Allow %0A in url RewriteRule with htaccess

Ok, so first, I had to add a check to make sure that the file didn't exist (the two RewriteCond's take care of that). Then I had to create a pattern that matched any character, or a \r or a \n that was matched one or more times(+). The zero or more times operator (*) didn't return the results properly.

RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule ^((.|\r|\n)+)/? index.php?params=$1 [L,NC]

Just an FYI here: A common hacking method called Whitespace filtering uses %0A

Filtering can be bypassed on the space character by using alternative whitespace characters to the space character (%20). Most SQL engines consider a line return (%0a in a *NIX environment, %0a%0d in a Windows environment), tab characters, or the + character as valid whitespace:

You must utilize %{THE_REQUEST} variable to grab actual path from original Apache web server request.

Try this code:

RewriteCond %{QUERY_STRING} !^params=.+ [NC]RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/+[^/]+/([^\s]+) [NC]RewriteRule ^ index.php?params=%1 [L,QSA]

Then inside index.php check $_SERVER["QUERY_STRING"] for the full unadulterated path with %0A in it.