剥离下来的URL未列入白名单的任何参数 [英] Strip down any parameter from URL which is not whitelisted
问题描述
我需要剥离的任何参数,它不在白名单中如网址:
<$p$p><$c$c>abc.com/somePage?phone=1234&stipAway=asd&fax=324&stripDown=disappear&zip=zip
应该是:
abc.com/somePage?phone=1234&fax=324&zip=zip
相关问题:<一href="http://stackoverflow.com/questions/19728136/rewrite-url-using-htaccess-file-in-case-there-is-used-parameters-which-is-not-i">Rewrite在使用.htaccess文件的URL有使用的参数是不是白名单
P.S。这是需要的,在头两个答案提到的更复杂的解决方案。为了理解我将用一些例子说明:
<$p$p><$c$c>abc.com/somePage2?stripAway=asd&fax=324&stripDown=disappear&phone=1234&zip=zip
应该是:
abc.com/somePage2?fax=324&phone=1234&zip=zip
和
abc.com/somePage3?stripAway=asd&stripDown=disappear
应该是:
abc.com/somePage3
如果该列表是为了,anubhava的答案是比我好得多。如果列表不保证的顺序,可以使用下面的规则。它使用乔恩·林的技术使用这个答案。
的RewriteCond%{QUERY_STRING} ^(。*放大器; |)((电话| |传真压缩)?!) ^ =] + =
##的RewriteCond%{QUERY_STRING} ##(| *安培。)(*?)(手机)=([^&功放;] +)
的RewriteCond%1安培;%3 =%4 ##%{QUERY_STRING} ##(| *安培。)(*?)(传真)=([^&功放;] +)
的RewriteCond%1安培;%3 =%4 ##%{QUERY_STRING} ##(| *安培。)(*?)(ZIP)=([^&功放;] +)
重写规则^(。*)$ $ 1?%= 3%4%1 [R,L]
那么,它有什么作用?第一个条件是唯一真正的,如果能找到一个参数不匹配(电话|传真|邮编)(负前瞻)。接下来的三个的RewriteCond 捕获每个你想保持和$ P $自定义之前ppare查询字符串参数 ## 分隔符。如果分离器恰好是在你的查询字符串奇怪的事情会发生。
这种方法的缺点是,如果这三个参数之一不是present,该规则将不适用。我个人把这个白名单在页面本身,而不是尝试通过的.htaccess对其进行过滤。
编辑:如果某些参数是可选的,您可以使用下面的怪物:
的RewriteCond%{QUERY_STRING} ^((*)及|?)(?!(电话|传真|邮编))[^ =] + = [^&安培] +(放大器; * |)$
重写规则^(。*)$ $ 1%2%4?[R,E = REDIR:1]
的RewriteCond%{QUERY_STRING} ^&安培; $(*)。
重写规则^ $ $ 1%1(*)?[R,E = REDIR:1]
的RewriteCond%{ENV:REDIR} = 1
重写规则^ - [R,L]
基本上,如果有一个不导致超前匹配参数中的字符串参数,它将匹配参数之前的部分和该参数背后的部分和再造查询串。第二条规则是prevent它吞噬着整个查询字符串,如果第一个参数是不是'白名单'(或只是简单地以一个与安培)和最后的规则是尽量保持重定向量最小。请注意,如果有在请求太多的参数没有被列入白名单,浏览器将显示一个错误(重定向链检测)。
相反,我会推荐页面本身的过滤。在PHP中它会像下面这样code。这将使它更容易保持这种白名单,不打破一切,如果你决定使用其他httpdeamon。
&LT; PHP
$白名单=阵列(电话,传真,拉链);
的foreach($ _ GET为$ K =&GT; $ V){
如果(!in_array($ K,$白名单))
取消设置($ _ GET [$ K]);
}
#,然后同样为$ _ POST和$ _REQUEST
I need to strip any parameter which is not in white list e.g. URL:
abc.com/somePage?phone=1234&stipAway=asd&fax=324&stripDown=disappear&zip=zip
should look:
abc.com/somePage?phone=1234&fax=324&zip=zip
Related question: Rewrite URL using .htaccess file in case there is used parameters which is not in white list
P.S. It is more complex solution needed that in first two answers mentioned. To make understandable I will illustrate with some more examples:
abc.com/somePage2?stripAway=asd&fax=324&stripDown=disappear&phone=1234&zip=zip
should look:
abc.com/somePage2?fax=324&phone=1234&zip=zip
and
abc.com/somePage3?stripAway=asd&stripDown=disappear
should look:
abc.com/somePage3
If the list is in order, anubhava's answer is much better than mine. If the list is not guaranteed to be in order, you can use the following rule. It uses the technique that Jon Lin uses in this answer.
RewriteCond %{QUERY_STRING} ^(.*&|)(?!(phone|fax|zip))[^=]+=
RewriteCond ##%{QUERY_STRING} (.*?)##(|.*&)(phone)=([^&]+)
RewriteCond %1&%3=%4##%{QUERY_STRING} (.*?)##(|.*&)(fax)=([^&]+)
RewriteCond %1&%3=%4##%{QUERY_STRING} (.*?)##(|.*&)(zip)=([^&]+)
RewriteRule ^(.*)$ $1?%3=%4%1 [R,L]
So, what does it do? The first condition is only true if it can find a parameter that does not match (phone|fax|zip) (negative look-ahead). The next three RewriteCond capture each of the parameters you want to keep and prepare a query string before the custom ## separator. Strange things will happen if that separator happens to be in your query string.
The downside of this approach is, if one of these three parameters is not present, the rule will not be applied. I would personally put this whitelist in the page itself, and not try to filter it via .htaccess.
Edit: If some parameters are optional, you can use the following monstrosity:
RewriteCond %{QUERY_STRING} ^((.*?)&|)(?!(phone|fax|zip))[^=]+=[^&]+(&.*|)$
RewriteRule ^(.*)$ $1?%2%4 [R,E=Redir:1]
RewriteCond %{QUERY_STRING} ^&(.*)$
RewriteRule ^(.*)$ $1?%1 [R,E=Redir:1]
RewriteCond %{ENV:Redir} =1
RewriteRule ^ - [R,L]
Basically, if there is parameter in the string that does not match the parameters in the lookahead, it will match the part before that parameter and the part behind that parameter and reforge a query string. The second rule is to prevent it from devouring the entire query string if the first parameter is not 'whitelisted' (or it just simply starts with a &) and the last rule is to try to keep the amount of redirects to a minimum. Please note that if there are too many parameters in the request that are not whitelisted, the browser will display an error (redirect chain detected).
Instead I would recommend filtering on the page itself. In php it would be something like the following code. This will make it easier to maintain this whitelist and doesn't break everything if you ever decide to use an other httpdeamon.
<?php
$whitelist = Array( 'phone', 'fax', 'zip' );
foreach( $_GET as $k => $v ) {
if( !in_array( $k, $whitelist ) )
unset( $_GET[$k] );
}
#And the same for $_POST and $_REQUEST
这篇关于剥离下来的URL未列入白名单的任何参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
