Apache :: Rewrite Rule For OWASP XSS Conventions

Aug 13, 2014

I need to implement prevent XSS attacks by using apache rewrite following rewrite rules for all urls of the domain.

Converting < and > to < and >
Converting ( and ) to ( and )
Converting # and & to # and &

& --> &
< --> <
> --> >
" --> "
' --> '

View 2 Replies


ADVERTISEMENT

Apache Rewrite Rule - 404 Error

Apr 29, 2013

I need two rules in apache to work

RewriteRule ^([^/]*).html$ index.php?page=$1 [L]
RewriteRule ^([^/]*)/([^/]*).html$ index.php?pnumber=$1&page=$2 [L]

First one rule does work and /index.php?page=something redirect to /something.html

Second rule does not work /index.php?pnumber=1&page=something need to be /1/something.html

But when make this link i got 404 error the request url not found.

Where is error, an how i can make to second rule work too?

View 1 Replies View Related

Apache :: Rewrite Rule Does Redirect Rather Than Proxy

Oct 28, 2014

I just installed httpd-2.4.10-win32 and I can't make mod_rewrite to work :

What I'd want is a proxy to receive a print.xxxx.com/appl uri and forwards to appl.serveur.xxxx.com:8080/streammaster

I do

RewriteCond %{HTTP_HOST} print.xxxx.com
RewriteRule /appl/ http://appl.serveur.xxxx.com:8080/streammaster [P]

and I get a redirect : 192.168.250.50 - - [28/Oct/2014:14:55:19 +0100] "GET /appl/ HTTP/1.1" 302 - mod_proxy is loaded and works of course.

I've tried lot of variations (it works the same in a virtual host without rewritecond) to no avail.

View 4 Replies View Related

Apache :: URL Rewrite Rule Without Permanent Redirect

May 10, 2014

I am new to wordpress; I want a url rewrite rule for my htaccess. I want when a user visits www.domain.com/services/manu/ the url on the address bar should be www.domain.com/services/. I don't want a permanent redirect.

View 2 Replies View Related

Apache :: Writing Htaccess Rewrite Rule?

Feb 21, 2014

I'm trying to change url structure so instead of /default/category/product.html it would show /category/product.html

With this line I've managed to do it on my personal blog

RedirectMatch 301 /default/(.*) //$1

But when I've implemented it on a customers Magento site it started showing double slashes like this //category/product.html and the whole template just collapsed .

View 17 Replies View Related

Apache :: HTAccess Won't Process Rewrite Rule Despite Many Attempts

Apr 1, 2015

It should be a straight forward change. [URL] .... does not redirect to [URL]...... It simply tries to load /denver-cars/ and denver-cars is in the URL. Am I missing something here? I have tried moving it up and down the list of rules and have tried numerous types of flags to no avail. Everything else in the htacess works fine with out the line:

RewriteRule ^/(.*)-cars/ /newcars-in-$1/ [NC,R=301,L]

Here is my htaccess:

Options +FollowSymlinks
RewriteEngine on
RewriteBase /
# Force www
# Redirect google index dir's to new dir
RewriteRule ^/(.*)-cars/ /newcars-in-$1/ [NC,R=301,L]

[code]....

View 1 Replies View Related

Apache :: Mod Rewrite Rule To Prevent Access To Specific Page?

Jun 25, 2013

This is the mod_rewrite rule I'm trying to create. I am very new to Apache admin. Here's the issue:

I have 3 vhosts running on my HTTPD Apache 2.2.24 server: Server1, Server2, Server3. Each vhost is connected to a Weblogic application server. We are trying to prevent access to the Example.portal page on each application server.

So the URLs I'm trying to rewrite are:

- Server1.domain.com/PortalWeb/Example.portal
- Server2.domain.com/PortalWeb/Example.portal
- Server3.domain.com/PortalWeb/Example.portal

So, I would like to redirect the above URLs back to the 'root' of the website. ie: server1.domain.com. Here is my rewrite rule:

RewriteRule ^(.*)/Example.portal$ http://$1 [NC]

So, the rule is matching correctly to URLs that contain Example.portal, however the back reference from (.*) does not seem to map to $1.

View 6 Replies View Related

Apache :: HTAccess And Rewrite Rule - Show Existing Images

Mar 8, 2015

I'm using .htaccess to show existing images instead of images which does not exist.

RewriteBase /images/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)_(.*)1200x900.jpg$ esittely_$21200x900.jpg
RewriteRule liiga1200x10.jpg esittely1200x10.jpg
RewriteRule liiga670x10.jpg esittely670x10.jpg [L]

Everyting works fine if an image does not exist.

But if an image does exist, the second RewriteRule
RewriteRule liiga1200x10.jpg esittely1200x10.jpg
will be used.

Why is that so? How could I modify my code to prevent that? 

View 2 Replies View Related

Apache :: Mod Rewrite Rule To Disallow Direct Access To Files From Some Directory

Oct 26, 2014

in wordpress is wp-includes folder, i dont want anyone just execute file from this directory so it just serve wordpress not any malicious file be executed from there,

so i added this rule into /wp-includes/.htaccess:
RewriteRule ^(wp-includes)/.*$ ./ [NC,R=301,L]

View 2 Replies View Related

Apache :: Create Rewrite Match 301 Rule To Push Long URL To Shortened URL Permanently?

Jan 30, 2013

I am using the following mod_rewrite rule for shortened SEO friendly links: RewriteRule ^blog/([^/]*).html$ /blog/blog.php?pid=$1 [R=301,L]

For Google SEO reasons, will the shortened rewritten link created from above be the permanent link, from the R=301? Even though the longer link is still functional? Or, do I need to create a rewrite match 301 rule to push the long URL to the shortened URL permanently?

View 5 Replies View Related

Mod Rewrite Rule

Feb 14, 2007

I have few subdomains pointing to a directory (using dedicated ip an A record)

I need the following rewrite rules:

[url]--> [url]
[url]--> [url]
[url]--> [url]

How can I do this?

View 3 Replies View Related

Rewrite Rule

Aug 7, 2007

I have to write Rewrite rule at .htaccess file

[url]
goes to
[url]

View 3 Replies View Related

Rewrite Rule

Jul 9, 2007

How to rewrite a url for example. I purchased ssl for example.com and when i take [url], it gives ssl domain mismatch error.

ie i want to rewrite
[url]

View 1 Replies View Related

Convert .htaccess To Lighthttpd Rewrite Rule

Jun 5, 2007

How do I go about converting the follow .htaccess file

Code:
RewriteEngine On
RewriteBase /

RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} /blogs/(clientscript|images)/
RewriteRule ^(.*)$ $1 [L]

RewriteRule ^blogs/([-a-z0-9] )/([-a-z0-9] )-([0-9] )/comment-([0-9] ).html blogs/viewblog.php?username=$1&entrytitle=$2&entry=$3&c=$4 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/([-a-z0-9] )-([0-9] )/feed/ blogs/syndication.php?entry=$3 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/([-a-z0-9] )-([0-9] )/ blogs/viewblog.php?username=$1&entrytitle=$2&entry=$3 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/category/([-a-z0-9] ).html blogs/viewblog.php?username=$1&categorydata=$2 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/([0-9]{4})/([0-9]{1,2})/ blogs/viewblog.php?username=$1&month=$3&year=$2 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/([0-9]{4})/([0-9]{1,2})/([0-9]{1,2}).html blogs/viewblog.php?username=$1&month=$3&year=$2&day=$4 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/archive.html blogs/viewblog.php?username=$1&displaymode=archive [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/feed/ blogs/syndication.php?username=$1 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/ blogs/viewblog.php?username=$1 [QSA,L]
to work with lighthttpds rules?

View 2 Replies View Related

Apache Rewrite ==> Lighttpd Rewrite

Jul 24, 2008

I dowload a scripts with a .htaccess file

Code:
DirectoryIndex index.php
RewriteEngine On
RewriteRule ^link/([0-9]+)[/]*$ /redirect.php?id=$1
RewriteRule ^link/([a-zA-Z0-9]+)[/]*$ /redirect.php?tag=$1

I want to convert it to lighttpd rewrite rules, urgent, also I can't contact with the scripts author,

View 0 Replies View Related

Apache :: HTAccess Needs For Rule To Redirect

Feb 21, 2013

I have page like that : [URL] ....

I want to permanent redirect it to : [URL] ....

Also needs to redirect all another page have words ( rates ) to index.

View 9 Replies View Related

Rule To Limit Apache (port 80) Connections From 1 IP To 15

Apr 12, 2007

any good rule to limit Apache (port 80) connections from 1 IP to 15 with iptables/csf?

And total connections to the box to 100?

View 6 Replies View Related

Apache :: Creating Rule For Directory Recursion?

Aug 29, 2013

I have a number of WordPress, Drupal, Wiki sites running under RHEL6.

Apache version:httpd -v
Server version: Apache/2.2.15 (Unix)
Server built: Aug 2 2013 08:02:18

We are subject to internal scans by Appscan and Tenable. It is a security requirement so I cannot just block them.

The scanners, of course, attempt to recurse the directory structure and find vulnerable files such as boot.ini, winnt.com and such.

This drives the php content management systems nuts.
Request comes in and is handled by php.
PHP checks the cache for that name and does not find it.
PHP generates a MySQL query and sends it.
MySQL tries and fails to satisfy the query.
MySQL returns result to php.
PHP Writes a cached of the result and presents it to the web.

In other words, a whole lot of processor/memory.

The security scans typically look like......

[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET /../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET //../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:32:26 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ....................windowswin.ini HTTP/1.1
[Thu Aug 29 00:32:26 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ....................winntwin.ini HTTP/1.1

I have been able to improve performance, speed and security by mod_rewrite

RewriteRule .*.(dll|ini|exe|com)$ - [R=404,NC]

Now (Finally) the question.

I have not been able to create a rule for the directory recursion.

I want to R=404 any that has a "../.." or "...." or ...." but I can not get it to recognize the string correctly.

I believe that this would improve speed and security.

View 2 Replies View Related

Apache :: Crafting HTAccess Rule That Looks URL Of Visiting Page

Sep 28, 2013

I am new to apache, and really terrible with regular expressions.

How to craft an htaccess rule that looks a the URL of the page you are visiting, and redirects HTTPS to the same URL in HTTP if the URL contains a certain text string (in the case the word "products")...

View 1 Replies View Related

Apache :: How Can URL Rewrite

Apr 25, 2013

how can i url rewrite, i tried to myself but failed miserably!.host.com/movie.php?id=123, 123 being any number!to: host.com/movie/123

View 3 Replies View Related

Apache Mod-Rewrite Unavailable

Jul 25, 2008

I have all my specify modules are loaded in pache like mod_rewrite in other face I have a script need require mod_rewrite in install steps but I have in testing : Apache Mod-Rewrite Unavailable

but when I run httpd -l I get this list

PHP Code:

[root@server†~]#†httpd†-lCompiled†in†modules:††core.c††prefork.c††http_core.c††mod_so.c[root@server†~]#†

View 4 Replies View Related

Apache Rewrite Rules

Jan 12, 2007

With this whole no-www thing going on. I've decided to have a look at whether I can do this for my domains.

Instead of writing a

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.domain.com$ [NC]
RewriteRule ^(.*)$ h77p://domain.com/$1 [R=301,L]

for every single domain I'd like to do this for across all domains as standard. I'm not too hot on rewrite rules and have in the past avoided them cos of the complexities. But I'd like to get this done, and no silently do it, but reflect the URL difference in the webbrowsers address bar too.

View 10 Replies View Related

Apache :: Unable To Rewrite URL

Sep 24, 2013

I'm trying to rewrite the following URL, and the rewrite seems to work, but doesn't forward to the rewritten page.

From: domain.com/index.php?random

To: domain.com/random

RewriteRule ^random$ /index.php?random [L]

View 2 Replies View Related

Apache :: HTAccess - How To Do URL Rewrite

Oct 23, 2014

I have been trying to figure out how to do a url rewrite but no luck so far.

How can I have this [URL] ....

as the default [URL] ....

View 2 Replies View Related

Apache :: Getting URL Rewrite To Work

May 25, 2015

On my website at www.jamescobban.net I have a directory which contains an ancient copy of my old static implementation of the site. It is there just in case someone has saved a old URL. However the data in that directory is several years out of date, so I would like to redirect the old static URLs to the equivalent dynamic URLs. For example: URLs.....

I wasn't warned that the <Directory> in the Apache conf file has to specify AllowOverride All whereas the default that is created when I install Ubuntu is AllowOverride None.I wasn't warned that I have to enable the mod_rewrite using a2enmod or else the rewrite commands are rejected.I am testing this on my private copy of the web-site where I can fiddle with options like that in the config file, but when I migrate this to my public server I do not have that privilege, so I want to try setting up the URL rewriting in .htaccess.

View 4 Replies View Related

Apache :: Rewrite For Any Directory

Oct 15, 2014

I would like to write a rewrite rule that does the following:

RewriteEngine On

Redirect 301 URL...

So what I want is that the first url is rewritten to go to the second ..I have a whole bunch of links that I have to redirect, so I would like to place them all into one .htaccess file or into the default configuration file of apache. So what I do not want is to create SomeFolder1 and someOtherFolder2 and to place a .htaccess file into that place in order to make it work. In fact I want to ignore the folders of the old link and only use the pagename.

View 1 Replies View Related

Apache :: 2.4.4 - Delay / Pause In Mod Rewrite

Mar 13, 2013

I'm running Apache 2.4.4 Win32 on a Windows 2008 server. When trying to optimize a website I noticed a random reoccurring 2550ms delay in Time To First Byte. A file could have a TTFB of 200ms several times but suddenly it would get 2750ms. This could be a static file (image, html, js) or php. I've measured using ApacheBench (locally and remotely), webpagetest.org and bytecheck.com. After much trial and error I found the problem was with mod_rewrite. Disabling this and everything is fine.

I have setup a blank/new install with only basic config change (Listen, ServerRoot etc) to replicate result without anything else interfering. Following is the rewrite section I add to config.

Code:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule (^/Pictures.*) /$1 [L]
</IfModule>

After Apache has started I execute "ab http://my.example.com/Pictures/Thumbnails/tmb_400X400_FFFFFF_660.jpg" and always get the delay. If I execute again it's normal. If I wait at least 30 seconds I get the delay. Following is a section from error.log with trace8 logging.

Code:
[Tue Mar 12 23:28:56.123519 2013] [rewrite:trace3] [pid 7624:tid 888] mod_rewrite.c(468): [client 69.x.y.90:36279] 69.x.y.90 - - [my.example.com/sid#42c748][rid#26df0d0/initial] applying pattern '(^/Pictures.*)' to uri '/Pictures/Thumbnails/tmb_400X400_FFFFFF_660.jpg'

[Code] ....

As you see from line 3 to line 4 the time skips 2550ms. When the TTFB is normal then the log is identical except time doesn't change from line 3 to line 4. If I delete the rewrite section in config then TTFB is always normal, no matter what.

When I testet on the live server the time for fully loaded increase from 3800-4000ms to 8500-10500ms when mod_rewrite is enabled. And that is about 30 requests (php+css+js+images). So the impact is significant.

What can this be? I'm having a hard time believing it's a bug. Isn't mod_rewrite used a lot? I'm running Ubuntu (linux) at home, I'm going to install Apache there and see if I get the same result.

View 12 Replies View Related

Apache :: Rewrite Wrong Request

Nov 13, 2013

In my web site I have several index pages in different languages in the following format

[URL] ....

Two days ago I noticed increased, many times. Google bot activity on my site and when I checked my log file I found that all pages crawled were wrong web addresses: to the above index were added existing files from my site like

/folder1/folder2/file.html

So, the strings looked like

[URL] ....

And surprisingly all they returned code "200".

My question is: is there any way to rewrite such requests to the first ".html" found in the string.

View 2 Replies View Related

Apache :: Mod Rewrite - How To Differentiate Sessions

Nov 5, 2014

I am trying to capture 3-4 digits when sent as part of a URL, for them to be proxied to another URL. I have no control over how the source sends this data, I am supposed to redirect it. Which works.

#RewriteCond %{HTTP:whoisd-ussd-message} ([d]{2,4})
#RewriteRule ^/original/individual.do(.*)$ https://other.server.com/somewhere/011$1 [P]

The problem is this works for all URLs that have digits to this server. I am expecting to trap URLs that send digits as part of the first call to the server, but this also affects URL calls that are part of other server call transactions, once digits appear, it gets redirected. What can I do to stop this interference?

View 1 Replies View Related

Apache :: Unable To Use URL Rewrite On Server?

Aug 15, 2014

after I install my apache 2.4 on my notebook, I install it using PHP and it's successful, but when I use .htaccess

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved