Adds support for typolink addQueryString to allow to include only specific url vars.
- What does it do?
- Flooding problems of addQueryString
- How can you prevent 'addQueryString flooding' problems?
- How can you prevent 'addQueryString flooding' problems without ext:urlguard?
- Known problems
This extension adds two new options for
typolink.addQueryString setting. This new options allow to define
what query parameters will be passed to newly created typolinks.
First option is
typolink.addQueryString.include (string, comma separated - empty by default). All query parameters
that does not exist on this list will be not passed to newly created typolink.
Second option is
typolink.addQueryString.includePluginsNamespaces (boolean - set by default to true). If enabled
then all query parameters that does not fit into first level of Extbase plugins namespace will be not passed to newly
In the background those both options check for all query parameter that does not exists on
typolink.addQueryString.includePluginsNamespaces and if so then adds them to
addQueryString.includePluginsNamespaces is enabled by default then you do not need to change your TypoScript
code after this extension installation. You will be safe from flooding by default!
Use composer or download by Extension Manager.
composer require sourcebroker/urlguard
Go to Extension Manager, find
Urlguardchoose Options and set
Clear TYPO3 frontend cache. In browser open link
https://www.example.com/?asd=1and look for the links builded by language menu. You should not see links like
?asd=1&cHash=1234567890. If you still see
?asd=1&cHash=1234567890it means ext:urlguard is not working. In that case look for note below.
Note! It may happen that one of your installed extension is already overwriting class
\TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer. In that case you may expect that either
urlguard will not
work or the second extension that overwrites class ContentObjectRenderer will not work. That depends which extension
is loaded last - the last one overwrites. If you are experiencing this situation then you can apply patch needed by
ext:urlguard directly to core class ContentObjectRenderer. Look for patches in
Resources/Private/Patches and apply
them manually or automatically with composer package
Note! For TYPO3 6.2 you can apply patch from Resources/Private/Patches/ContentObjectRenderer_TYPO3_6.2.patch
Usually when you build language menu (or page browsing) then you want to use
typolink.addQueryString to pass all
parameters that are set on query so the parameters are the same for other languages or for next pages in page browser.
Lets take an example. The link that was requested by user is a link to single view of news:
When TYPO3 will start to generate language menu it will build following links adding L parameter:
This is perfectly fine and what you wanted!
Unfortunately the reality is that bots are permanently hitting your website with very strange url parameters that are not
coming from you application. How it looks like then? Lets take an next example - bot hits your website with:
The language menu will build following links:
This is what you would like to avoid. What are the downsides of such situation? Please read next chapter.
When typolink is used with addQueryString option activated there is no easy way to exclude all possible query parameters
typolink.addQueryString.exclude because we can not predict all the params used by bots. This means that typolink
will generate links containing valid cHash but with bot's params that are not supported by our application. If later bot
will traverse those links then each of such link will build new cache entry in
cf_cache_pages table. This means
pressure on processor, database and database space.
Each link created by typolink has its entry in realurl table
tx_realurl_urldata. Because there is no way to effectively
exclude all possible query parameters with
typolink.addQueryString.exclude then this table will be flooded and will
make pressure on processor, database and database space.
Install ext:urlguard. By default it has active
typolink.addQueryString.includePluginsNamespaces which will exclude
all parameters that does not fit into first level of Extbase plugins namespace.
typolink.addQueryString.exclude where you can try to exclude all parameters that should not be passed
when creating new typolink. The problem is: you can not predict all the parameters used by bots.
The only 100% solution is to not use blacklisting of parameters (exclude) but whitelisting of parameters (include). This is what ext:urlguard is doing.