skip at bigskypenguin
Jul 23, 2008, 7:33 PM
Post #2 of 4
(275 views)
Permalink
|
Hey Matt,
(I just sent you the message off list, but now
rereading this again, I'm starting to understand.)
I see that I'm affecting all the URLs, including
the ones the app is initiating and that's what's
breaking stuff.
But what if I want the rule to ONLY take affect
when the URL ends with a '/' char, as in the case of
http://varsitybeat.com/wi/madison/
That's the only time I need the rule to kick in,
when they give me a city and school name on the
URL, and this is also the only time a URL will end
with a '/'.
What would you change on this one?
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^/]+)/([^/]+)
/index.php?st=$1&sc=$2 [NC]
...which seems closest yet, to only make it apply
the URL to URL's ending in '/' ?
Thanks,
Skip
Matt wrote:
> if the "header file is read in by php" means that it is an include,
> that doesnt matter
> it is the form of the URL that the user_agent requests that matters
>
> so say the user_agent requests index.php, then that php file includes
> header.html
> and that the resulting HTML is something like
>
> <link type="text/css".... href="/styles/stuff.css" />
> <script type"=text/javascript" ... href="/scripts/stuff.js"></script>
>
> the user_agent will make a GET request to the server of
>
> http://2ndlevel.example.com/styles/stuff.css
> http://2ndlevel.example.com/scripts/stuff.css
>
> which will be picked up by your rewrite rule and will become
>
> http://2ndlevel.example.com/index.php?st=styles&sc=stuff.css
>
> so either your index.php must know how to send the appropriate
> content-type header (and other headers: caching, etag, etc...)
> or you must adjust the conditions under which the rewrite rule will
> fire to prevent such content from being handled by your script.
>
> Usually you only want to redirect non-existent-directories and
> non-existent-files to your index,php handler, so you can do this using
>
> Options +FollowSymlinks
> RewriteEngine on
> RewriteCond %{REQUEST_FILENAME} !-f
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteRule ^([^/]+)/([^/]+) /index.php?st=$1&sc=$2 [NC]
>
>
> or by adjusting your regular expression to be more specific, either to
> only include certain URLs, or to exclude certain URLs, the choice is
> yours, but at present your ([^/]+) is insufficent, as it only looks at
> structure of the URL, not whether the specific resource should be
> passed via the script, so for instance it would redirect
>
> http://2ndlevel.example.com/blah/'%20OR1=1
> to
> http://2ndlevel.example.com/index.php?st=blah&sc='%20OR1=1
>
> which might not be what you are expecting.
>
> I would certainlu concentrate on whitelisting in your URL rewriterule,
> being quite specific (more specific than just checking for
> nonexistence) and then be double sure your php file only handles
> legitimate types of request, because now you are shortcircuiting some
> of the hard won apache handling with your own code.
>
> you could for instance do
>
> Options +FollowSymlinks
> RewriteEngine on
> RewriteRule ^([^/]+)/\.(css|html?|js)$ /index.php?st=$1&sc=.$2 [NC]
>
> which still requires filtering but only acts on URLs that end with
> certain file extensions.
>
> Hope that helps.
>
>
--
Skip Evans
Big Sky Penguin, LLC
503 S Baldwin St, #1
Madison, WI 53703
608-250-2720
http://bigskypenguin.com
=-=-=-=-=-=-=-=-=-=
Check out PHPenguin, a lightweight and versatile
PHP/MySQL, AJAX & DHTML development framework.
http://phpenguin.bigskypenguin.com/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd
|
