homepage Welcome to WebmasterWorld Guest from 54.166.14.218
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
htaccess passthrough rules
Multiple rules interfere with eachother
furbishII



 
Msg#: 4524366 posted 10:27 pm on Dec 2, 2012 (gmt 0)

The last two rules in the following code are the problem.
If I comment out RULE 6 then RULE 7 works if not the
request of
http://localhost/putup.php that is supposed to
be handled by RULE 7 is Handled as if it was RULE 6 but
RULE 6 specifically filters
/putup.php. When RULE 6 is
commented out it acts as normal and all requests not
http://localhost/putup.php are not found, and the
request for
http://localhost/putup.php is passed through
correctly to
/config/setup.php.

I don't see any problems but it is not working the way it should. I do not get any errors, this is a logic issue that
I do not see. Please help


RewriteEngine On
RewriteBase /
SetEnv is_special foobar

#RULE 1 -Multiple slash rule doesnt handle leading slashes
#Forbid more than one leading slash
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/{2,} [NC]
RewriteRule ^ - [L,F]

#RULE 2 -Remove multiple slashes anywhere in URL
RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
RewriteRule . %1/%2 [R,L,QSA]

#RULE 3 -ReDirect empty requests to system organization
RewriteRule ^$ /palacegate [R=301,L,QSA]

#RULE 4 -ReDirect request for enter.php to system organiz
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /enter\.php\ HTTP/
RewriteRule ^enter\.php$ /palacegate [R=301,L,QSA]

#RULE 5 -Direct request for index.php to system organization
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ /palacegate [R=301,L,QSA]

#finally lower the draw bridge

#RULE 6 -Accept all requests except
# /enter.php or /putup.php
RewriteCond %{REQUEST_URI} !^$
RewriteCond %{REQUEST_URI} !^/$
RewriteCond %{REQUEST_URI} !^/enter.php$
RewriteCond %{REQUEST_URI} !^/putup.php$
RewriteRule !^(putup.php)$ /enter.php [PT,QSA]

#RULE 7 -Make alternate accomodation for /putup.php
RewriteCond %{REQUEST_URI} !^$
RewriteCond %{REQUEST_URI} !^/$
RewriteCond %{REQUEST_URI} !^/enter.php$
RewriteCond %{REQUEST_URI} ^/putup.php$
RewriteRule .* /config/setup.php [L,PT,QSA]


 

g1smd

WebmasterWorld Senior Member g1smd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4524366 posted 10:58 pm on Dec 2, 2012 (gmt 0)

Redirects should always state the protocol and canonical hostname in the rule target. That applies to every redirecting rule here.

#RULE 2 -Remove multiple slashes anywhere in URL
RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
RewriteRule . %1/%2 [R,L,QSA]

The double (.*) especially the one at the beginning of the pattern is a major problem.
Try:
RewriteRule ^(([^/]+/)*)/+(.*)$ http://www.example.com/$1$3 [R=301,L]
and you can dump rule 1 as the new rule 2 does handle leading multiple slashes.

Rule 4 can be defeated by appending a junk parameter on the end of the URL request. Alter the pattern to cater for optional parameter(s) before the \ HTTP/ part.

QSA is the default. No need to specify it.

You should alter the index.php rule to also cater for requests in folders, not just root.

After your index.php redirect, you should have a non-www/www canonicalisation redirect.

Literal periods in patterns should be escaped. You have many that are not.

Every rule needs the [L] flag. Every rule.

Rules 6 and 7 have many conflicting or redundant conditions and can be tidied up a lot.

In rule 6, if one of the conditions is for "begin this" then all other conditions "begins not that" are not needed.

furbishII



 
Msg#: 4524366 posted 5:11 am on Dec 3, 2012 (gmt 0)

Problem: I did not have a condition for the internal redirect created in Rules 6 and 7 and unneeded conditions written in fret made the two rules ugly.

New knowledge attained: Internal Redirects or Passthrough [PT] are tested again against the rules in htaccess.

Subsequent Question: How does one differentiate between internal redirects and external requests? As I have made a condition that WOULD give a NOTFOUND error to an external request of the same signature as an internal redirect.. Is this a problem?

This is how I repaired rules 6 and 7.


RewriteCond %{REQUEST_URI} ^/putup\.php$
RewriteRule ^(putup\.php)$ /config/setup.php [NC,L,PT]

RewriteCond %{REQUEST_URI} !^/enter\.php$
RewriteCond %{REQUEST_URI} !^/config/setup\.php$
RewriteRule !^(/putup\.php)$ /enter.php [NC,L,PT]


Thank You: g1smd, the multiple // redirect rule you posted didn't work at all. I shall review it though, the concept behind it is solid. Thank you.

[edited by: incrediBILL at 6:01 am (utc) on Dec 3, 2012]
[edit reason] No URLs to other forums, see TOS [/edit]

g1smd

WebmasterWorld Senior Member g1smd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4524366 posted 7:57 am on Dec 3, 2012 (gmt 0)

This rule
RewriteRule !^(/putup\.php)$ /enter.php [NC,L,PT]
can never fully work as intended. Including the leading "/" in the pattern is an error. The brackets aren't needed either.

To differentiate external requests, test %{THE_REQUEST} variable. It contains the literal GET (or POST, etc) request sent by the browser:
GET /this-page HTTP/1.1
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved