Apache Allow Mentioned Query String ReturnURL

KrishnaKishoreMusle
November 30, 2021
249 views
0 votes
2 Answers

I’ve a requirement wherein I wanted to allow only configured return url. Remaining ones should be routed to error message 403.

Currently the apache code i’ve tried is as shown below.

RewriteCond %{QUERY_STRING} (returnURL|[&]returnURL)=(http|https)://(my[.]return[.]site[.]com)[&]{0,1}
RewriteRule ^(.*) / [R=403,L]

With this when I hit the main url consisting of returnURL as (returnURL=https%3A%2F%2Fmy.return.site.com%2Fmock%2Fdummy-es) or (returnURL=https%3A%2F%2Fgoogle.com) they are working. My requirement is the returnURL with google.com should show 403 error.

Can you help me to fix the 403 error ?

Tags: apache regex

Answers

Chosen as BEST ANSWER
- KrishnaKishoreMusle
- December 1, 2021 at 4:18 am
- 0 votes
0
I'm able to achieve my requirement but somehow the source website in whose apache I've configured is not working. I think the below command is showing 403 when there's no query_string returnURL is passed - which shouldn't be the case. Can you guide me if you are already aware of?
```
RewriteCond %{QUERY_STRING} !(returnURL|[&]returnURL)=(http|https)(%3A%2F%2F|://)my.return.site.com
RewriteRule .* - [F]
```

(Edit)

- KrishnaKishoreMusle
- December 1, 2021 at 10:57 am
- 0 votes
0
Everything is working for me with piece of code
```
RewriteCond %{QUERY_STRING} returnURL [NC]
RewriteCond %{QUERY_STRING} !(returnURL|[&]returnURL)=(http|https)(%3A%2F%2F|://)(my.return.site.com)
RewriteRule .* - [F]
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.