlebot|bingbot|yandex) [NC]
RewriteRule ^(.*).html\?search=.*$ http://www.domain.com/$1 [R=301,L]
No you cannot match QUERY_STRING in RewriteRule. You need to use RewriteCond %{QUERY_STRING} like this:
RewriteCond %{QUERY_STRING} ^search=.+ [NC]
RewriteCond %{HTTP_USER_AGENT} (googlebot|bingbot|yandex) [NC]
RewriteRule ^(.+?\.html)$ http://www.domain.com/$1 [R=301,L,NC]

.htaccess remove specific get parameter from url

Hello I have been searching the web for an answer to this but I can not find it. I am looking to use htaccess to strip a specific parameter from the url.
For example, I have the following urls:
www.mysite.com/product.php?product_id=123&session=sdfs98d7fs9f8d7
www.mysite.com/anotherurl.php?session=12312341341&someotherparam=123
I would need them to 301 redirect to:
www.mysite.com/product.php?product_id=123
www.mysite.com/anotherurl.php?someotherparam=123
Note the urls above are just examples. Ill need the session param removed from any and all urls no matter how many params are part of the url or where session is located.
I think I need a way to the url string up to session=blah and the url string after session=blah, then combine both parts and redirect to the new url.
Any help is greatly appreciated, thanks.
UPDATED
In short, what you want is just to remove the key-value pair session=xx from the query.
Here is an option:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{QUERY_STRING} (.*)?&?session=[^&]+&?(.*)? [NC]
RewriteCond %{REQUEST_URI} /(.*)
RewriteRule .* %3?%1%2? [R=301,L]
I found a solution on another site
# case: leading and trailing parameters
RewriteCond %{QUERY_STRING} ^(.+)&session=[0-9a-z]+&(.+)$ [NC]
RewriteRule (.*) /$1?%1&%2 [R=301,L]
# case: leading-only, trailing-only or no additional parameters
RewriteCond %{QUERY_STRING} ^(.+)&session=[0-9a-z]+$|^osCsid=[0-9a-z]+&?(.*)$ [NC]
RewriteRule (.*) /$1?%1 [R=301,L]
not tested, but should work:
RewriteCond %{QUERY_STRING} product_id=([0-9]+)
RewriteRule .* product.php?product_id=%1

.htaccess, Rewriterule not working as i want

I have this link: http://www.domain.com.mk/lajmi.php?id=2790,
and i want to change it to http://www.domain.com.mk/lajmi/2790
With this code I can change the link to /lajmi/2790 but i get 404 error.
I mean i get the link
http://www.domain.com.mk/lajmi/2790, but it has 404 error (i dont se the content)
This is my code:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain\.com\.mk$ [OR]
RewriteCond %{HTTP_HOST} ^www\.domain\.com\.mk$
RewriteCond %{QUERY_STRING} ^id=([0-9]*)$
RewriteRule ^lajmi\.php$ http://domain.com.mk/lajmi/%1? [R=302,L]
What I am doing wrong ?
Try this one :
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www\.)?domain\.com\.mk$
RewriteCond %{QUERY_STRING} ^id=(\d*)$
RewriteRule ^lajmi\.php$ http://domain.com.mk/lajmi/%1? [R=302,L]
RewriteRule ^lajmi/(\d*)$ lajmi.php?id=$1&r=0 [L]
(the &r=0 in the final rule is for not getting an infinite loop)
Single direction rewrite:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^(www\.)?domain\.com\.mk$
RewriteRule ^lajmi/(\d*)$ lajmi.php?id=$1 [L,QSA]
This means that every uri of kind /lajmi/2790 will be passed to /lajmi.php?id=2790 in a sub-request.
However, in this case, if the user hits /lajmi.php?id=2790 by himself, then this is the url he will see in the browser, not the "beautified one".
Bi-directional rewrite:
RewriteEngine On
RewriteBase /
; Redirect lajmi.php?id=2790 to a beutified version, but only if not in sub-request!
RewriteCond %{HTTP_HOST} ^(www\.)?domain\.com\.mk$
RewriteCond %{IS_SUBREQ} !=true
RewriteCond %{QUERY_STRING} ^id=(\d*)$
RewriteRule ^lajmi\.php$ lajmi/%1 [R=301,L]
; Make the beutified uri be actually served by lajmi.php
RewriteCond %{HTTP_HOST} ^(www\.)?domain\.com\.mk$
RewriteRule ^lajmi/(\d*)$ lajmi.php?id=$1 [L]
Here, an additional RewriteCond was added to the first rule checking that this is not a sub-request, to ensure that the rules do not loop.
You can pick which way you like, but the first approach is enough if you build the links in your HTML in the 'beautified' way already (no need to redirect the browser twice just to see the page).

Htaccess Rewrite Cond or redirectmatch to remove query string from front of URL

I remember that redirectmatch can't handle question marks but how can I match this url:
http://www.mysite.com/es/?lang=es&url=index.php&option=com_virtuemart&page=shop.browse&category_id=42&product_type_id=1&product_type_1etcetcetc`
to remove the lang=es&url= from before the index.php when there is a folder name present?
My problem would be solved if I could either remove the /es/ folder from the URL when presented with the ?lang=es&url= query string or I could remove the query string ?lang=es&url= from the URL when the folder is /es/
There are about 11 languages, with country codes fr, de, etc and one odd one out zh-CN. This is just past my capabilites at the moment. Thanks for taking the time to read this and any help would be greatly appreciated.
EDIT: mainly working now. I'm just having a small problem with the zh-CN language as it seems to be acting differently from the other en, fr, de etc, languages which are doing what I want, staying in English even when double clicking on another language. However, the zh-CN language redirects to the homepage with http://www.seed-city.com/?lang=zh-CN&url=index.php&zh-CN
I currently have this in my htaccess file:
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/../
RewriteCond %{QUERY_STRING} lang=..&url=index.php&(.*)
RewriteRule ^(.*)$ /$1index.php?%1 [R=301,L]
RewriteCond %{REQUEST_URI} ^/(zh-CN|zh-TW)/ [NC]
RewriteCond %{QUERY_STRING} lang=([a-z]{2}|zh-CN|zh-TW)&url=index.php&(.*) [NC]
RewriteRule ^(.*)$ /$1index.php?%1 [R=301,L]
I have much more after but this is the relevant part. Thanks for your time. Natastna2.
If I understood your requirement properly this will work in your .htaccess file:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/es/
RewriteCond %{QUERY_STRING} lang=es&url=index.php&(.*)
RewriteRule ^(.*)$ /$1index.php?%1 [R=301,L]
Using above role a URL like this: http://www.mysite.com/es/?lang=es&url=index.php&option=com_virtuemart&page=shop.browse&category_id=42&product_type_id=1&product_type_1etc
will be redirected to:
http://www.mysite.com/es/index.php?option=com_virtuemart&page=shop.browse&category_id=42&product_type_id=1&product_type_1etc
EDIT
As per your edited section here are the rewrite rules that should work for now:
RewriteCond %{REQUEST_URI} ^/../
RewriteCond %{QUERY_STRING} lang=..&url=index.php&(.*)
RewriteRule ^(.*)$ /$1index.php?%1 [R=301,L]
RewriteCond %{REQUEST_URI} ^/(zh-CN|zh-TW)/
RewriteCond %{QUERY_STRING} lang=(zh-CN|zh-TW)&url=index.php&(.*)
RewriteRule ^(.*)$ /$1index.php?%2 [R=301,L]

Resources