This forum has been moved here:
Helicon Tech Community Forum

ISAPI_Rewrite 3.0 (Forum Locked Forum Locked)
 Helicon Tech : ISAPI_Rewrite 3.0
Subject Topic: URL Checker
Author
Message |
abhijeet_dighe
Newbie


Joined: 20 January 2010
Posts: 22
Posted: 21 February 2012 at 10:51pm

Hi,

We are using ISAPI_Rewrite 3.
We want to redirect user to error.htm if url contains any of the following:
;
--
'
<i
<s 
Back to Top
 
Guests
Guest


Joined: 01 October 2003
Online Status: Online
Posts: -160
Posted: 22 February 2012 at 6:03am

Hello,

I'd suggest using smth like:

RewriteRule (?:;|--|'|<i|<s) /error.htm [NC,R=301,L]

Regards
Andrew


Edited by Andrushka - 22 February 2012 at 6:14am
Back to Top
 
abhijeet_dighe
Newbie


Joined: 20 January 2010
Posts: 22
Posted: 23 February 2012 at 12:23am

Hi,

It is working for below example:
http://test.com/pa--ge.htm?id=123

But it is not working for below example:
http://test.com/page.htm?id=--123

in above url i have put -- in querystring and it is not redirecting to error.htm
Back to Top
 
Guests
Guest


Joined: 01 October 2003
Online Status: Online
Posts: -160
Posted: 23 February 2012 at 5:21am

try adding the following rule:

Code:
RewriteCond %{QUERY_STRING} (?:;|--|'|<i|<s)
RewriteRule .* /error.htm [NC,R=301,L]


Regards
Andrew
Back to Top
 
abhijeet_dighe
Newbie


Joined: 20 January 2010
Posts: 22
Posted: 23 February 2012 at 6:29am

I tried it, but it is not working. If below characters are anywhere in the url, it should get redirected to error.htm.
;
--
'
<i
<s
Back to Top
 
Guests
Guest


Joined: 01 October 2003
Online Status: Online
Posts: -160
Posted: 24 February 2012 at 5:44am

Please, provide the rewrite.log for the testing request.
Logging issues described in FAQ - http://www.helicontech.com/forum/10648-FAQ.html

Regards
Andrew
Back to Top
 
abhijeet_dighe
Newbie


Joined: 20 January 2010
Posts: 22
Posted: 27 February 2012 at 1:33am

Hi,

We tried to use hex code for special chars and it is working fine now with below code:

RewriteCond %{QUERY_STRING} (?:;|%3B|%20|'|%27|<|%3C|>|%3E|--|%2D%2D)
RewriteRule .* /error.html [NC,R=301,L]

1. We used |
%20| for space and it is working. However, | | is giving error during saving expression. Is there workaround to use space other than Hex?
   
2. Do we need to mention chars in other formats also like Dec, Oct? We use IIS 7.5. Is there such setting in IIS to use query-string in Hex only?

Back to Top
 
Guests
Guest


Joined: 01 October 2003
Online Status: Online
Posts: -160
Posted: 27 February 2012 at 4:20am

You may try to look for a workaround in documentation, using NE or NU flags.

Regards
Andrew
Back to Top
 

Sorry, you can NOT post a reply.
This forum has been locked by a forum administrator.

Printable version Printable version