Hi, I have a question about mod_rewrite. I want to deny access if the variables included in the GET or the POST are matching a defined string
this is what I use: -------- RewriteCond %{REQUEST_METHOD} ^(GET|POST)$ [NC] RewriteCond %{QUERY_STRING} (myvariable=xxx123) [NC] RewriteRule .*? - [F] -------- This is working, but only for GET: -------- GET /site/file.php?var1=Login&username=user1&in_pw_userpass=userpassword&myvariable=xxx123 -------- the query_string is matched and everything is working fine as mod_rewrite is condisering: QUERY_STRING=var1=Login&username=user1&in_pw_userpass=userpassword&myvariable=xxx123 This is not working for the POST, as checking the HTTP-Headres, I see that the made POST is something like this: -------- POST /site/file.php? HTTP/1.1 Host: myhost.example.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: <deleted by me in this email> Cookie: <deleted by me in this email> Content-Type: application/x-www-form-urlencoded Content-Length: 156 var1=Login&username=user1&in_pw_userpass=userpassword&myvariable=xxx123 -------- so, QUERY_STRING="", and I can't check the content of the POST. Is there a way with mod_rewrite to verify and match the content of the POST?