Unable to set appropriate rewrite?-CodePudding

I want to block access via rewrite to IBM WebSphere WCM:

/wps/wcm/webinterface/login/login.jsp

And allow access to everything else under

/wps/*

Any ideas? I tried:

RewriteCond %{REQUEST_URI} ^/wps/wcm/webinterface/login/login\.jsp [OR,NC]
RewriteCond %{REQUEST_URI} !^/wps.*
RewriteRule ^/.* https://myhost.com/wps/portal [L,R=permanent]

CodePudding user response：

I got it working using the following (here's a snip of my rewrites)

RewriteCond %{HTTPS} off
RewriteRule ^/.* https://%{HTTP_HOST}/wps/portal [L,R=permanent]

RewriteCond %{REQUEST_URI} ^/wps/wcm/webinterface.*
RewriteRule ^/,* https://%{HTTP_HOST}/wps/portal [L,R=permanent]

RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} .*(jsp|jsv|wml|chtml) [OR,NC]
RewriteCond %{REQUEST_URI} !^.*(htm|html|js|pdf|swf|ico|gif|jpg|css|png) [NC]
...
RewriteRule ^/,* https://%{HTTP_HOST}/wps/portal [L,R=permanent]

Thanks everyone!

CodePudding user response：

Try the following instead (you don't need to use mod_rewrite here):

<If "%{REQUEST_URI} == '/wps/wcm/webinterface/login/login.jsp'">
    Require all denied
</If>

This serves a 403 Forbidden for the specific URL as stated.

(Requires Apache 2.4)

Using mod_rewrite:

RewriteCond %{REQUEST_URI} ^/wps/wcm/webinterface/login/login\.jsp [OR,NC]
RewriteCond %{REQUEST_URI} !^/wps.*
RewriteRule ^/.* https://myhost.com/wps/portal [L,R=permanent]

In a .htaccess context, the URL-path that the RewriteRule pattern matches against does not start with a slash, so the pattern ^/.* will never match (so the request is never "blocked"). However, you need the slash prefix if the rule is being used directly in a server or virtualhost context.

Since you only want to block a specific URL, you don't need to check that it's not something else (ie. does not start with /wps). But OR'ing these two conditions does not make sense (according to your criteria) as it would block the stated URL and every other URL that does not start with /wps.

This also issues a 301 redirect, it doesn't specifically "block" the request.

To block just that one URL you would need something like the following:

RewriteRule ^/?wps/wcm/webinterface/login/login\.jsp - [F]