I've a requirement wherein I wanted to allow only configured return url. Remaining ones should be routed to error message 403.
Currently the apache code i've tried is as shown below.
RewriteCond %{QUERY_STRING} (returnURL|[&]returnURL)=(http|https)://(my[.]return[.]site[.]com)[&]{0,1}
RewriteRule ^(.*) / [R=403,L]
With this when I hit the main url consisting of returnURL as (returnURL=https://my.return.site.com/mock/dummy-es)
or (returnURL=https://google.com)
they are working. My requirement is the returnURL with google.com should show 403 error.
Can you help me to fix the 403 error ?
CodePudding user response:
I'm able to achieve my requirement but somehow the source website in whose apache I've configured is not working. I think the below command is showing 403 when there's no query_string returnURL is passed - which shouldn't be the case. Can you guide me if you are already aware of?
RewriteCond %{QUERY_STRING} !(returnURL|[&]returnURL)=(http|https)(%3A%2F/|://)my.return.site.com
RewriteRule .* - [F]
CodePudding user response:
Everything is working for me with piece of code
RewriteCond %{QUERY_STRING} returnURL [NC]
RewriteCond %{QUERY_STRING} !(returnURL|[&]returnURL)=(http|https)(%3A%2F/|://)(my.return.site.com)
RewriteRule .* - [F]