2

I have built a joomla-based website, and serving it with Apache server. I am now have to build a module to check the legitimate of the request from URI, if the URI satisfies some constrains, Apache then lets it access the normal Joomla website, else returns HTTP_BAD_REQUEST.

For example, if the URI contains <script>, Apache will return HTTP_BAD_REQUEST. Else, it lets the client access the joomla website. So how can I code the ELSE part.

static int my_apache_module_function(request_rec *r)
{
    if (strstr(r->args, "<script>") != NULL)
{
        return HTTP_FORBIDDEN;
}
    else
//direct the client to normal joomla homepage.
//I need your help here. I am really thankful for any clues.
}
Elin
  • 6,507
  • 3
  • 25
  • 47
weefwefwqg3
  • 961
  • 10
  • 23
  • 1
    Joomla really already does a lot of cleaning and checking the URIs and if a request contained ` – Elin Nov 01 '16 at 08:34
  • Thank you for the cmt. Could you pls share me the reference to which you said joomla check the security of URI? Also, if yes, so you have any ideas how can we disable them? – weefwefwqg3 Nov 01 '16 at 12:48
  • What research have you done? What parts of the API have you checked? You may want to look at the filter api for example. Which part of the documentation have you not understood? – Elin Nov 03 '16 at 01:03

1 Answers1

1

Simple, really. You use a subreqeust. In pseudocode:

if (r->main != NULL) return AP_DECLINED  // Ignore the subrequests.
sub = ap_sub_req_lookup_uri (r->unparsed_uri, r, NULL);
rc = ap_run_sub_req (sub);
ap_destroy_sub_req (sub);
return rc

The trick is checking r->main in order not to handle your own subrequests.

ArtemGr
  • 11,684
  • 3
  • 52
  • 85