Hey Matt,(I just sent you the message off list, but now rereading this again, I'm starting to understand.)
I see that I'm affecting all the URLs, including the ones the app is initiating and that's what's breaking stuff.
But what if I want the rule to ONLY take affect when the URL ends with a '/' char, as in the case of
http://varsitybeat.com/wi/madison/That's the only time I need the rule to kick in, when they give me a city and school name on the URL, and this is also the only time a URL will end with a '/'.
What would you change on this one?
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^/]+)/([^/]+)
/index.php?st=$1&sc=$2 [NC]
...which seems closest yet, to only make it apply the URL to URL's ending in '/' ?
Thanks, Skip Matt wrote:
if the "header file is read in by php" means that it is an include,
that doesnt matter
it is the form of the URL that the user_agent requests that matters
so say the user_agent requests index.php, then that php file includes
header.html
and that the resulting HTML is something like
<link type="text/css".... href="/styles/stuff.css" />
<script type"=text/javascript" ... href="/scripts/stuff.js"></script>
the user_agent will make a GET request to the server of
http://2ndlevel.example.com/styles/stuff.css
http://2ndlevel.example.com/scripts/stuff.css
which will be picked up by your rewrite rule and will become
http://2ndlevel.example.com/index.php?st=styles&sc=stuff.css
so either your index.php must know how to send the appropriate
content-type header (and other headers: caching, etag, etc...)
or you must adjust the conditions under which the rewrite rule will
fire to prevent such content from being handled by your script.
Usually you only want to redirect non-existent-directories and
non-existent-files to your index,php handler, so you can do this using
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^/]+)/([^/]+) /index.php?st=$1&sc=$2 [NC]
or by adjusting your regular expression to be more specific, either to
only include certain URLs, or to exclude certain URLs, the choice is
yours, but at present your ([^/]+) is insufficent, as it only looks at
structure of the URL, not whether the specific resource should be
passed via the script, so for instance it would redirect
http://2ndlevel.example.com/blah/'%20OR1=1
to
http://2ndlevel.example.com/index.php?st=blah&sc='%20OR1=1
which might not be what you are expecting.
I would certainlu concentrate on whitelisting in your URL rewriterule,
being quite specific (more specific than just checking for
nonexistence) and then be double sure your php file only handles
legitimate types of request, because now you are shortcircuiting some
of the hard won apache handling with your own code.
you could for instance do
Options +FollowSymlinks
RewriteEngine on
RewriteRule ^([^/]+)/\.(css|html?|js)$ /index.php?st=$1&sc=.$2 [NC]
which still requires filtering but only acts on URLs that end with
certain file extensions.
Hope that helps.
-- Skip Evans Big Sky Penguin, LLC 503 S Baldwin St, #1 Madison, WI 53703 608-250-2720 http://bigskypenguin.com =-=-=-=-=-=-=-=-=-= Check out PHPenguin, a lightweight and versatile PHP/MySQL, AJAX & DHTML development framework. http://phpenguin.bigskypenguin.com/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|