Home > OS >  Apache Allow Mentioned Query String ReturnURL
Apache Allow Mentioned Query String ReturnURL

Time:12-01

I've a requirement wherein I wanted to allow only configured return url. Remaining ones should be routed to error message 403.

Currently the apache code i've tried is as shown below.

RewriteCond %{QUERY_STRING} (returnURL|[&]returnURL)=(http|https)://(my[.]return[.]site[.]com)[&]{0,1}
RewriteRule ^(.*) / [R=403,L]

With this when I hit the main url consisting of returnURL as (returnURL=https://my.return.site.com/mock/dummy-es) or (returnURL=https://google.com) they are working. My requirement is the returnURL with google.com should show 403 error.

Can you help me to fix the 403 error ?

CodePudding user response:

I'm able to achieve my requirement but somehow the source website in whose apache I've configured is not working. I think the below command is showing 403 when there's no query_string returnURL is passed - which shouldn't be the case. Can you guide me if you are already aware of?

RewriteCond %{QUERY_STRING} !(returnURL|[&]returnURL)=(http|https)(%3A%2F/|://)my.return.site.com
RewriteRule .* - [F]

CodePudding user response:

Everything is working for me with piece of code

RewriteCond %{QUERY_STRING} returnURL [NC]
RewriteCond %{QUERY_STRING} !(returnURL|[&]returnURL)=(http|https)(%3A%2F/|://)(my.return.site.com)
RewriteRule .* - [F]
  • Related