Is this something too worry about?

For questions and problems with the CMS core. This board is NOT for any 3rd party modules, addons, PHP scripts or anything NOT distributed with the CMS made simple package itself.
Locked
Pierre M.

Re: Is this something too worry about?

Post by Pierre M. »

Hello again,

two ideas :

1°)Do you have this at the beginning of your .htaccess ?

Code: Select all

# have a custom forbidden error message
ErrorDocument 403 /403-forbidden.html
and the according /403-forbidden.html static file, of course ? Otherwise it will lead to a 404...

2°)Couldn't you simplify things by cutting off useless trailing slash things ?

May be better ideas another day ?-)

Pierre M.
Top
Signex

Re: Is this something too worry about?

Post by Signex »

Hi Pierre M,

I just made this topic http://forum.cmsmadesimple.org/index.ph ... 402.0.html

to discuss this problems, becuase more people will find that one when facing the same problem or want to know more about url filtering.

1) Tried the error document at the beginning, and of course put up a static file, no difference.

2) I dont really understand what you mean by removing the useless slashes? I`ve looked at your linked topic tried removing the [NC] like described in that topic made no difference.

I removed this part for the slashes and made no difference

Code: Select all

# 301 Redirect all requests that don't contain a dot or trailing slash to
# include a trailing slash
RewriteCond %{REQUEST_URI} !/$
RewriteCond %{REQUEST_URI} !\.
RewriteRule ^(.*) %{REQUEST_URI}/ [R=301,L]
Last edited by Signex on Tue Sep 25, 2007 4:37 pm, edited 1 time in total.
Top
Pierre M.

Re: Is this something too worry about?

Post by Pierre M. »

Then let's make lead things a little more seriously !-)
Try to set up a RewriteLog (see Apache's doc).
Dig in your http server logs (access and error).
See "response headers" of the devtoolbar plugin of firefox if you have it.
These are 3 ways to get information on the 404s.

BTW, I'm happy you don't disagree with me on the linked "trailing slash" topic ;)

Pierre M.
Top
Signex

Re: Is this something too worry about?

Post by Signex »

I`m checking headers right now but when i try to include a url like

/index.php?page=http://www.bla.com/


I just get "status: 404 Not Found" in response headers.
Top
Signex

Re: Is this something too worry about?

Post by Signex »

Finaly got it to work,

with:

Code: Select all

ErrorDocument 403 /forbidden403.html

Options +FollowSymLinks
RewriteEngine on
RewriteBase /

#IF the URI contains a "http:"
RewriteCond %{QUERY_STRING} http\: [OR]

#OR if the URI contains a "["
RewriteCond %{QUERY_STRING} \[ [OR]

#OR if the URI contains a "]"
RewriteCond %{QUERY_STRING} \] [OR]

#OR if the URI contains a "<__script__>"
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

#OR script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

#OR any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) 

RewriteRule ^.*$ - [F,L] 

# Rewrites urls in the form of /parent/child/
# but only rewrites if the requested URL is not a file or directory
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
Top
Locked

Return to “CMSMS Core”