CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

Is this something too worry about?

https://forum.cmsmadesimple.org/viewtopic.php?t=15245

Page 2 of 2

Re: Is this something too worry about?

Posted: Tue Sep 25, 2007 4:14 pm
by Pierre M.
Hello again,

two ideas :

1°)Do you have this at the beginning of your .htaccess ?

Code: Select all

# have a custom forbidden error message
ErrorDocument 403 /403-forbidden.html
and the according /403-forbidden.html static file, of course ? Otherwise it will lead to a 404...

2°)Couldn't you simplify things by cutting off useless trailing slash things ?

May be better ideas another day ?-)

Pierre M.

Re: Is this something too worry about?

Posted: Tue Sep 25, 2007 4:29 pm
by Signex
Hi Pierre M,

I just made this topic http://forum.cmsmadesimple.org/index.ph ... 402.0.html

to discuss this problems, becuase more people will find that one when facing the same problem or want to know more about url filtering.

1) Tried the error document at the beginning, and of course put up a static file, no difference.

2) I dont really understand what you mean by removing the useless slashes? I`ve looked at your linked topic tried removing the [NC] like described in that topic made no difference.

I removed this part for the slashes and made no difference

Code: Select all

# 301 Redirect all requests that don't contain a dot or trailing slash to
# include a trailing slash
RewriteCond %{REQUEST_URI} !/$
RewriteCond %{REQUEST_URI} !\.
RewriteRule ^(.*) %{REQUEST_URI}/ [R=301,L]

Re: Is this something too worry about?

Posted: Tue Sep 25, 2007 4:42 pm
by Pierre M.
Then let's make lead things a little more seriously !-)
Try to set up a RewriteLog (see Apache's doc).
Dig in your http server logs (access and error).
See "response headers" of the devtoolbar plugin of firefox if you have it.
These are 3 ways to get information on the 404s.

BTW, I'm happy you don't disagree with me on the linked "trailing slash" topic ;)

Pierre M.

Re: Is this something too worry about?

Posted: Tue Sep 25, 2007 4:59 pm
by Signex
I`m checking headers right now but when i try to include a url like

/index.php?page=http://www.bla.com/


I just get "status: 404 Not Found" in response headers.

Re: Is this something too worry about?

Posted: Tue Sep 25, 2007 5:17 pm
by Signex
Finaly got it to work,

with:

Code: Select all

ErrorDocument 403 /forbidden403.html

Options +FollowSymLinks
RewriteEngine on
RewriteBase /

#IF the URI contains a "http:"
RewriteCond %{QUERY_STRING} http\: [OR]

#OR if the URI contains a "["
RewriteCond %{QUERY_STRING} \[ [OR]

#OR if the URI contains a "]"
RewriteCond %{QUERY_STRING} \] [OR]

#OR if the URI contains a "<__script__>"
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

#OR script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

#OR any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) 

RewriteRule ^.*$ - [F,L] 

# Rewrites urls in the form of /parent/child/
# but only rewrites if the requested URL is not a file or directory
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
All times are UTC
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited