Redirect an url with params

andersonbravo · 2019-01-18 15:15:55 UTC

Hey guys, i’m new here, and i’m trying to redirect a feature in my website. It’s a running web page when the runners share their results with other runners.

The page to share the results is e.g.:
www.diariodecorredor.com.br/[email protected]

It’s redirects to www.diariodecorredor.com.br/[email protected] by .htaccess .

But my server start to block this requisition claiming to be attempted invasion. I can change this for another url, like www.diariodecorredor.com.br/[email protected] or www.diariodecorredor.com.br/[email protected] , but the first is better to share.

So i’m trying to redirect this in cloudflare without results. I try:

Rule:
https://www.diariodecorredor.com.br/@

Redirects to:
https://www.diariodecorredor.com.br/[email protected]$2

sandro · 2019-01-18 11:07:35 UTC

That might be WAF. Do you have that enabled? If so, try disabling it

As for your page rule, it probably does not work as the pattern also matches the redirection URL and so probably goes in circles.

sandro · 2019-01-18 11:03:31 UTC

I presume you get the following error

The details would be

Forwarding URL matches the target and would cause a redirect loop

in this case.

floripare · 2019-01-18 14:26:57 UTC

I believe the rule you meant to ask would be:

Rule
www.diariodecorredor.com.br/*@*

(No need to specify https, but need to create two capture groups, which in Cloudflare are just the * character, that would then be transported in $1 and $2 respectively.)

However, as @sandro has pointed out, this rule results in an error, as I believe Cloudflare would not accept the special character @.

You could set the rule with the @ encoded as %40, but this would only work if you could control how the URL is input, which is not the case.

If everything worked fine, you then would face the issue of a loop, as the expression

/[email protected] would also match your rule.

I believe you’d be better off avoiding the CF page rule redirect altogether, and just create the redirect at the server level using a regular expression that can stop the redirect when it finds “filter.php”.

sandro · 2019-01-18 14:31:19 UTC

From what I understood, it is not so much the at symbol but the resulting redirection loop which is the issue. This could be prevented with aforementioned second page rule but the check does not take other page rules into account.

floripare · 2019-01-18 14:49:12 UTC

Oh, I see… Then it’s possible to create the following rule:

…and have the filter.php handle the decoding of the URL!

sandro · 2019-01-18 14:51:57 UTC

Maybe :), would need to test it before I make wild promises

floripare · 2019-01-18 15:00:42 UTC

I tested this rule on my testing website with Chrome and Firefox and it did work as far as redirecting goes. Of course @andersonbravo would have to test it in his environment, and also take steps to make sure other issues won’t make this a bad experience for the user. I’m thinking browsers that send the already encoded URL request, which could result in a 404.

Also: if the website generates other, unrelated URLs that happen to contain an email address, they will be wrongly redirected to /[email protected], so definitely this need to be done carefully.

sandro · 2019-01-18 14:57:50 UTC

@floripare, you might be onto something.

Still testing.

sandro · 2019-01-18 16:11:05 UTC

Aforementioned approach with the initial stopping page rule coupled with the URL encoded at symbol (to trick Cloudflare’s parser) should actually work

sandro · 2019-01-18 15:06:30 UTC

The ?q should be ?r.

floripare · 2019-01-18 15:07:02 UTC

And in my posts, /filter.php should be /perfil.php

andersonbravo · 2019-01-18 15:33:30 UTC

https://www.diariodecorredor.com.br/’’@’’

sandro · 2019-01-18 15:34:25 UTC

Not sure what you meant with your last response.

andersonbravo · 2019-01-18 16:04:17 UTC

It’s work, but staying in looping when i click in a link in the page =/

andersonbravo · 2019-01-18 16:07:26 UTC

Hey man, it works !! =] very thanks

sandro · 2019-01-18 16:07:35 UTC

Can you post a screenshot of your rules? The way I posted it should work.

andersonbravo · 2019-01-18 16:12:20 UTC

Thank you guys. it’s work! rule2

sandro · 2019-01-18 16:26:47 UTC

All right, excellent!

And credit where credit is due, @floripare made a very point about the URL encoded character, otherwise we’d be still fighthing the rule parser and its conviction of a redirect (which is actually not wrong, if it werent for the first rule).

andersonbravo · 2019-01-21 10:49:09 UTC

Oh no =[ my friend, the rule Geolocation worked in first time, but now stop … and i started a looping

You can see in the url http://www.diariodecorredor.com.br/[email protected] , and then there is a link ‘[ Detalhar ]’

The url redirect to https://www.diariodecorredor.com.br/perfil.php?email=eu%40andersonbravo.com.br and then to https://www.diariodecorredor.com.br/perfil.php?email=perfil.php?email=eu%40andersonbravo.com.br&det repeating the ‘perfil.php’