Help with .htaccess and mod_rewrite


#1

Hey guys,

I need some help with some tricky mod_rewrite stuff. I’m hoping someone here can suggest something.

I’ve created a subdomain wholely dedicated to formmail and spam trapping. I’m using nms FormMail as my script, and I have it shut right down, max of one recipient, only to a very limited list of destination accounts and every one of those aliased. Right now, everything is working fine with the code but I’m having trouble with mod_rewrite.

What I want is very simple. I want people to be able to go ONLY where I send them (which is VERY structured) and everything else goes into honey pot I’m using (WPoison as it turns out).

my .htaccess currently looks like this:

RewriteEngine on
RewriteRule ^mailbox/([0-9]+)/?$ /form.pl?mailbox=$1 [NC,L]
RewriteRule ^mailbox/([0-9]+)/Send/?$ /formmail.pl?recipient=$1 [NC,L]
RewriteRule ^$ /index.html [L]
RewriteCond %{REQUEST_FILENAME} !^robots.txt$
RewriteRule .* /poison.pl [L]

The idea is that any requests for the root of the site gets a static page that explains what’s going on and provides links into the poison.pl which is a simple honeypot. Any request for Mailbox/11 and the like gets sent to my form script which simply writes out the form with the individual person’s name in the output. Then requests to Mailbox/11/Send go to the formmail.pl script itself, passing in the recipient directly from the URL, not a great dodge, but what are you to do? The script form.pl will redirect any request for a non-existant MailBox to the root.

The problem is with the very last two lines.

I want every request that does NOT match what I’ve setup, then I want it to get sent directly to the poison.pl script The last few lines cause all sorts of problems. Basically I get the following error:

Request exceeded the limit of 10 internal redirects due to probable configuration error. Use ‘LimitInternalRecursion’ to increase the limit if necessary. Use ‘LogLevel debug’ to get a backtrace.

So somehow I’m getting loops in my rewrites.

Any thoughts?
Adam


#2

I’m no expert on htaccess, but perhaps this comment could be somewhat useful. You used “L” at the end of a couple RewriteCond lines but that instructs Apache to stop the rewrite process, which ostensibly includes the RewriteRule line. To this point, I’ve only seen the “L” used in conjunction with a RewriteRule. For RewriteCond I have typically seen the use of an “OR” clause.

Additionally, the very last line looks a little suspect to me. You set up a RewriteCond line, but there is no RewriteRule after it to instruct Apache on what to do next.

[quote]From: http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
’last|L’ (last rule)
Stop the rewriting process here and don’t apply any more rewrite rules. This corresponds to the Perl last command or the break command in C. Use this flag to prevent the currently rewritten URL from being rewritten further by following rules. For example, use it to rewrite the root-path URL (’/’) to a real one, e.g., ‘/e/www/’.[/quote]
Example from one of my htaccess files…

[code]RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|=) [OR]

Block out any script trying to base64_encode crap to send via URL

RewriteCond %{QUERY_STRING} base64_encode.(.) [OR]

Block out any script that includes a tag in URL

RewriteCond %{QUERY_STRING} (<|<).script.(>|>) [NC,OR]

Block out any script trying to set a PHP GLOBALS variable via URL

RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]

Block out any script trying to modify a _REQUEST variable via URL

RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})

Send all blocked request to homepage with 403 Forbidden error!

RewriteRule ^(.*)$ index.php [F,L]
[/code]


#3

[quote]I’m no expert on htaccess, but perhaps this comment could be somewhat useful. You used “L” at the end of a couple RewriteCond lines but that instructs Apache to stop the rewrite process, which ostensibly includes the RewriteRule line. To this point, I’ve only seen the “L” used in conjunction with a RewriteRule. For RewriteCond I have typically seen the use of an “OR” clause.

Additionally, the very last line looks a little suspect to me. You set up a RewriteCond line, but there is no RewriteRule after it to instruct Apache on what to do next.
[/quote]
Unless i’m looking at something different, the "L"s are at the end of RewriteRule lines and the last two lines are a RewriteCond and a RewriteRule line.

I’m not an expert on mod_rewrite, but you don’t have a RewriteBase. Maybe it isn’t required, but everything I’ve done/seen with mod_rewrite has had it.

DreamHost! Save money with promo codes!
SUPERSAVINGS97: save $97 on yearly plans!
MONTHLYNOSETUP:waived setup fee on monthly plans!