Mod_Rewrite Forums

[im_chaz]

My current ISP has enabled wildcards for subdomains within our domain.

i.e. *.testdomain.com would be redirected to http://www.testdomain.com

My problem is that I dont have any subdomains established yet. But I cant turn off subdomain functionalities due to ISP's control. So if I have a malicious user and wants to post something on a website and for a joke, they can post a link pornmaster.testdomain.com and if somebody clicks on it, my site www.testdomain.com pops up. How do I prevent this from happening?

my domains are testdomain.com, .net, .org

My site can be reached by using with or without www i.e. testdomain.com or www.testdomain.com

Now I am a newbie and all these rewrite syntax is really confusing.

1. If the user request testdomain.com or .net or .org with and without the www preceding it, it will redirect to testdomain.com main site. But, if the www is missing and they put something in the subdomain area ie. pornmaster.testdomain.com, I want the user to get a forbidden code or page does not exist. How do I make a rule from preventing somebody using subdomains?

2. The second question is what if I finally make a subdomain? ie. testing.testdomain.com
What happens then if this is the only subdomain that is valid?

How do I validate that subdomain to be valid while still not letting other fake subdomains through.

Hope this makes sense. Thanks in advance,

[Caterham]

Code: Select all

RewriteEngine On
RewriteCond %{HTTP_HOST} !^$
#dom.com www.dom.com
RewriteCond %{HTTP_HOST} !^(www\.)?[^.]+\.[a-z]{2,5}$
RewriteRule ^.* - [F]

remember, that HTTP_HOST is NOT available in a true http/1.0 request.

the second question is what if I finally make a subdomain? ie. testing.testdomain.com
What happens then if this is the only subdomain that is valid?

add

Code: Select all

RewriteCond %{HTTP_HOST} !^testing\.domain\.com

[im_chaz]

Excellent, Thank you for the code.

One more followup, Instead of using a Forbidden code, how do I redirect the user to a specific page if using an invalid subdomain.

i.e. ThisIsInvalidDomain.htm

BTW, besides going to the actual Mod_Rewrite documentation at the Apache site, can you suggest a good tutorial on what specific codes do?

On your last syntax:
RewriteRule ^.* - [F]

I knew what .* meant but was wondering why the $ didnt follow the *(asterik) as the closing anchor and what does the - (hyphen) do in that syntax. I do understand the [F] gives the forbidden code.

Just was wondering so I can see real examples and understand the syntax in laymens terms.

Thanks again in advance,

Chuck

[Caterham]

Hi Chuck.

Excellent, Thank you for the code.

One more followup, Instead of using a Forbidden code, how do I redirect the user to a specific page if using an invalid subdomain.

i.e. ThisIsInvalidDomain.htm

Code: Select all

RewriteEngine On
RewriteCond %{HTTP_HOST} !^$
#dom.com www.dom.com
RewriteCond %{HTTP_HOST} !^(www\.)?[^.]+\.[a-z]{2,5}$
# exit, if the file itself was called (prevent looping)
RewriteRule !^ThisIsInvalidDomain\.htm /ThisIsInvalidDomain.htm [L]

can you suggest a good tutorial on what specific codes do?

I think you ment the RegularExpressions (try google).

Well, the $ of course can follow, but for such a wildcard (greedy) RegEx, it's enough to specify the start of the string but not the end.

[im_chaz]

Thanks for answering my questions. Its people like you that provide a lot of success to forums especially to beginners.

Hope to return the favor for future newbies too.



-Chuck