Reputation: 577
Can someone please explain this regex to me?
I just want to understand this regex better:
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
I understand the rewrite and _REQUEST. I just want to understand the regex better.
From this, I assume that the backslash before the % sign means that it will allow %. Is it also allowing pipes and brackets?
What is the purpose of allowing a percentage sign? Doesn't that just open up the possibility of an attack with hexadecimal characters?
Upvotes: 0
Views: 91
Answers (2)
Reputation: 921
At the highest level, the regular expression can be broken down into 3 parts, separated by the '|' character which means logical OR.
Part 1: =
Part 2: \[
Part 3: \%[0-9A-Z]{0,2}
A string matching any one of these subexpression will match the whole expression.
Part 1 simply means if the string is composed of one character, which is the equals character: =.
Part 2 means that the string is composed of one character, which is the left bracket character: [. The backslash is there to escape the left square bracket character, which has a special meaning in regular expressions (see part 3)
Part 3 is composed of two parts. First, \% which indicates that for a string to match this expression it must begin with the percent '%' character. The backslash is there to escape it since it also has a special meaning in regular expressions. the next segment, [0-9A-Z] means that the following character can be composed of a either a character between 0 and 9, or a character between A-Z. Either one should work fine. The last segment {0,2} modifies the previous segment, and says that between 0 and 2 characters as specified in the previous segment are acceptable. So all the following strings match part 3:
%
%A
%B
%0
%3
%AF
%1G
%8M
the following strings do not match part 3:
'' (the empty string)
1A (doesn't start with %)
%3f (lowercase f is not allowed)
%F5A (3 characters following the percent sign)
I find it helpful to use an online tool to help construct/decipher regular expressions such as: http://rubular.com/
Upvotes: 1
Reputation: 5138
The part in parentheses says:
An equal sign or a left square bracket or a percent sign followed by any number or capital letter occurring 0 to 2 times.
I have no idea what the purpose of it is.
Upvotes: 2
Related Questions
- .htaccess - Help me understand the behavior
- htaccess regular expression explaination
- Understanding mod_rewrite and regular expressions
- Explanation of this .htaccess file
- .htaccess - translation to layman terms needed
- .htaccess and regex puzzle
- What is this rewrite rule doing, exactly?
- What does this regex/re-write do?
- Mod_Rewrite help to understand this expression
- Explain this .htaccess snippet