0

I'm pretty newbie in URL redirection, and I would like to create this kind of redirection: http://example.com/?url=http://domain.test/ to http://domain.test/

The result I'm having so far is: http://example.com/?url=http://domain.test/ redirects to http://domain.test/?url=http://domain.test/

But I don't want the ?url=http://domain.test/ part.

The relevant part of my Apache2 virtual host is:

RewriteCond %{QUERY_STRING} url=(.*)
RewriteRule "/" "%1" [QSA,R=301,L]

I've searched into lot of forums but still can't find what I need.

Éric
  • 113
  • 6
Beelzeko
  • 1
  • 1
  • From your title and your *Apache httpd* directives, I understand that you want to pass a URL in a *query string*. But in your examples, `url=value` is not a query string (a leading `?` is missing for it to be a query string). A URL with a valid query string would be `http://example.com/?url=value`. – Éric Mar 29 '21 at 10:54
  • Yes, you're right, I've forgotten the leading ? – Beelzeko Mar 29 '21 at 14:42

1 Answers1

0

You were close to the solution. You need to get rid of the original query string thanks to the QSD flag (supported in Apache httpd 2.4.0 and later versions).

So, to achieve your goal, you could use these Apache httpd directives:

# Tested with Apache 2.4.38
RewriteCond %{QUERY_STRING} ^url=(.*)
RewriteRule ^ %1 [QSD,NE,R=301,L]

Interestingly, this solution supports URLs that have a query string themselves, e.g., http://example.com/?url=http://domain.test/?lang=en.

To deal with URLs that are passed encoded, like this: http://example.com/?url=http%3A%2F%2Fdomain.test%2F%3Flang%3Den, the simplest method is probably to process the passed URL with a tiny script of this kind:

<?php
# WARNING: Add some security checks to prevent exploits like https://www.securityfocus.com/bid/55297/exploit
header('Location: '.$_GET['url']); # $_GET members are automatically passed through urldecode().
?>

If you choose to use this script, then the Apache httpd directives above become useless and must be removed.

Last but not least, you should be aware that this redirection methods represent a security/reputation risk as discussed here.

Éric
  • 113
  • 6
  • 1
    As you said, I was close to the solution haha Thank you so much Eric ! :D And also thank you for additional information and warnings <3 – Beelzeko Mar 29 '21 at 14:42
  • Also, do you know how I can have a decoded URL if the %{QUERY_STRING} value is encoded ? :) For example : https://example.com/?url=https%3A%2F%2Fdevelopers.facebook.com%2Fdocs%2Fplugins%2Flike-button%3Flocale%3Dfr_FR – Beelzeko Mar 29 '21 at 16:01
  • @Beelzeko, I'm afraid this requires some scripting outside *Apache httpd* (e.g., in a PHP file). – Éric Mar 29 '21 at 18:04
  • @Beelzeko, I've extended my answer after your comment about encoded URLs. – Éric Mar 29 '21 at 19:12
  • 1
    thank you again for your precious help :) I'll try to create something with that – Beelzeko Mar 30 '21 at 08:22
  • Hi @Beelzeko, if this or any other answer has solved your question please consider [accepting it](https://meta.stackexchange.com/q/5234/179419) by clicking the check-mark. This indicates to the wider community that you've found a solution and gives some reputation to both the answerer and yourself. There is no obligation to do this. – Éric Mar 31 '21 at 12:29