Due to a security vulnerability in WordPress, a bunch of my posts got renamed to something like:
http://**MYSITE**/2008/08/21/**POSTNAME**/%&%28%7B$%7Beval%28base64_decode%28$_SERVER%5BHTTP_EXECCODE%5D%29%29%7D%7D%7C.+%29&%/
I've since fixed the problem, upgraded WordPress, and also upgraded my Web server to Apache 2.2.3. The problem is, now I have a bunch of URLs that are indexed in Google and linked to from other sites. Google will eventually remove them from their index, but in the meantime I want to rewrite the bad URLs to correct URLs.
I've tried the following mod_rewrite rule, but it doesn't seem to work. It seems like Apache is seeing the request as "bad" and just returning an HTTP 400 error without ever consulting mod_rewrite (or mod_redirect). Here's the rule I've tried:
RewriteRule ^(20[0-9]{2}/[0-1][0-9]/[0-3][0-9]/[^/]+)/.*base64.*$ http://***MYSITE***/$1 [L,R=302,QSA]
Which matches when I test it in a regular expression tool, but doesn't seem to make any difference to Apache. Has anyone come across this problem? Any possible solution?
Thanks!
Chris
Best Answer
You could define a custom ErrorDocument for the 400 Errors like so:
and then have that cgi (or php or servlet or whatever) do the header rewriting and location redirecting.
EDIT: because of Jacek's answer I just tested above solution to confirm it works on Apache 2.2.
My Server Config:
lukas$ cat /var/www/cgi-bin/handle400.pl
Now when accessing the broken URL that would produce an error 400 Bad Request before, I now get the following (partial) output:
So you do get enough information to do a proper status code change and location redirect.