开发者

.htaccess forbid for all except when specific {querystring}/$_GET

Foreword: I know this is a bit of a security flaw, but I'd like an htaccess solution

I have a semi-private wiki (php,mysql,mediawiki) that I'd like to allow only to a specific range of IPs, except make it public (allow all) if the article title is title=public_articleName#### which I believe is ^title=public_articleName([0-9]{4})$ ?

I also use rewrite rules in toplevel htaccess so that the urls are beautified (www.site.com/wiki/article is actually www.site.com/wiki/index.php?title=article) in my case I would like www.site.com/wiki/ to be (partly) forbidden, but www.site.com/wiki/public_articleName2345 visible for all)

Any ideas ? I know you can access %{QUERY_STRING}, but I have no idea to force a 403 based on that match (except for IPs xxx.xxx.xx.xxx)

Thanks for your input

edi开发者_如何学编程t:clarifications


You can use the [forbidden] flag on RewriteRules:

RewriteRule  index.php?title=disallow  forbid.html  [F]

You can combine that with a RewriteCond maybe to match IPs or prevent this rule to apply to allowed pages.

RewriteCond  ${REMOTE_ADDR}  !78.22.131.219
RewriteRule  index.php?title=disallow  forbid.html  [F]    

Some notes here: https://serverfault.com/questions/214512/everything-you-ever-wanted-to-know-about-mod-rewrite-rules-but-were-afraid-to-ask

It would however be heaps easier to implement this programmatically in the wiki software.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜