source: main/trunk/greenstone3/web/WEB-INF/rewrite.config@ 38341

Last change on this file since 38341 was 37757, checked in by anupama, 12 months ago

Dr Bainbridge fixed rewrite.config (Apache2 style rewrite rules that tomcat uses) to allow relative links to work again, such as in the Small HTML collection tutorial. The link to Katharine of Aragon in the boleyn.html page should work, as it's another document in the same collection, whereas the Letters Written By Anne link no longer work as it's on the web, outside the DL, indicated by how its query string parameter for relative link is set to false (as rl=0).
File size: 1.2 KB
Line 
1# For general info on Rewrite rules, see:
2# https://github.com/aurelius0523/tomcat-url-rewrite
3# For more specific help on how set up Tomcat config files to this functionality, see
4# https://tomcat.apache.org/tomcat-9.0-doc/rewrite.html
5
6
7# By default, Greenstone3 no longer allows document redirects such as
8# https://mygreenstone.org/greenstone3/library?el=&a=d&c=mycol&d=&rl=0&href=//malicious-site.com
9# As this allows Open Redirect attacks
10#
11# We are working on an upgrade to GS3 that will allowing redirects that match a fixed list of URLs (regex)
12# However, this is not yet in the code base, an so we are disabling by default for now
13
14# Each rewrite condition line is by default connected to the next one with an AND operation,
15# see https://serverfault.com/questions/293160/apache-rewrite-multiple-conditions
16# The following ensures that links (href anywhere in query string) that are *not* relative
17# (so rl=0 anywhere in query string) now return F(orbidden) for security reasons. This change
18# ensures that relative links (rl=1) work again.
19
20RewriteCond %{QUERY_STRING} (^href=.*$)|(^.*&href=.*$)
21RewriteCond %{QUERY_STRING} (^rl=0.*$)|(^.*&rl=0.*$)
22RewriteRule ^(.*)$ $1 [F]
23
Note: See TracBrowser for help on using the repository browser.