Hi, I have a question about mod_rewrite.
I want to deny access if the variables included in the GET or the POST are matching a defined string
this is what I use:
--------
RewriteCond %{REQUEST_METHOD} ^(GET|POST)$ [NC]
RewriteCond %{QUERY_STRING} (myvariable=xxx123) [NC]
RewriteRule .*? - [F]
--------
This is working, but only for GET:
--------
GET /site/file.php?var1=Login&username=user1&in_pw_userpass=userpassword&myvariable=xxx123
--------
the query_string is matched and everything is working fine as mod_rewrite is condisering:
QUERY_STRING=var1=Login&username=user1&in_pw_userpass=userpassword&myvariable=xxx123
This is not working for the POST, as checking the HTTP-Headres, I see that the made POST is something like this:
--------
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:
1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: <deleted by me in this email>
Cookie: <deleted by me in this email>
Content-Type: application/x-www-form-urlencoded
Content-Length: 156
var1=Login&username=user1&in_pw_userpass=userpassword&myvariable=xxx123
--------
so, QUERY_STRING="", and I can't check the content of the POST.
Is there a way with mod_rewrite to verify and match the content of the POST?
