Blocking ALL urls except for specific ones

Fix it!!

Blocking ALL urls except for specific ones

Postby goonda » Sun Feb 01, 2004 11:12 am

Hi guys,

I'm having a hard time accomplishing this task with a reverse proxy I am running. Basically I need to block all URLs and request methods except
for permitted ones, but now it looks like I simply block ALL requests. Can someone help?

For example, I know the site that my reverse proxy is protecting
only accept GET, POST, HEAD, and the only valid toplevel urls
are /toplevel1 and /toplevel2 and of course /. Here's what I have:

RewriteEngine on
RewriteLog logs/mod_rewrite_log
RewriteLogLevel 9
RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} !^/$ [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} !^/toplevel1.*$ [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} !^/toplevel2.*$ [OR]
RewriteRule .* - [F]

But I get 403 for all requests, Can anyone shed light on this or have done such a thing before?
goonda
 

Postby Caterham » Sat Dec 11, 2004 3:03 am

Code: Select all
RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD) [NC,OR]
RewriteCond %{REQUEST_URI} !^/$ [OR]
RewriteCond %{REQUEST_URI} !^/toplevel1.*$ [OR]
RewriteCond %{REQUEST_URI} !^/toplevel2.*$ [OR]
RewriteRule .* - [F]
should work :P :P
Caterham
 
Posts: 690
Joined: Fri Dec 10, 2004 1:30 pm


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 1 guest

cron