diff options
Diffstat (limited to 'docs/manual/rewrite/flags.html.en')
-rw-r--r-- | docs/manual/rewrite/flags.html.en | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/docs/manual/rewrite/flags.html.en b/docs/manual/rewrite/flags.html.en index bfb5656..604e278 100644 --- a/docs/manual/rewrite/flags.html.en +++ b/docs/manual/rewrite/flags.html.en @@ -57,6 +57,8 @@ providing detailed explanations and examples.</p> <li><img alt="" src="../images/down.gif" /> <a href="#flag_r">R|redirect</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#flag_s">S|skip</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#flag_t">T|type</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#flag_unsafe_allow_3f">UnsafeAllow3F</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#flag_unsafe_prefix_status">UnsafePrefixStat</a></li> </ul><h3>See also</h3><ul class="seealso"><li><a href="../mod/mod_rewrite.html">Module documentation</a></li><li><a href="intro.html">mod_rewrite introduction</a></li><li><a href="remapping.html">Redirection and remapping</a></li><li><a href="access.html">Controlling access</a></li><li><a href="vhosts.html">Virtual hosts</a></li><li><a href="proxy.html">Proxying</a></li><li><a href="rewritemap.html">Using RewriteMap</a></li><li><a href="advanced.html">Advanced techniques</a></li><li><a href="avoid.html">When not to use mod_rewrite</a></li><li><a href="#comments_section">Comments</a></li></ul></div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> @@ -820,7 +822,22 @@ otherwise the MIME-type set with this flag is lost due to an internal re-processing (including subsequent rounds of mod_rewrite processing). The <code>L</code> flag can be useful in this context to end the <em>current</em> round of mod_rewrite processing.</p> - +</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="flag_unsafe_allow_3f" id="flag_unsafe_allow_3f">UnsafeAllow3F</a></h2> + <p> Setting this flag is required to allow a rewrite to continue If the + HTTP request being written has an encoded question mark, '%3f', and the + rewritten result has a '?' in the substiution. This protects from a malicious + URL taking advantage of a capture and re-substitution of the encoded + question mark.</p> +</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="flag_unsafe_prefix_status" id="flag_unsafe_prefix_status">UnsafePrefixStat</a></h2> + <p> Setting this flag is required in server-scoped substitutions + start with a variable or backreference and resolve to a filesystem path. + These substitutions are not prefixed with the document root. + This protects from a malicious URL causing the expanded substitution to + map to an unexpected filesystem location.</p> </div></div> <div class="bottomlang"> <p><span>Available Languages: </span><a href="../en/rewrite/flags.html" title="English"> en </a> | |