you completly missunderstood what i am saying there is no problem with "arg_separator.output"
there are only a lot of problems with by stupidity broken clients not able to handle a 100% valid <a href="/your-script.php?test1=1&test2=0"> and following the URL with & in the request to the webserver INSTEAD decode the entity this is plain wrong, there are hundrets of robots doing it wrong and there are many clients (java, apple-software) doing it also wrong what means finally that the variable "test2" never reaches the script leading to have hundrets of duplicate contents form the view of this crap-clients and yes you MUST encode & in a href with & if you are using html-validators to verify your work and before i write any software producing invalid HTML i leave this business at all __________________ the following mod_rewrite-rule does the trick but i would be much more satisfied if mod_security could do this replace instead having mod_rewrite active on some hundret domains with the overhead of a normally not needed and problably even not loaded module <Directory /> <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{QUERY_STRING} (.*)&(.*) RewriteRule .* %{REQUEST_URI}?%1&%2 [N,R=301] </IfModule> </Directory> Am 21.08.2012 18:26, schrieb Mario Brandt: > Usualy that is set in php.ini > see arg_separator.output > > On Tue, Aug 21, 2012 at 12:44 PM, Reindl Harald <h.rei...@thelounge.net> > wrote: >> >> >> Am 21.08.2012 12:37, schrieb Josh Amishav-Zlatin: >>> On Tue, Aug 21, 2012 at 11:57 AM, Reindl Harald <h.rei...@thelounge.net >>> <mailto:h.rei...@thelounge.net>> wrote: >>> >>> /show_content.php?sid=126&detail_id=3984 >>> >>> i have a modsec-rule to kill such requests because they >>> will never show the expected content - is there a way >>> for modsec or httpd to replace them with the correct & >>> and fix this transparent? >>> >>> Hi Reindl, >>> Mod_Rewrite should be able to help >> >> i doubt mod_rewrite for some hundret of vhosts before >> the application firewall will not be so good :-( >> >> it is so frustrating that there are so many broken >> mail-clients and robots which are too stupid to >> handle correct encoded HTML-URLs in a proper way >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-de-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-de-h...@httpd.apache.org > -- Reindl Harald the lounge interactive design GmbH A-1060 Vienna, Hofmühlgasse 17 CTO / CISO / Software-Development p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40 icq: 154546673, http://www.thelounge.net/ http://www.thelounge.net/signature.asc.what.htm
signature.asc
Description: OpenPGP digital signature