Hi,
I've also noticed the following in the .htaccess file in the document
root as part of joomla:
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
Could these somehow be overriding the config in the virtual domain config file?
On Sun, Mar 3, 2019 at 8:02 AM Alex <mysqlstudent@xxxxxxxxx> wrote:
>
> Hi,
>
> > >>> RewriteCond %{QUERY_STRING} ^option=login$
> > >>> RewriteRule ^/index.php?$ /register [R=301,L]
> > >>>
> > >>> It's been a while since I've done this, so I'm not sure
> > >>> whether the "?" after index.php is matched. You may need to
> > >>> adjust that pattern.
> > >>
> > >> I would expect to not want the "?" in the RewriteRule; it should be
> > >> stripped by the process which breaking things into the path and the
> > >> query_string. Untested opinion, it has been a while for me too.
> >
> > Yep. I saw some suggestions with the trailing '?' so I
> > included it in the example, since I wasn't sure either way.
> > It's not wanted or needed, now that I've tested.
> >
> > >> And in principle you want to escape the ".": "\."
> >
> > No doubt. I tend to try and make any regexp's tightly
> > defined when I'm putting them into use. Though making them
> > a bit loose to start can help to ensure that the rest of the
> > rule is hit.
> >
> > > Both with the ? and without didn't make a difference. It didn't work either way.
> > >
> > > It seemed to ignore it entirely. It continued to report "component not
> > > found", as if it's trying to process the option= portion.
> > >
> > > If no one has any further ideas, perhaps you know of a better resource?
> > >
> > > Of course I'm also happy to try other ideas...
> >
> > I just tested locally. Here's what worked for me:
> >
> > [tmz@f29 ~]$ cat /etc/httpd/conf.d/rewrite_test.conf
> > <Directory /var/www/html>
> > RewriteEngine on
> > RewriteCond %{QUERY_STRING} ^option=login$
> > RewriteRule ^index.php /register [R=301,L,QSD]
> > </Directory>
> >
> > [tmz@f29 ~]$ curl -I 'localhost/index.php?option=login'
> > HTTP/1.1 301 Moved Permanently
> > Date: Sat, 02 Mar 2019 03:00:52 GMT
> > Server: Apache/2.4.38 (Fedora)
> > Location: http://localhost/register
> > Content-Type: text/html; charset=iso-8859-1
> >
> > The URI was matched without a leading /. To strip the query
> > string, the QSD flag is handy. That's in httpd >= 2.4.0.
>
> This didn't work. That is exactly what I now have in my config for the
> virtual domain. It still appears that it's not matching.
>
> Does anyone have any further ideas about what could be causing it to
> bypass the rule?
>
> Here's a failed request:
> 151.106.10.153 - - [03/Mar/2019:08:01:37 -0500] "GET
> /index.php?option=login HTTP/1.1" 404 2748
> "http://www.linuxsecurity.com/index.php?option=login"; "Mozilla/5.0
> (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
> Chrome/52.0.2743.116 Safari/537.36" 0/49047 836/9379/2748
> linuxsecurity.com
>
> I've pasted the trace1 output for a request here:
> https://pastebin.com/EighLUWw
>
> Thanks,
> Alex
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
