htaccess Elite

by **rewritecond** » 08 Oct 2007 17:07

I ended up replacing it with the following configuration options, which achieve what I want:

Code: Select all: # These SetEnvIf statements get evaluated per request, before the # Rewrite* statements. The Header statement sets a cookie to # remember the visitor's original referrer until the visitor submits the # contact form. SetEnvIf Request_Method ".*" set_referrer_url_from_http_referer SetEnvIf Referer "^$" !set_referrer_url_from_http_referer SetEnvIf Referer "^http://(www\.)?mydomain\.com" !set_referrer_url_from_http_referer SetEnvIf Request_URI "^/vanity_url/" !set_referrer_url_from_http_referer Header add Set-Cookie "original_referrer_url=%{HTTP_REFERER}e; domain=.mydomain.com" env=set_referrer_url_from # The Rewrite* statements are needed to handle the case when # vanity URLs are used. Vanity URLs are of the form # www.mydomain.com/abc. A vanity URL of the form /(abc) gets remapped # to /vanity_url/abc.html, etc.... The original referrer information is # also retained, which is important because if we simply did it in the # SetEnvIf and Header section above, the referrer would be lost because # the rewrite causes an internal redirect, which causes the referrer # HTTP header to be lost. RewriteEngine on RewriteBase / RewriteCond "/home/mydomain/www/public_html/vanity_url/$1.html" -s RewriteCond "%{HTTP_REFERER}" "^http://(.+)$" RewriteRule "^([a-zA-Z0-9]+)$" "vanity_url/$1.html" [CO=original_referrer_url:%1:.mydomain.com,L] RewriteCond "/home/mydomain/www/public_html/vanity_url/$1.html" -s RewriteRule "^([a-zA-Z0-9]+)$" "vanity_url/$1.html" [L]

When I said the original configuration setting did not work, I meant that it did
not set the cookie as I wanted. Regardless, now I have my problem resolved in a
good way. however, I think cookie flag of the RewriteRule directive does not
allow environment variables. If it were consistent, you would think that the
cookie flag should allow environment variables.

by **rewritecond** » 08 Oct 2007 17:12

Code: Select all: Apache reverse proxy and iNotes - Here's how you can do it. Posted by Josh Tibbs on 18.Sep.03 at 03:38 PM using a Web browser Category: iNotes -- iNotes Web AccessRelease: 5.0.10Platform: Windows 2000 Hi Mike and everybody else, I'm using Redhat 9, Apache 2, Domino 5.0.10 on Win 2k, IIS. Here's how I did it. My servers are all Domino for IIS with Basic auth only turned on in IIS. The cinapp1 server is the main app server with the portalish page. The portal page also serves a second purpose of setting a cookie with the user's server name (derived from Domino Directory and set with Computed Text JavaScript) that is used by mod_rewrite in Apache to rewrite requests to the user's correct server. The proxy itself uses basic auth over SSL (actually it's all over SSL) and authenticates users against Win2K AD (mod_auth_kerb). The browser then offers the credentials on each request because all requests are going to the same realm/server from the browser perspective. There are a few problems still, though. 302 redirects are dog slow. I work around a few of them with mod_rewrite. Sometimes pages seem to stall. Haven't figured that out yet. There may be more efficient ways to do these rules and there may be junk rules left in this config. I'm a mod_rewrite n00b. Suggestions welcome. # Config file for domain webmail #Use a virtual host on port 80. Redirects to 443 for SSL. <VirtualHost *:80> ServerName webmail.domain.com Redirect / https://webmail.domain.com </VirtualHost> <VirtualHost *:443> ServerName webmail.domain.com #SSL Stuff SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateKeyFile /etc/httpd/conf/webmail.domain.com.key SSLCertificateFile /etc/httpd/conf/webmail.domain.com.crt SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 #Fix the redirects. Forwards are handled by mod_rewrite and [P] ProxyPassReverse / http://cinmail1.domain.com/ ProxyPassReverse / http://crnmail1.domain.com/ ProxyPassReverse / http://cromail1.domain.com/ ProxyPassReverse / http://einmail1.domain.com/ ProxyPassReverse / http://elymail1.domain.com/ ProxyPassReverse / http://munmail1.domain.com/ ProxyPassReverse / http://nrbmail1.domain.com/ ProxyPassReverse / http://olymail1.domain.com/ ProxyPassReverse / http://pinmail1.domain.com/ ProxyPassReverse / http://elymail1.domain.com/ ProxyPassReverse / http://thomail1.domain.com/ ProxyPassReverse / http://cinapp1.domain.com/ ProxyPassReverse / http://cinip140wtdom.domain.com/ ProxyPassReverse / http://cinip142wtdom.domain.com/ ProxyPassReverse / http://webmail.domain.com/ ProxyPassReverse / http://webmailex.domain.com/ #Turn on rewrite and crank up the log RewriteEngine on RewriteLog /etc/httpd/logs/rewrite.log RewriteLogLevel 1 #Force SSL RewriteCond %{SERVER_PORT} ^80 RewriteRule (.*) $0 [R] #Logout #RewriteCond %{QUERY_STRING} ^Logout #RewriteRule (.*) /webserv.nsf [R,L] # hack to return 302 to redirect to real webmail page instead of # letting domino do it. 302 redirects are slow via proxy for unknown reason. RewriteRule ^/mail/(.*)\.nsf$ $0/iNotes/Welcome/?OpenDocument [R,L] #The rules. One set per server. RewriteCond %{HTTP_COOKIE} domainWebmailSite=cinmail1 [NC] RewriteRule ^/((mail|iNotes|icons|domjava)/.*)$ http://cinmail1.domain.com/$1 [P] RewriteCond %{HTTP_COOKIE} domainWebmailSite=cromail1 [NC] RewriteRule ^/((mail|iNotes|icons|domjava)/.*)$ http://cromail1.domain.com/$1 [P] RewriteCond %{HTTP_COOKIE} domainWebmailSite=crnmail1 [NC] RewriteRule ^/((mail|iNotes|icons|domjava)/.*)$ http://crnmail1.domain.com/$1 [P] RewriteCond %{HTTP_COOKIE} domainWebmailSite=einmail1 [NC] RewriteRule ^/((mail|iNotes|icons|domjava)/.*)$ http://einmail1.domain.com/$1 [P] RewriteCond %{HTTP_COOKIE} domainWebmailSite=elymail1 [NC] RewriteRule ^/((mail|iNotes|icons|domjava)/.*)$ http://elymail1.domain.com/$1 [P] RewriteCond %{HTTP_COOKIE} domainWebmailSite=munmail1 [NC] RewriteRule ^/((mail|iNotes|icons|domjava)/.*)$ http://munmail1.domain.com/$1 [P] RewriteCond %{HTTP_COOKIE} domainWebmailSite=pinmail1 [NC] RewriteRule ^/((mail|iNotes|icons|domjava)/.*)$ http://pinmail1.domain.com/$1 [P] RewriteCond %{HTTP_COOKIE} domainWebmailSite=thomail1 [NC] RewriteRule ^/((mail|iNotes|icons|domjava)/.*)$ http://thomail1.domain.com/$1 [P] RewriteCond %{HTTP_COOKIE} domainWebmailSite=nrbmail1 [NC] RewriteRule ^/((mail|iNotes|icons|domjava)/.*)$ http://nrbmail1.domain.com/$1 [P] RewriteCond %{HTTP_COOKIE} domainWebmailSite=olymail1 [NC] RewriteRule ^/((mail|iNotes|icons|domjava)/.*)$ http://olymail1.domain.com/$1 [P] #Didn't match yet? Better tell the user she has a bad cookie. RewriteRule ^/((mail|iNotes|icons|domjava)/.*)$ http://webmailex.domain.com/badcookie.htm [P] # fix another 302 delay RewriteCond %{HTTP_HOST} ^webmail\.domain\.com RewriteRule (^/$) /webserv.nsf [R,L] # make the homepage requests go to the homepage server RewriteCond %{HTTP_HOST} ^webmail\.domain\.com RewriteRule (.*) http://webmailex.domain.com$0 [P] # require KRB5 auth against AD from the top down <Location /> SSLRequireSSL AllowOverride None AuthType KerberosV5SaveCredentials AuthName "domain Webmail" # determines if mod_auth_kerb will allow other modules # to try to authenticate the user after it fails to do so KrbAuthAuthoritative off KrbAuthRealm DOMAIN.COM KrbLifetime 300 #KrbExpireReauth on order allow,deny allow from all require valid-user </Location> </VirtualHost>

by **rewritecond** » 08 Oct 2007 17:15

Code: Select all: Thanks, I currently got this working: RewriteEngine On RewriteCond %{QUERY_STRING} adwords$ [NC] RewriteCond %{ENV:adwords}!^1$ RewriteCond %{HTTP_COOKIE}!^.*adwords=1.*$ [NC] RewriteRule ^.*$ - [E=adwords:1,CO=adwords:1:www.mysite.com] RewriteCond %{ENV:adwords}!^1$ RewriteCond %{HTTP_COOKIE} ^.*adwords=1.*$ [NC] RewriteRule ^.*$ - [E=adwords:1] However, I believe it is not optimal yet. Not sure if writing out the Cookie through the RewriteEngine is the best thing. Also, the regex for recognizing the adwords=1 in the Cookie is not really efficient. Anyone got any improvements?

by **rewritecond** » 08 Oct 2007 17:15

Code: Select all: RewriteEngine on RewriteCond %{HTTP_COOKIE}!^.*CookieName.*$ RewriteRule ^.*$ /_splash/setcookie.cgi

by **rewritecond** » 08 Oct 2007 17:47

First thing to check on a 500-Server Error is your error log. It will tell you what the problem is. If you don't have access to your error log, it's time to look for a new host; You can't do much serious server-side stuff without an error log.

I'm not sure if this is a cut-n-paste error or the effects of posting on this board, but you must have space in the RewriteConds between the characters "}" and "!", and the last line is missing the closing "]".

I tested the code I posted in msg#18, and it works correctly on my servers. The URL is rewritten, the query string is populated, and the environment variable is populated and passed to the script correctly.

Code: Select all: DirectoryIndex cgi-bin/y/d.cgi/?index-IPP10000 index.htm Options +FollowSymlinks -Indexes -MultiViews RewriteEngine on RewriteBase / RewriteCond %{HTTP_REFERER} . RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC] RewriteRule \.(gifÂ¦jpe?gÂ¦pngÂ¦bmp)$ - [F,NC] RewriteRule ^\.htaccess$ - [F] # # New Test of URL passing variables # RewriteRule ^([0-9]+)/([a-z]+)/?$ /cgi-bin/y/d.cgi?$2-IPP$1 [NC,E=MY_VAR:$1,C] RewriteRule .* - [L] # RewriteRule ^([0-9]+)/?$ /cgi-bin/y/d.cgi?index-IPP$1 [E=MY_VAR:$1,C] RewriteRule .* - [L]

Some of the changes (bolded) above are just clean-ups for efficiency, such as removing the redundant [L] from a rule with [F]. Others will prevent problems, such as the second RewriteCond failing for your hostname if a port number is appended.

Jim

by **rewritecond** » 08 Oct 2007 17:48

The md5 hash of the filename would have to be a fixed value; mod_rewrite can match (test) pre-defined URL strings and pass requests to scripts, but cannot directly call functions, such as MD5 hash routines.

This solution sounds over-complicated, and -- begging your pardon -- ineffective. Regardless of any modification or encoding of the filename, it will be "visible" to the user's browser and therefore, directly accessible -- at least for the next hour.

I'd suggest you look into issuing a short-lived cookie to each user who visits an authorized page on your site, and then check for that cookie using mod_rewrite (or a server-side script) before serving the .swf file. Users with a correct and current cookie can be redirected to the .swf file, and those with an expired cookie or no cookie can be redirected to a "please login" file -- both would have to be be .swf files. Only the browser would have the cookie, so any attempt to request the .swf file with a download tool would fail. Hotlinking would not work, because the linking site would not be able to issue the required cookie with the correct realm.

Another alternative would be to redirect all requests for the .swf file to a server-side script to handle the authorization, if you are more comfortable with perl or php, for example.

by **rewritecond** » 08 Oct 2007 17:49

You can test to see if the "valid page" exists, and if not, rewrite to the "special page":

Code: Select all: # Get cookie value if it exists RewriteCond %{HTTP_COOKIE} curso=([^;]+) # if valid page exists as a file RewriteCond %{DOCUMENT_ROOT}/mir/lecciones/%1/$2 -f # internally rewrite to valid page rewriterule ^/conflict_directory/([^/])+/(.+\.html?)$ /mir8/lecciones/%1/$2 [L] # else rewrite to special page rewriterule ^/conflict_directory/([^/])+/(.+\.html?)$ /special_page.html [L]

htaccess Elite

RewriteRule does not allow environment variables in cookie f

RewriteRule does not allow environment variables in cookie f