We have created an iframe loader index5.php which will show two iframes, iframe1 and iframe2. The content of iframe2 can be set by accessing index5.php?url=iframe2url. So, going to
domain/index5.php?url=www.serverfault.com
would load serverfault in one iframe and our code in another. We only want to be able to use this on our own domain to prevent XSS, so we've made sure the index5.php only allows our domain.
We furthermore want to redict all requests to our wordpress website from
domain/page
to
domain/index5.php?url=http://domain/page
However, if we use
RewriteCond %{REQUEST_URI} !^/index5\.php$
RewriteCond %{HTTP_HOST} ^domain$
RewriteRule ^(.*)$ http://domain/index5.php?url=http://domain/$1 [R=301,L]
there is an infinite redirect. How can we prevent this?
Best Answer
When you do a rewrite in a
.htaccess
file (as opposed to within the apache configuration), the the path prefix of the directory containing the file is stripped away, as per the apache documentation.This means that the rewrite condition should not contain the leading
/
. Instead, it should read