tags:

views:

79

answers:

2
+1  Q: 

Remove IP address from Query String using HTACCESS

I have a URL like so:

http://example.com/one/?ACT=123&gateway=mygateway&method=mymethod&orderID=303&currency=EUR&amount=11&PM=CreditCard&ACCEPTANCE=test123&STATUS=9&CARDNO=XXXXXXXXXXXX1111&ED=0517&CN=Test+test&TRXDATE=08%2F12%2F10&PAYID=7963938&NCERROR=0&BRAND=VISA&ECI=7&COMPLUS=q5up5h9i6clkkpsntdmupijpl5&IP=169%2E59%2E201%2E137&SHASIGN=1E02A96814AF21FD5415A285FB51A46DFCD6EF4D

I'm trying to remove the following query variable from the query string in the URL IP=169%2E59%2E201%2E137 while leaving the rest of the string intact. That variable is an IP address which may be a different IP address each time, but will always be an IP. One of the CMS systems I use will error out if an IP address is found in the query string for security reasons. Unfortunately, I need to get data sent from a payment gateway, and there's no way at the gateway to turn off the IP address that's being sent from them. If I'm to capture data sent to my CMS, then I need to have the IP in the query removed or replaced using HTACCESS. 

    RewriteEngine On 
RewriteCond %{THE_REQUEST} ^GET\ /.*\ HTTP/ [NC]
RewriteCond %{QUERY_STRING} IP= [NC]
RewriteCond %{QUERY_STRING} (.*)(IP=[0-9]{1,3}%252E[0-9]{1,3}%252E[0-9]{1,3}%252E[0-9]{1,3})(.*) [NC]
RewriteRule .* %{REQUEST_URI}?%1%3 [R=301,L]

So, I started writing something like this, but honestly I suck at mod_rewrite, and regular expressions.

I don't care if it's set to IP=123, or just removed, but it can't be formatted as an IP. Please let me know if you can help!

A: 
qmega  2010-08-12 04:46:51
I'm not sure why this had two up-votes, downvoted because the REQUEST_URI doesn't include the QUERY_STRING. Proof of concept... RewriteRule ^(.*)$ http://www.google.co.uk/search?q=%{REQUEST_URI} [R=302]
Cags  2010-08-12 07:05:21
I also downvoted, because the test pattern input to a `RewriteRule` won't ever include the query string portion, so this takes the OP further away from the correct answer. Additionally, `%{REQUEST_URI}` does not contain the `%{QUERY_STRING}`, `mod_rewrite` will just auto-append the query string to the request if it is not overwritten, regardless of whether or not `%{REQUEST_URI}` was specified in the substitution.
Tim Stone  2010-08-12 07:57:19
Ok, I thought that `REQUEST_URI` included the query string because of the auto-append thing and because `$_SERVER['REQUEST_URI']` in php does include the query string. @Tim thank you for explaining. I have deleted my previous comment and upvoted Cags's answer.
qmega  2010-08-12 08:04:49
@qmega - To be fair, I think that the documentation does not do a good job of explaining that `%{REQUEST_URI}` behaves very differently from the `REQUEST_URI` passed to processes like PHP, making this process a little unclear. The confusion is definitely understandable (and I only went so far as to downvote in light that others had upvoted you without knowing whether or not that would work)
Tim Stone  2010-08-12 08:16:20
+2  A: 

I'm not sure about your first two RewriteConds but something like this should work...

RewriteCond %{QUERY_STRING} (.*)IP=\d{1,3}%2E\d{1,3}%2E\d{1,3}%2E\d{1,3}&(.*) [NC]
RewriteRule ^(.*)$ /$1?%1%2 [R=302,L]

This does assume that there will always be a parameter after the IP address, if that isn't the case you could remove the & but you would then end up with double ampersands. You could always move it to before IP if there is always a value preceeding it. Either way I'm assuming whatever service you are using is fairly standard.

NB: I always use 302 for testing purposes as once a browser caches a forward it can be difficult to test changes. Once it works change it back to 301.

Cags  2010-08-12 07:24:16

related questions

Passing a commented, multi-line (freespace) regex to preg_match
My regex is matching too much. How do I make it stop?
Using Regex to generate Strings rather than match them
Complexity of Regex substitution
What is the most brilliant regex you've ever used?
RFC calculation in Java need help with algorithm
What did I do wrong here? [Javascript Regex]
How do you use back-references to PCREs in PHP?
Need help writing a regex statement. [PHP]
Regex and unicode
Python Regular Expressions
Question about specific regular expression
Pre-built regular expression patterns or Regex Libraries?
Parsing attributes with regex in Perl
Regex Rejecting matches because of Instr
How do I bind a regular expression to a key combination in emacs?
How do you retrieve selected text using Regex in C#?
Remove Quotes and Commas from a String in MySQL
Regular expression for parsing links from a webpage?
What are good regular expressions?
Why is this regular expression faster?
Learning Regular Expressions
How far should one take e-mail address validation?
How can I get at the matches when using preg_replace in PHP?
Regex: To pull out a sub-string between two tags in a string