I want to check if the URL has control character code like 0x00,0x01..0x1f and 0x7f
example.com/test.php?status0x01Http../
If it has need to redirect to 404 page .If no such character exist redirect to the accessed page.
I want to achieve this in .htaccess.
Tried
RewriteRule ^/?(.*)>$ /$1 [L,R=301]
above code remove all the character
CodePudding user response:
From your example, these control characters appear in the query string only. To form a valid HTTP request these chars would need to be URL-encoded (ie. %-encoded as %HH) in the request. So an actual request would be of the form:
example.com/test.php?statusHttp../
We can check the QUERY_STRING server variable using a mod_rewrite condition, which remains %-encoded.
For example, you could trigger a 404 for such URLs using the following:
RewriteCond %{QUERY_STRING} %([01][0-9A-F]|7F) [NC]
RewriteRule ^ - [R=404]
This will need to go near the top of your .htaccess file, before any existing mod_rewrite directives. As a general rule, any blocking directives should be first.
If no such character exist redirect to the accessed page
There is nothing that needs to be done in this respect, the above rule simply isn't triggered and the request falls through and is processed normally.
CodePudding user response:
With your shown samples and attempts, please try following htaccess rules file. I am posting here 2 set of htaccess file, keep either of them ONLY not both of them.
1st one is a Generic one where on any url which has .php followed by query string it will work.
RewriteEngine ON
RewriteCond %{THE_REQUEST} \s(?:[^.]*)\.php\?.*%([01][0-9A-F]|7F) [NC]
RewriteRule ^ - [R=404,L]
2nd one is a specific case which works on url which contains test.php followed by a query string it will work.
RewriteEngine ON
RewriteCond %{THE_REQUEST} \stest\.php\?.*%([01][0-9A-F]|7F) [NC]
RewriteRule ^ - [R=404,L]
Please make sure to clear your browser cache before testing your URLs.
Also keep these rules at top of your htaccess rules file.