Remove incoming request field

Using mod_rewrite to handle various content issues

Remove incoming request field

Postby LL_apache » Mon Apr 28, 2008 9:01 am

Hi, I see a few invalid requests coming from the client to my server. I need to detect those and remove it before it sends it to backend server and crashes it.
I dont want a decimal value in one of the field thats received from client.

Ex http://myserver.com/test/uri?type=4?time=345123.234

The above request will choke my code because it does not have the logic to consider time as int or whole number. Can we have apache remove this complete 'time=345123.234' field before it sends to backend code ?

Thanks !
LL_apache
 
Posts: 3
Joined: Mon Apr 28, 2008 8:51 am

Postby richardk » Tue Apr 29, 2008 9:30 am

Only for /uri and type=4? Is the second "?" supposed to be an "&"?

Try
Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteCond %{QUERY_STRING} ^(.*&)?time=[^&]+(&.*)$ [NC]
RewriteRule ^(uri)$ /$1?%1%2 [NC,L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby LL_apache » Tue Apr 29, 2008 12:45 pm

Thanks richard. yes you are right its not a '?', its a '&'. And yes its only for that type and uri.

I will try out the code you recommended and update this soon. Thanks a bunch again.
LL_apache
 
Posts: 3
Joined: Mon Apr 28, 2008 8:51 am

Postby richardk » Tue Apr 29, 2008 12:50 pm

its only for that type

Then add
Code: Select all
RewriteCond %{QUERY_STRING} ^(.*&)?type=4(&.*)$ [NC]

above
Code: Select all
RewriteCond %{QUERY_STRING} ^(.*&)?time=[^&]+(&.*)$ [NC]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby LL_apache » Tue Apr 29, 2008 1:54 pm

Ok. Trying now. thanks.
LL_apache
 
Posts: 3
Joined: Mon Apr 28, 2008 8:51 am


Return to Content

Who is online

Users browsing this forum: Google [Bot] and 1 guest

cron