You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wiki-changes@httpd.apache.org by Apache Wiki <wi...@apache.org> on 2007/05/30 16:41:02 UTC

[Httpd Wiki] Update of "Recipes/QueryString" by VinkoVrsalovic

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The following page has been changed by VinkoVrsalovic:
http://wiki.apache.org/httpd/Recipes/QueryString

The comment on the change is:
Consistency var=val plus I really think showing [^/]+ is important. 

------------------------------------------------------------------------------
  
  === Access control by Query String ===
  
- Deny access to {{{http://example.com/page?query}}} if {{{query}}} contains the string {{{foo}}}.
+ Deny access to {{{http://example.com/page?var=val}}} if {{{var=val}}} contains the string {{{foo}}}.
  
  {{{
  # using mod_rewrite
@@ -30, +30 @@

  
  === Adding to the Query String ===
  
- Keep the existing query string using the Query String Append flag, but add {{{var=value}}} to the end.
+ Keep the existing query string using the Query String Append flag, but add {{{var=val}}} to the end.
  
  {{{
- RewriteRule (.*) $1?var=value [QSA]
+ RewriteRule (.*) $1?var=val [QSA]
  }}}
  
  === Rewriting For Certain Query Strings ===
  
- Rewrite URLs like {{{http://example.com/page1?stuff}}} to {{{http://example.com/page2?stuff}}} (but don't rewrite if {{{stuff}}} isn't present).
+ Rewrite URLs like {{{http://example.com/page1?var=val}}} to {{{http://example.com/page2?var=val}}} but don't rewrite if {{{val}}} isn't present.
  
  {{{
- RewriteCond %{QUERY_STRING} ^stuff$
+ RewriteCond %{QUERY_STRING} ^val$
  Rewrite ^/page1 /page2
  }}}
  
+ Note that you don't need to use the Query String Append flag if you won't modify the query string in the {{{RewriteRule}}}; it is left as-is in the URL by default.
+ 
  === Modifying the Query String ===
  
- Change any single instance of {{{foo}}} in the query string to {{{bar}}} when accessing {{{/path}}}.  Note that {{{%1}}} and {{{%2}}} are back-references to the matched part of the regular expression in the previous {{{RewriteCond}}}.
+ Change any single instance of {{{val}}} in the query string to {{{other_val}}} when accessing {{{/path}}}.  Note that {{{%1}}} and {{{%2}}} are back-references to the matched part of the regular expression in the previous {{{RewriteCond}}}.
  
  
  {{{
- RewriteCond %{QUERY_STRING} ^(.*)foo(.*)$
+ RewriteCond %{QUERY_STRING} ^(.*)val(.*)$
- RewriteRule /path /path?%1bar%2
+ RewriteRule /path /path?%1other_val%2
  }}}
  
  === Making the Query String Part of the Path ===
@@ -65, +67 @@

  
  === Making the Path Part of the Query String ===
  
- Essentially the reverse of the above recipe.
+ Essentially the reverse of the above recipe. But this example, on the other hand, will work for any valid three level URL. {{{http://example.com/path/var/val}}} will be transformed into {{{http://example.com/path?var=val}}}.
  
  {{{
- RewriteRule ^/path/(\w+)/(\w+) /path?$1=$2
+ RewriteRule ^/path/([^/]+)/([^/]+) /path?$1=$2
  }}}

Re: [Httpd Wiki] Update of "Recipes/QueryString" by VinkoVrsalovic

Posted by Joshua Slive <jo...@slive.ca>.

On 5/30/07, Vinko Vrsalovic <vi...@gmail.com> wrote:
>
>
> On 5/30/07, Joshua Slive <jo...@slive.ca> wrote:
> > > Didn't know that... but I did a quick test:
> > >
> > >         RewriteRule /path/[^/]+ http://google.com
> > >
> > > and when accessing http://localhost/path/dsa(@@) drove me to google. So
> I
> > > think it's not *that* messed up.
> >
> > The problem is extra escaping that occurs on the substitution string. So
> try
> > RewriteRule /path/([^/]+) http://google.com/?q=$1
>
> Google tells me:
>
> The requested URL /?q=dsa(@@) was not found on this server.
>
> Address bar shows http://www.google.com/?q=dsa(@@)

Perhaps @ is a safe character in this context. For details of the problem, see:
http://mail-archives.apache.org/mod_mbox/httpd-dev/200705.mbox/%3cop.tsvnf2butl8ewe@redgene.mta.liwest.at%3e

Joshua.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

Re: [Httpd Wiki] Update of "Recipes/QueryString" by VinkoVrsalovic

Posted by Vinko Vrsalovic <vi...@gmail.com>.

On 5/30/07, Joshua Slive <jo...@slive.ca> wrote:
>
> > Didn't know that... but I did a quick test:
> >
> >         RewriteRule /path/[^/]+ http://google.com
> >
> > and when accessing http://localhost/path/dsa(@@) drove me to google. So
> I
> > think it's not *that* messed up.
>
> The problem is extra escaping that occurs on the substitution string. So
> try
> RewriteRule /path/([^/]+) http://google.com/?q=$1


Google tells me:

The requested URL /?q=dsa(@@) was not found on this server.

Address bar shows http://www.google.com/?q=dsa(@@)

(Ubuntu's 2.0.55 package, Firefox 1.5.0.11 as client)

V.

Re: [Httpd Wiki] Update of "Recipes/QueryString" by VinkoVrsalovic

Posted by Joshua Slive <jo...@slive.ca>.

On 5/30/07, Vinko Vrsalovic <vi...@gmail.com> wrote:

> > >   {{{
> > > - RewriteRule ^/path/(\w+)/(\w+) /path?$1=$2
> > > + RewriteRule ^/path/([^/]+)/([^/]+) /path?$1=$2
> > >   }}}
> >
> > I don't have a particular problem with that, but it is highly unlikely
> > to work if anything outside the \w character class is in there, since
> > URL escaping in mod_rewrite is pretty messed-up on this point. There
> > was a recent message on dev@httpd about that.
> >
>
> Didn't know that... but I did a quick test:
>
>         RewriteRule /path/[^/]+ http://google.com
>
> and when accessing http://localhost/path/dsa(@@) drove me to google. So I
> think it's not *that* messed up.

The problem is extra escaping that occurs on the substitution string. So try
RewriteRule /path/([^/]+) http://google.com/?q=$1

Joshua.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

Re: [Httpd Wiki] Update of "Recipes/QueryString" by VinkoVrsalovic

Posted by Vinko Vrsalovic <vi...@gmail.com>.

>
> I'm sort of ambivalent about var=val consistency, since the query
> string doesn't need to be in that format.


I think most people think about the Query String in terms of key=value
pairs. And those who know that this format isn't mandatory are less likely
to be confused by reading key=value than the other way around. But, the main
point was to ensure consistency across the whole document (ie, don't mix
http://example.com/?stuff with http://example.com/?var=val). I personally
prefer var=val for the reasons stated above.


>
> >   {{{
> > - RewriteRule ^/path/(\w+)/(\w+) /path?$1=$2
> > + RewriteRule ^/path/([^/]+)/([^/]+) /path?$1=$2
> >   }}}
>
> I don't have a particular problem with that, but it is highly unlikely
> to work if anything outside the \w character class is in there, since
> URL escaping in mod_rewrite is pretty messed-up on this point. There
> was a recent message on dev@httpd about that.
>

Didn't know that... but I did a quick test:

        RewriteRule /path/[^/]+ http://google.com

and when accessing http://localhost/path/dsa(@@) drove me to google. So I
think it's not *that* messed up.

V.

Re: [Httpd Wiki] Update of "Recipes/QueryString" by VinkoVrsalovic

Posted by Joshua Slive <jo...@slive.ca>.

On 5/30/07, Apache Wiki <wi...@apache.org> wrote:
> Dear Wiki user,
>
> You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
>
> The following page has been changed by VinkoVrsalovic:
> http://wiki.apache.org/httpd/Recipes/QueryString
>
> The comment on the change is:
> Consistency var=val plus I really think showing [^/]+ is important.

I'm sort of ambivalent about var=val consistency, since the query
string doesn't need to be in that format.

>   === Making the Path Part of the Query String ===
>
> - Essentially the reverse of the above recipe.
> + Essentially the reverse of the above recipe. But this example, on the other hand, will work for any valid three level URL. {{{http://example.com/path/var/val}}} will be transformed into {{{http://example.com/path?var=val}}}.
>
>   {{{
> - RewriteRule ^/path/(\w+)/(\w+) /path?$1=$2
> + RewriteRule ^/path/([^/]+)/([^/]+) /path?$1=$2
>   }}}

I don't have a particular problem with that, but it is highly unlikely
to work if anything outside the \w character class is in there, since
URL escaping in mod_rewrite is pretty messed-up on this point. There
was a recent message on dev@httpd about that.

Joshua.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org