[HECnet] Security hole in CSWS
Sampsa Laine
sampsa at mac.com
Tue Sep 22 21:03:48 PDT 2009
Ok, I'll play around with some rewrites until I get something that works.
Sampsa
On 22 Sep 2009, at 21:00, Dennis Boone wrote:
I've got the rule down to:
RewriteRule (;[0-9]*\?)|(;[0-9]*$) /
but this is not ideal, as I don't really want to replace the ; with
a /, just drop it but can't figure out the syntax for "replace with
nothing".
You don't, really. You match all the non-version bits of the filename
in parens so you have backreferences, and reconstruct the URL without
the version bits. Something like this:
RewriteRule ^(.*)(;[0-9]+)(.*) $1$3
I don't remember whether the substitution workspace includes script
parameters (?var=val). I _think_ that's already been removed. If not,
you might need to change the first parenthesized expression to something
like ([^?]+) instead.
De
More information about the Hecnet-list
mailing list