Welcome to WebmasterWorld Guest from 3.93.75.242

Forum Moderators: Ocean10000 & phranque

Message Too Old, No Replies

URL Rewrite of a value

     
3:18 pm on Mar 24, 2015 (gmt 0)

New User

10+ Year Member

joined:Dec 11, 2008
posts: 18
votes: 0


Hey all,

I'm looking for a way to modify something in the header:

lets say that SSL_CLIENT_S_DN_CN = x.y.z.0987654321 or x.y.0987654321

And the following returns only 0987654321

RewriteEngine On
RewriteCond %{SSL:SSL_CLIENT_S_DN_CN} ([0-9]+$)
RewriteRule (.*) - [E=USER:%1]
RequestHeader set DATA %{USER}e


Is there a way to use a similar method to return x.0987654321 I can't think of a good regex for that.
6:34 pm on Mar 24, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15936
votes: 889


Will the "x." element always be part of the request, or are you looking to constrain the rule to requests where it is present? If it's always present, it might be simpler just to hard-code "x.%1" in your E= flag. (But if so, why do you even need it?)

What's the $ doing in the existing RegEx? Do you need to exclude requests that end in non-numeric content? In any case, it's an anchor, so it doesn't belong in the capture.

By default, based on your examples, you'd be looking at pattern:
(x\.)(?:[a-z]\.)*(\d+)
target:
%1%2

Incidentally, you probably want to constrain this rule to requests for pages, or for some specific filetype (not sure what the rule does, in the broader sense). Otherwise your server's doing a lot of work.
7:22 pm on Mar 24, 2015 (gmt 0)

New User

10+ Year Member

joined:Dec 11, 2008
posts: 18
votes: 0


All 4 are dynamic as it's a SSL CN so last.middle.first.###, All I'm looking for is "last.#####"
7:32 pm on Mar 24, 2015 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11873
votes: 245


I would try a pattern like this:
\ ([a-z]+\.)([a-z]+\.)*(\d+)$


and this target:
%1%3
7:41 pm on Mar 24, 2015 (gmt 0)

New User

10+ Year Member

joined:Dec 11, 2008
posts: 18
votes: 0


That about got me close enough to where I needed. I don't know why I couldn't see the obvious, it was staring me in the face all along. Appreciate the assist!
10:17 pm on Mar 24, 2015 (gmt 0)

New User

10+ Year Member

joined:Dec 11, 2008
posts: 18
votes: 0


So I got the 1st one working where if the CN=last.middle.first.#####, I get the correct result of last.####.

Now I need to figure out what to do if the CN=last.first.#### and use the same ruleset. I'm guessing an 'or' could be used but unsure how to set the target in that case. It has to be the same as above:

RequestHeader set DATA %{USER}e

I want to thank you guys again. I should have probably looked at my own solution from several years ago for the above issue, kind of funny that I forgot about it.
11:46 pm on Mar 24, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15936
votes: 889


You may be overlooking the (blahblah)* in the middle. Personally I think it's safer with a non-capturing group for this part; then you don't have to worry about how-if-at-all Apache handles null captures. Assuming all lower-case, it's
^([a-z]+\.)(?:[a-z]+\.)*(\d+)$

leading to
%1%2
1:47 am on Mar 25, 2015 (gmt 0)

New User

10+ Year Member

joined:Dec 11, 2008
posts: 18
votes: 0


Thanks! I'll be checking this out tomorrow, I'll let you guys know!
4:45 am on Mar 25, 2015 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11873
votes: 245


what lucy24 said except I would still anchor it with the backsląsh-escaped leading blank.
5:32 am on Mar 25, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15936
votes: 889


phranque, can you point to some place that explains the exact format of the SSL_CLIENT_S_DN_CN variable? Apache and assorted other docs tell me only that the thing exists-- which I could have figured out for myself-- and that it was formerly known as SSL_CLIENT_CN. Does it have just one space in the middle, so the space-anchor is enough to eliminate ambiguity?

hammerite, be sure to remember to escape the space. (Unescaped spaces are probably the easiest lethal Apache error.)
7:46 am on Mar 25, 2015 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11873
votes: 245


I misread something in the OP so disregard the opening blank anchor comment.

as usual I should defer to lucy24 when it comes to regular expressions.
2:44 pm on Mar 25, 2015 (gmt 0)

New User

10+ Year Member

joined:Dec 11, 2008
posts: 18
votes: 0


It worked exactly as hoped, I was so deep in the woods I couldn't think outside the trees. Thanks again everyone!
7:18 pm on Mar 25, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15936
votes: 889


I should defer to lucy24 when it comes to regular expressions.

And I in turn defer to phranque when it comes to questions that involve actually speaking Apache, which I don't ;)
7:53 pm on Apr 24, 2015 (gmt 0)

New User

10+ Year Member

joined:Dec 11, 2008
posts: 18
votes: 0


So I got this to work perfectly, and someone breaks it by inserting a space into the middle name.

last.mid dle.first.123456 ends up with a NULL value. (the space is there as the persons middle name has a hyphen in it but someone decided to create their certificate with a space, how lovely of them.)

Joy of joys!
9:22 pm on Apr 24, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15936
votes: 889


Eeuw, yuk, you'll need to do some behind-the-scenes rewriting. Change the space to something else-- a hyphen seems the obvious candidate-- and change it back if needed. What about other possible non-alphabetics, like if the person's surname is D'Souza or O'Brien? I can't think of anything besides hyphen and apostrophe, but I'm probably overlooking something embarrassingly obvious.
9:30 pm on Apr 24, 2015 (gmt 0)

New User

10+ Year Member

joined:Dec 11, 2008
posts: 18
votes: 0


Yeah the users name used to have a hyphen in it but whomever generated a new cert for them left it out and just used a space. It takes an act of god to have it recreated so I'll probably have to come up with some sort of solution for that. The main problem is what if some other person decides to do that for a hyphenated last name or a first name. good god!