trim url query string with .htaccess_问答_开发者

开发者 https://www.devze.com 2023-02-16 07:59 出处：网络

On my site I use a session id when accessing a pages form content. The sessionid in the url isn\'t normally shown because it\'s accessed through jQuery .load so the url doesn\'t change. The page in re

相关专题：.htaccess php

On my site I use a session id when accessing a pages form content. The sessionid in the url isn't normally shown because it's accessed through jQuery .load so the url doesn't change. The page in reference above needs to be accessed by some outside domains directly. I have used the following PHP at the top of the form page, to show the entire page.

<?php
    $code = $_GET['sessionid'];
    $referrer = $_SERVER['HTTP_REFERER'];

    if(strcmp( $code , 'XXXXX' ) !=0) {
    if (preg_match("/alloweddomain.com/",$referrer)) {
header('Location: http://www.mydomain.com/desiredpage.php?sessionid=XXXXX');
} else {
header("Location: http://www.mydomain.com/otherpage.php");
        }
    }
?>

Is there a way with .htaccess to remove the session ID? I've tried the following but get 500 Internal Server Errors.

RewriteEngine On
RewriteBase /
"lots of 301 redirects"
HTTP_REFERER variable RewriteCond %{HTTP_REFERER} !aloweddomain.com RewriteCond %{QUERY_STRING} !="sessionid=XXXXX" RewriteRule .* /desiredpage.php? [R=301,L]

***EDIT**** used this, filling in the appropriate details

RewriteCond %{HTTP_REFERER} !**aloweddomain开发者_开发问答.com** [OR]
RewriteCond %{QUERY_STRING} !=sessionid=**XXXXX**
RewriteRule .* /**desiredpage**.php? [R=301,L]

just get FF error that it can't complete redirect

you forget newlines

RewriteCond %{HTTP_REFERER} !aloweddomain.com [OR]
RewriteCond %{QUERY_STRING} !=sessionid=XXXXX
RewriteRule .* /desiredpage.php? [R=301,L]

This will redirect all url's that don't came from aloweddomain.com or don't have Query_String. I forget about [OR] if there is nor [OR] then then the two conditions must be true.

and if desiredpage.php is simply page that show that you can't access the site then you can put 403 Forbidden instead of redirect

RewriteRule .* - [F,L]

If you want to call it from AJAX or custom domain.

if (preg_match('/domain.com/', $_SERVER['HTTP_REFERER']) || 
    $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
   // allowed
   header('Location: http://www.mydomain.com/desiredpage.php');
} else {
   // not allowed
   header('Location: http://www.mydomain.com/otherpage.php');
}

code for desiredpage.php

if (!(preg_match('/domain.com/', $_SERVER['HTTP_REFERER']) ||
    $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')) {
   header('Location: http://www.mydomain.com/otherpage.php');
}