0

I am trying to write a Rewriterule which takes a domain from a URL of the format 

https://www.example.com/sample?TARGET=https%3A%2F%2Fwww.example.com%2Fexample%2Fhelp%3Fparam%3D1.

If the TARGET parameter is present I need to redirect the user to the value inside the TARGET query parameter. My rewrite rule is below:

RewriteCond  %{QUERY_STRING}  TARGET=([-a-zA-Z0-9_+]+)  
RewriteRule ^(.*)$  %1? [R=302,L]

This does not work because of two problems:

  1. %1? in the rewrite rule causes the rewrite to append the value of the TARGET query string to the existing domain.

  2. The value of %1 only contains https rather than https%3A%2F%2Fwww.example.com%2Fexample%2Fhelp%3Fparam%3D1.

I understand that this might not be the best way to go ahead with this, and I am open to suggestions.

Kevin Yan
  • 1,236
  • 11
  • 19
Avi
  • 406
  • 2
  • 8
  • [`%2F` in URLs is considered a security risk and is not allowed by default by Apache](http://stackoverflow.com/questions/9206835/2f-in-url-breaks-and-does-not-reference-to-the-php-file-required) – anubhava Apr 20 '16 at 11:30
  • But if you have decoded URL e.g. `https://www.example.com/sample?TARGET=https://www.example.com/example/help?param=1` then rule can redirect. – anubhava Apr 20 '16 at 11:31
  • I tried with both.. The value after the dot gets cut off.. Leaving only https in it – Avi Apr 20 '16 at 11:38

1 Answers1

1

You can use this rule instead:

RewriteEngine On

RewriteCond %{QUERY_STRING} ^TARGET=(.+)$ [NC]
RewriteRule ^ %1? [NE,R=302,L]

Important to use .+ in regex to be able to capture all characters of the URL specified in TARGET parameter.

This will redirect:

http://yourdomain.com/?TARGET=https://www.example.com/example/help?param=1 to

https://www.example.com/example/help?param=1

anubhava
  • 761,203
  • 64
  • 569
  • 643