Simple redirection not working

Using mod_rewrite to handle various content issues

Simple redirection not working

Postby ton4y » Thu Nov 29, 2007 12:56 pm

Hi, I have the following code in my .htaccess:

---

#Use PHP 5
AddHandler application/x-httpd-php5 .php

#Turn on magic quotes (against SQL injection)
#php_value magic_quotes_gpc On

#Sym Links :P
Options +FollowSymLinks

RewriteEngine On

#WWW to NON-WWW Redirection
RewriteCond %{HTTP_HOST} ^www\.g-r-a-s\.eu$
RewriteRule ^.*$ http://g-r-a-s.eu%{REQUEST_URI} [R=permanent,L]

#Index redirection
RewriteRule ^index.(html|htm|asp|aspx|jsp|jspx|cgi|pl|php2|php3|php4|php5|cfm) http://g-r-a-s.eu/gras [R=permanent,L]

#Folder listing
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

#Errors
ErrorDocument 400 http://g-r-a-s.eu/redirect.php?/gras?p=error&code=400
ErrorDocument 401 http://g-r-a-s.eu/redirect.php?/gras?p=error&code=401
ErrorDocument 403 http://g-r-a-s.eu/redirect.php?/gras?p=error&code=403
ErrorDocument 404 http://g-r-a-s.eu/redirect.php?/gras?p=error&code=404
ErrorDocument 500 http://g-r-a-s.eu/redirect.php?/gras?p=error&code=500

#Redirections

#MODS
RewriteRule ^cmd(.*)$ /cmd.mod.php$1
RewriteRule ^gras(.*)$ /gras.mod.php$1

#PHP Functions
RewriteRule function.(.*) http://php.net/$1

#Captcha
RewriteRule lib/captcha/captcha.mp3 /lib/captcha/audio.php
#Mods
RewriteRule mods/(.*) /redirect.php?/gras?p=error&code=403
#FILES
RewriteRule store/(.*) /redirect.php?/gras?p=error&code=403

#Restrictions
RewriteRule lib/captcha/sounds/(.*) /redirect.php?/gras?p=error&code=403
RewriteRule cache/(.*) /redirect.php?/gras?p=error&code=403
RewriteRule sources/(.*) /redirect.php?/gras?p=error&code=403
RewriteRule languages/(.*) /redirect.php?/gras?p=error&code=403
RewriteRule templates/(.*)/index.tpl /redirect.php?/gras?p=error&code=403
RewriteRule templates/(.*)/(.*).php /redirect.php?/gras?p=error&code=403
RewriteRule error.log /redirect.php?/gras?p=error&code=403

#Rewrite rules to block out some common exploits

#Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]

#Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

#Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

#Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

#Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ /gras [F,L]

---

I know that in some places it is pretty lame, but here is my problem.
When i try to open something with these 2 lines:
RewriteRule ^cmd(.*)$ /cmd.mod.php$1
RewriteRule ^gras(.*)$ /gras.mod.php$1
I get Internal Server Error 500
If i put them some modes i can only make the first one work.
But it doesn't matter if that would be the cmd or the gras, just the first line.
After that, the second gives Internal Server Error..
I think that the problem might be in the modes (which i haven't put because i don't really know which is for what) or in the rest of the code, because i'm pretty sure this type of code used to work before.
So please check what is all about and help me if you can.
Thank you in advance!
ton4y
 
Posts: 3
Joined: Thu Nov 29, 2007 12:48 pm

Postby richardk » Thu Nov 29, 2007 3:09 pm

^cmd(.*)$ matches /cmd.mod.php and it loops.

Try
Code: Select all
Options +FollowSymLinks

RewriteEngine On

# WWW to NON-WWW Redirection
RewriteCond %{HTTP_HOST} ^www\.g-r-a-s\.eu$
RewriteRule .* http://g-r-a-s.eu%{REQUEST_URI} [R=301,L]

# Index redirection
RewriteRule ^index\.(html?|aspx?|jspx?|cgi|pl|php[2-5]|cfm)$ http://g-r-a-s.eu/gras [R=301,L]

# Rewrite rules to block out some common exploits
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|_REQUEST)(=|\[|\%[0-9A-Z]{0,2}) [NC]
RewriteRule .* - [F,L]

# Ignore existing files and directories (to stop loops).
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule .* - [L]

# MODS
RewriteRule ^cmd(.*)$  /cmd.mod.php$1  [QSA,L]
RewriteRule ^gras(.*)$ /gras.mod.php$1 [QSA,L]

# PHP Functions
RewriteRule ^function\.(.+)$ http://php.net/$1 [R,L]

# Captcha
RewriteRule ^lib/captcha/captcha\.mp3$ /lib/captcha/audio.php [QSA,L]

# Restrictions
RewriteRule ^(lib/captcha/sounds|cache|sources|languages|mods|store)/(.*)$ /redirect.php?/gras?p=error&code=403 [QSA,L]
RewriteRule ^templates/.+/(index\.tpl|.+\.php)$ /redirect.php?/gras?p=error&code=403 [QSA,L]
RewriteRule ^error\.log$ /redirect.php?/gras?p=error&code=403 [QSA,L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby ton4y » Fri Nov 30, 2007 9:09 am

Unfortunately it still doesn't help.
I have modified the code in .htaccess to
Code: Select all
AddHandler application/x-httpd-php5 .php

Options +FollowSymLinks

RewriteEngine On

# WWW to NON-WWW Redirection
RewriteCond %{HTTP_HOST} ^www\.g-r-a-s\.eu$
RewriteRule .* http://g-r-a-s.eu%{REQUEST_URI} [R=301,L]

# Index redirection
RewriteRule ^index\.(html?|aspx?|jspx?|cgi|pl|php[2-5]|cfm)$ http://g-r-a-s.eu/gras [R=301,L]

# Rewrite rules to block out some common exploits
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|_REQUEST)(=|\[|\%[0-9A-Z]{0,2}) [NC]
RewriteRule .* - [F,L]

# Ignore existing files and directories (to stop loops).
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule .* - [L]

# MODS
RewriteRule ^cmd(.*)$  /cmd.mod.php$1  [QSA,L]
RewriteRule ^gras(.*)$ /gras.mod.php$1 [QSA,L]

# PHP Functions
RewriteRule ^function\.(.+)$ http://php.net/$1 [R,L]

# Captcha
RewriteRule ^lib/captcha/captcha\.mp3$ /lib/captcha/audio.php [QSA,L]

# Restrictions
RewriteRule ^(lib/captcha/sounds|cache|sources|languages|mods|store)/(.*)$ /redirect.php?/gras?p=error&code=403 [QSA,L]
RewriteRule ^templates/.+/(index\.tpl|.+\.php)$ /redirect.php?/gras?p=error&code=403 [QSA,L]
RewriteRule ^error\.log$ /redirect.php?/gras?p=error&code=403 [QSA,L]

as you told me, but now i'm getting Error 404 not found when i try to access
http://g-r-a-s.eu/gras or http://g-r-a-s.eu/cmd :(
Now it seams that the redirection cmd to cmd.mod.php doesn't work at all... neighter is the ^function\.(.+)$ http://php.net/$1
ton4y
 
Posts: 3
Joined: Thu Nov 29, 2007 12:48 pm

Postby richardk » Fri Nov 30, 2007 3:33 pm

Try
Code: Select all
Options +FollowSymLinks

RewriteEngine On

# Rewrite rules to block out some common exploits
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|_REQUEST)(=|\[|\%[0-9A-Z]{0,2}) [NC]
RewriteRule .* - [F,L]

# WWW to NON-WWW Redirection
RewriteCond %{HTTP_HOST} ^www\.g-r-a-s\.eu$ [NC]
RewriteRule .* http://g-r-a-s.eu%{REQUEST_URI} [R=301,L]

# Index redirection
RewriteRule ^index\.(html?|aspx?|jspx?|cgi|pl|php[2-5]|cfm)$ http://g-r-a-s.eu/gras [NC,R=301,L]

# PHP Functions
RewriteRule ^function\.(.+)$ http://php.net/$1 [NC,R,L]

# Captcha
RewriteRule ^lib/captcha/captcha\.mp3$ /lib/captcha/audio.php [QSA,L]

# Restrictions
RewriteRule ^(lib/captcha/sounds|cache|sources|languages|mods|store)/(.*)$ /redirect.php?/gras?p=error&code=403 [QSA,L]
RewriteRule ^templates/.+/(index\.tpl|.+\.php)$ /redirect.php?/gras?p=error&code=403 [QSA,L]
RewriteRule ^error\.log$ /redirect.php?/gras?p=error&code=403 [QSA,L]

# Ignore existing files and directories (to stop loops).
RewriteCond %{SCRIPT_FILENAME} -f [OR]
RewriteCond %{SCRIPT_FILENAME} -d
RewriteRule .* - [L]

# MODS
RewriteRule ^cmd(.*)$  /cmd.mod.php$1  [QSA,L]
RewriteRule ^gras(.*)$ /gras.mod.php$1 [QSA,L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby ton4y » Sat Dec 01, 2007 8:45 am

Well, i have solved my problem yesterday by myself with this:
Code: Select all
###########################################
###   HTACCESS APACHE CONTROLLER FILE   ###
###########################################
###     don't fuck with .htaccess!!!    ###
###########################################

# Use PHP 5
AddHandler application/x-httpd-php5 .php

# Turn on magic quotes (against SQL injection)
#php_value magic_quotes_gpc On

# Sym Links
Options FollowSymLinks

RewriteEngine On

# WWW to NON-WWW Redirection
RewriteCond %{HTTP_HOST} ^www\.g-r-a-s\.eu$
RewriteRule .* http://g-r-a-s.eu%{REQUEST_URI} [R=301,L]

# Rewrite rules to block out some common exploits
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|_REQUEST)(=|\[|\%[0-9A-Z]{0,2}) [NC]
RewriteRule .* - [F,L]

# Index redirection
RewriteRule ^index\.(html?|aspx?|jspx?|cgi|pl|php[2-5]|cfm)$ http://g-r-a-s.eu/ [R=301,L]

# MODS
RewriteRule ^cmd/(.*)$ cmd.mod.php/$1 [L]
RewriteRule ^gras/(.*)$ gras.mod.php/$1 [L]

# PHP Functions
RewriteRule ^function\.(.+)$ http://php.net/$1 [R,L]

# Captcha
RewriteRule ^lib/captcha/captcha\.mp3$ /lib/captcha/audio.php [QSA,L]

# Mod pages
RewriteRule ^mods/(.*)$ /redirect.php?/gras/?p=error&code=403 [QSA,L]

# FILES
RewriteRule ^store/(.*)$ /redirect.php?/gras/?p=error&code=403 [QSA,L]

# Restrictions
RewriteRule ^(lib/captcha/sounds|cache|sources|languages|mods|store)/(.*)$ /redirect.php?/gras/?p=error&code=403 [QSA,L]
RewriteRule ^templates/.+/(index\.tpl|.+\.php)$ /redirect.php?/gras/?p=error&code=403 [QSA,L]
RewriteRule ^(.+)\.log$ /redirect.php?/gras/?p=error&code=403 [QSA,L]

# Ignore existing files and directories.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /redirect.php?/gras/?p=error&code=404 [QSA,L]

# Errors
ErrorDocument 400 http://g-r-a-s.eu/redirect.php?/gras/?p=error&code=400
ErrorDocument 401 http://g-r-a-s.eu/redirect.php?/gras/?p=error&code=401
ErrorDocument 403 http://g-r-a-s.eu/redirect.php?/gras/?p=error&code=403
ErrorDocument 404 http://g-r-a-s.eu/redirect.php?/gras/?p=error&code=404
ErrorDocument 500 http://g-r-a-s.eu/redirect.php?/gras/?p=error&code=500

Anyway thank you for your help :)))
ton4y
 
Posts: 3
Joined: Thu Nov 29, 2007 12:48 pm


Return to Content

Who is online

Users browsing this forum: Google [Bot] and 2 guests

cron