Question
I'd like to rewrite all not existed GET parameters like www.example.com?afasfnk= to a 404 page. So all i need is to get all existed GET parameters and include them into my .htaccess., like this:
https://stackoverflow.com/questions/19444686
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianRewriteCond %{QUERY_STRING} (^|&)=(.*)
RewriteCond %{QUERY_STRING} !(^|&)=(aget|bget)(&|$)
RewriteRule ^(.*) - [F]
The question is how to find them most efficiently. F.e. in my cms i have
$filedir = $_GET['a'];
I need this "a" value to be extracted and so on..
Solution
There is no automatic way. If you have your source PHP in Windows OS, you should install UltraEdit or something like this, and search '$_GET[' string in all source files, and register all variable names manually. Finally you put undesired words in your apache forbidden words list.
In Unix OS, you can do, under your DocumentRoot directory:
grep -R '$_GET\[' .
Another possibility is to search these words in apache access log files, like
vi access.example.com.log
OTHER TIPS
You should implement such a redirect in your application, instead of in the server. There is no automatic way to update such a list of used parameters in the .htaccess and you are limiting the usage of request parameters in the application for no good reason.
On the other hand, if no matching request parameter could be evaluated in the application, you could either directly display a 404 page or redirect to one (see: header()).
