views:

126

answers:

1

Hi,

As part of one our system's we enable a user in the backoffice to add a block of 301 redirects should they need to. This is just a textarea which then populates a specific area of a .htaccess file. As much as this may seem insecure it has only previously used internally by people who know what they are doing but for various reasons they cannot access the specific file. We need now to allow more access to this function, not for the general public, but for people that probably have far less knowledge of regexp etc and syntax in htaccess files. Obviously the major concern here is the user enters some bad syntax and makes their entire site, including the backoffice where they could fix the issue, totally inaccessible without manual intervention. What approaches can i take to make sure that they do not break their site? A htaccess syntax check? copy the file elsewhere and check it doesnt generate a 500 error (with cURL or similar)?. Would welcome any ideas.

Thanks.

+1  A: 

For ingenous users you should create a Tool that only accepts the data for the specific task, validates it and adds it to the htaccess.

elias
its difficult given that 301 rewrite rules could differ massively
seengee
They can't differ too "massively". They have to be on one line, and in two parts with an expected format for both parts. You can at the very least split your textarea's value on new line characters and make sure the two pieces fit the format. I'd guess the bulk of errors you'll encounter will either be people breaking things onto multiple lines or people who completely misunderstand the format, so even though the rules can be very different, some simple rules (and ensuring the proper prefix on each line) will make a big difference.
Tom
@Tom that's true - its not completely fault tolerant but would be an improvement
seengee
@seengee - this is similar to how cPanel in some hosting environments lets you setup redirects. Provide users with a from-to, verify that they work and don't violate rules that you set up, and then add them in.
thetaiko
this is as close to an answer as i think i'm going to get, i've thought of a new approach so i'll look at posting that as a new question
seengee