HTACCESS Code (General Purpose)

This is basically what I use to manage dynamic URLs.

  • RewriteCond %{QUERY_STRING} ^(.+)$ [NC] RewriteRule ^(.*)$ - [F,L] Protects against bogus query strings attached to the end of a URL. This code is customized to issue a forbidden instead of a 404.
  • RewriteCond %{REQUEST_URI} ([a-z0-9]+)\.html$ [NC]
    RewriteRule ^([a-z0-9]+)\.html /script.file?p_path=$1 [L] This allows dynamic xyz.html under a directory and block any links to xyz.html%20, xyz.html^20, etc.
  • I can also cover multiple “root files” (urls that are visible to visitors and should not take query strings):

RewriteCond %{QUERY_STRING} ^(.+)$ [NC]
RewriteCond %{REQUEST_URI} ^/dynamicpage1\.html
RewriteCond %{REQUEST_URI} ^/dynamicpage2\.html
RewriteRule ^(.*)$ - [F,L]

  • RewriteRule ^([^/]+)$ http://www.domain.com/path/$1/ [R=301,L] 301 redirect for path without /. I use this in cases where urls end in / (as opposed to say .html). Just a rewrite may work but use this if you’re worried about duplicates.
  • RewriteRule ^([^/]+)/$ /encryptedfile04ha8fksdasd.html?query=$1 [L] This rewrites URL to the actual dynamic URL. The html file name is encrypted to make it difficult to link directly to the actual dynamic page.

Additionally, in rare cases where I can’t catch bad query strings externally or I need to scan query strings for bad query values, I use this PHP 5+ code, where redirectfunction() is a custom function that will generate a 404 page:

foreach($_REQUEST as $key => $value) {
$$key = $value;
if(check for values) redirectfunction();
}

Last thing: In addition to encrypting dynamic pages, you might want to block them via robots.txt to prevent it from getting them indexed. Of course, doing so can expose that url to your competitors, so personally, I would just make sure no internal links point to the actual dynamic page.

More .htaccess / mod_rewrite links:

Related Posts

What's Your Take?