2

My URLs looks like this: www.example.com/?content=somefile.php.

The pattern is: always www.example.com/?content=, than a file like somefile.php and sometimes some more get parameters.

Is there a way to use www.example.com/somefile.php instead of www.example.com/?content=somefile.php?

I already tried the following:

RewriteEngine On RewriteRule ^([^/]*)$ /?content=$1 [L]

but I'm getting the following error message:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, [no address given] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Apache/2.2.14 (Ubuntu) Server at www.example.com Port 80

Can anybody help me?

Improve this question

2 Answers 2

Reset to default
1

You can use this rule to avoid internal server error:

RewriteEngine On # if request is not for image/css/js files RewriteCond %{REQUEST_URI} !\.(?:jpe?g|gif|bmp|png|ico|tiff|css|js)$ [NC] # skip if we already have ?content= in URL RewriteCond %{QUERY_STRING} !(^|&)content= [NC] # rewrite to ?content= RewriteRule ^([^/]+)/?$ ?content=$1 [L,QSA]
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Seems to work, but please say, what is this code doing? Why do you count format suffixes?
I've added inline comments for better understanding.
Sorry? What do you mean?
0

Try adding;

RewriteEngine On RewriteCond %{QUERY_STRING} !(^|&)content= [NC] #taken from anubhava's code RewriteRule ^([^/]*)$ /?content=$1 [L]

And you shouldn't directly read ?content value, it might be dangerous.

Improve this answer

7 Comments

I'm still getting the same error message. Any other idea? Why is it dangerous to directly read the ?content value?
If you doing something like; file_get_contents($_GET['content']); hackers can read sensitive files like .htaccess, /etc/ files, or maybe even for HTTP calls.
And the problem is infinite loop, as @anubhava said, if you skip when we have ?content= in the URL, it will work fine. My fault in code :)
Thanks for your response. There're still some "bugs", I'm working on it.
I know it's of-topic but can you say me, does my code allow "hackers can read sensitive files"? Here's my code: codeshare.io/2WddVE
|