You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wiki-changes@httpd.apache.org by Apache Wiki <wi...@apache.org> on 2007/05/30 16:41:02 UTC
[Httpd Wiki] Update of "Recipes/QueryString" by VinkoVrsalovic
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by VinkoVrsalovic:
http://wiki.apache.org/httpd/Recipes/QueryString
The comment on the change is:
Consistency var=val plus I really think showing [^/]+ is important.
------------------------------------------------------------------------------
=== Access control by Query String ===
- Deny access to {{{http://example.com/page?query}}} if {{{query}}} contains the string {{{foo}}}.
+ Deny access to {{{http://example.com/page?var=val}}} if {{{var=val}}} contains the string {{{foo}}}.
{{{
# using mod_rewrite
@@ -30, +30 @@
=== Adding to the Query String ===
- Keep the existing query string using the Query String Append flag, but add {{{var=value}}} to the end.
+ Keep the existing query string using the Query String Append flag, but add {{{var=val}}} to the end.
{{{
- RewriteRule (.*) $1?var=value [QSA]
+ RewriteRule (.*) $1?var=val [QSA]
}}}
=== Rewriting For Certain Query Strings ===
- Rewrite URLs like {{{http://example.com/page1?stuff}}} to {{{http://example.com/page2?stuff}}} (but don't rewrite if {{{stuff}}} isn't present).
+ Rewrite URLs like {{{http://example.com/page1?var=val}}} to {{{http://example.com/page2?var=val}}} but don't rewrite if {{{val}}} isn't present.
{{{
- RewriteCond %{QUERY_STRING} ^stuff$
+ RewriteCond %{QUERY_STRING} ^val$
Rewrite ^/page1 /page2
}}}
+ Note that you don't need to use the Query String Append flag if you won't modify the query string in the {{{RewriteRule}}}; it is left as-is in the URL by default.
+
=== Modifying the Query String ===
- Change any single instance of {{{foo}}} in the query string to {{{bar}}} when accessing {{{/path}}}. Note that {{{%1}}} and {{{%2}}} are back-references to the matched part of the regular expression in the previous {{{RewriteCond}}}.
+ Change any single instance of {{{val}}} in the query string to {{{other_val}}} when accessing {{{/path}}}. Note that {{{%1}}} and {{{%2}}} are back-references to the matched part of the regular expression in the previous {{{RewriteCond}}}.
{{{
- RewriteCond %{QUERY_STRING} ^(.*)foo(.*)$
+ RewriteCond %{QUERY_STRING} ^(.*)val(.*)$
- RewriteRule /path /path?%1bar%2
+ RewriteRule /path /path?%1other_val%2
}}}
=== Making the Query String Part of the Path ===
@@ -65, +67 @@
=== Making the Path Part of the Query String ===
- Essentially the reverse of the above recipe.
+ Essentially the reverse of the above recipe. But this example, on the other hand, will work for any valid three level URL. {{{http://example.com/path/var/val}}} will be transformed into {{{http://example.com/path?var=val}}}.
{{{
- RewriteRule ^/path/(\w+)/(\w+) /path?$1=$2
+ RewriteRule ^/path/([^/]+)/([^/]+) /path?$1=$2
}}}
Re: [Httpd Wiki] Update of "Recipes/QueryString" by VinkoVrsalovic
Posted by Joshua Slive <jo...@slive.ca>.
On 5/30/07, Vinko Vrsalovic <vi...@gmail.com> wrote:
>
>
> On 5/30/07, Joshua Slive <jo...@slive.ca> wrote:
> > > Didn't know that... but I did a quick test:
> > >
> > > RewriteRule /path/[^/]+ http://google.com
> > >
> > > and when accessing http://localhost/path/dsa(@@) drove me to google. So
> I
> > > think it's not *that* messed up.
> >
> > The problem is extra escaping that occurs on the substitution string. So
> try
> > RewriteRule /path/([^/]+) http://google.com/?q=$1
>
> Google tells me:
>
> The requested URL /?q=dsa(@@) was not found on this server.
>
> Address bar shows http://www.google.com/?q=dsa(@@)
Perhaps @ is a safe character in this context. For details of the problem, see:
http://mail-archives.apache.org/mod_mbox/httpd-dev/200705.mbox/%3cop.tsvnf2butl8ewe@redgene.mta.liwest.at%3e
Joshua.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: [Httpd Wiki] Update of "Recipes/QueryString" by VinkoVrsalovic
Posted by Vinko Vrsalovic <vi...@gmail.com>.
On 5/30/07, Joshua Slive <jo...@slive.ca> wrote:
>
> > Didn't know that... but I did a quick test:
> >
> > RewriteRule /path/[^/]+ http://google.com
> >
> > and when accessing http://localhost/path/dsa(@@) drove me to google. So
> I
> > think it's not *that* messed up.
>
> The problem is extra escaping that occurs on the substitution string. So
> try
> RewriteRule /path/([^/]+) http://google.com/?q=$1
Google tells me:
The requested URL /?q=dsa(@@) was not found on this server.
Address bar shows http://www.google.com/?q=dsa(@@)
(Ubuntu's 2.0.55 package, Firefox 1.5.0.11 as client)
V.
Re: [Httpd Wiki] Update of "Recipes/QueryString" by VinkoVrsalovic
Posted by Joshua Slive <jo...@slive.ca>.
On 5/30/07, Vinko Vrsalovic <vi...@gmail.com> wrote:
> > > {{{
> > > - RewriteRule ^/path/(\w+)/(\w+) /path?$1=$2
> > > + RewriteRule ^/path/([^/]+)/([^/]+) /path?$1=$2
> > > }}}
> >
> > I don't have a particular problem with that, but it is highly unlikely
> > to work if anything outside the \w character class is in there, since
> > URL escaping in mod_rewrite is pretty messed-up on this point. There
> > was a recent message on dev@httpd about that.
> >
>
> Didn't know that... but I did a quick test:
>
> RewriteRule /path/[^/]+ http://google.com
>
> and when accessing http://localhost/path/dsa(@@) drove me to google. So I
> think it's not *that* messed up.
The problem is extra escaping that occurs on the substitution string. So try
RewriteRule /path/([^/]+) http://google.com/?q=$1
Joshua.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: [Httpd Wiki] Update of "Recipes/QueryString" by VinkoVrsalovic
Posted by Vinko Vrsalovic <vi...@gmail.com>.
>
> I'm sort of ambivalent about var=val consistency, since the query
> string doesn't need to be in that format.
I think most people think about the Query String in terms of key=value
pairs. And those who know that this format isn't mandatory are less likely
to be confused by reading key=value than the other way around. But, the main
point was to ensure consistency across the whole document (ie, don't mix
http://example.com/?stuff with http://example.com/?var=val). I personally
prefer var=val for the reasons stated above.
>
> > {{{
> > - RewriteRule ^/path/(\w+)/(\w+) /path?$1=$2
> > + RewriteRule ^/path/([^/]+)/([^/]+) /path?$1=$2
> > }}}
>
> I don't have a particular problem with that, but it is highly unlikely
> to work if anything outside the \w character class is in there, since
> URL escaping in mod_rewrite is pretty messed-up on this point. There
> was a recent message on dev@httpd about that.
>
Didn't know that... but I did a quick test:
RewriteRule /path/[^/]+ http://google.com
and when accessing http://localhost/path/dsa(@@) drove me to google. So I
think it's not *that* messed up.
V.
Re: [Httpd Wiki] Update of "Recipes/QueryString" by VinkoVrsalovic
Posted by Joshua Slive <jo...@slive.ca>.
On 5/30/07, Apache Wiki <wi...@apache.org> wrote:
> Dear Wiki user,
>
> You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
>
> The following page has been changed by VinkoVrsalovic:
> http://wiki.apache.org/httpd/Recipes/QueryString
>
> The comment on the change is:
> Consistency var=val plus I really think showing [^/]+ is important.
I'm sort of ambivalent about var=val consistency, since the query
string doesn't need to be in that format.
> === Making the Path Part of the Query String ===
>
> - Essentially the reverse of the above recipe.
> + Essentially the reverse of the above recipe. But this example, on the other hand, will work for any valid three level URL. {{{http://example.com/path/var/val}}} will be transformed into {{{http://example.com/path?var=val}}}.
>
> {{{
> - RewriteRule ^/path/(\w+)/(\w+) /path?$1=$2
> + RewriteRule ^/path/([^/]+)/([^/]+) /path?$1=$2
> }}}
I don't have a particular problem with that, but it is highly unlikely
to work if anything outside the \w character class is in there, since
URL escaping in mod_rewrite is pretty messed-up on this point. There
was a recent message on dev@httpd about that.
Joshua.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org