Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • I'm sure you're already aware, but for the benefit of anyone who might find the article from your link, mod_rewrite does not help as much in the security department as the article might leave you to think. Just because the "simple" form of the URL is validated by Apache does not mean that your script can't get bad input. Users may still call the script at its actual location with real CGI parameters and give bad input.

    Security through obscurity isn't. Always check user input in your CGI script, even if yo
    • by ThatAdamGuy (4003) on 2003.02.28 0:52 (#17599)
      Hi there,

      I must first admit that while I'm proudly at least somewhat of a geek, I'm a perl-idiot. I know enough to upload my perl cgi scripts with the right permission, and that's about it. And as far as .htaccess... well, um, I know about basic redirects :D

      That said, I humbly ask for your kind help.

      I run the site smilezone.com, and I just started up a blog at blog.smilezone.com. Everything's been relatively hunky dory since I discovered and implemented this in my .htaccess file to get the subdomain to work:

      ---
      RewriteEngine On
      Options +FollowSymlinks
      RewriteBase /
      RewriteCond %{HTTP_HOST} blog.smilezone.com
      RewriteCond %{REQUEST_URI} !blog/
      RewriteRule ^(.*)$ blog/$1 [L]
      ---

      This works fine, except for two problems:

      1) It doesn't protect against people accessing my blog incorrectly via smilezone.com/blog

      2) If someone goes to blog.smilezone.com/tips (without the trailing slash), they're transported to www.smilezone.com/blog/tips/ :-(

      So this evening, I stumbled upon your .htaccess snippet above, Matt, and tried it out. It seems to work great, except for a DIFFERENT problem:

      It redirects blog.smilezone.com to blog.smilezone.com/blog/, when I don't want the last blog there.

      Thanks so much in advance for any advice you can offer :-)

      Regards,
      Adam