"It is not working" doesn't tell us anything.

What URLs did you use to test it?
What were the results?
How did those results differ from your expectations?

We will need *a lot* of detail about your proposed URL structure in order to help. For example, explain the variations of the "list" "edit" and "show" subdirectories, and why those need to be handled separately.

Jim

I don't need to have separate edit,show, and list mode. I guess I was just not thinking when I copied it from other post.

I removed it. Problem is it just goes to the main directory & not the subdirectory. Please note, I have also entry of virtual host as follows.

<VirtualHost --ip address-->
DocumentRoot "D:\hshome\vendrang\apache2\Apache2\htdocs\sites\--main-dir--"
ServerName www.example.com
</VirtualHost>

and now the updated httpd.conf contains

# Extract subdomain if present
RewriteCond %{HTTP_HOST} ^(www\.)?([^.]+)\.example\.com
# If html filetype and subdomain is present, store it into user-defined variable and skip next rule
RewriteRule \.*$ - [E=subd:%2,S=1]
# No subdomain or non-html filetype, so exit
RewriteRule .* - [L]
# Rewrite html files using stored subdomain
RewriteRule (.*)_(.*).(.*) /%{ENV:subd}[QSA,L]

i expect if someone types [xyz.example.com...]
then I should content from
D:\hshome\vendrang\apache2\Apache2\htdocs\sites\--main-dir--\xyz\firstdir/test.jsp?id=8

and if someone types
[abc.example.com...]
then I should content from
D:\hshome\vendrang\apache2\Apache2\htdocs\sites\--main-dir--\abc\firstdir/test.jsp?id=8

Requirement given to me is to maintain the url in client's browser only as [abc.example.com...] & not the real content URL

currently i type [abc.example.com...] or [xyz.example.com...] it always shows content from main dir & not subdirectories under main directory

The first problem you'll have is users defining subdomains (and therefore subdirectories) that conflict with 'real' subdirectories that you need to support your site.

This can be overcome by mapping robert.example.com to example.com/user-robert instead of mapping it to example.com/robert. If you don't do this, then someone might easily break your site in Internet Explorer by signing up as user "w3c" and posting a faulty privacy policy in their space. Or worse, by signing up as username "www".

So, to prevent these problems, you simply tag each subdomain-subdirectory with "user" or some other relatively unique identifier.

Given that, you code can be simplified, and we can add insurance for the case I described:

httpd.conf:

# As long as request is not for "www.example.com" or "<anything>.www.example.com", etc.
RewriteCond %{HTTP_HOST} !www\.example\.com
# Extract subdomain (must start with lowercase letter, and be all-lowercase letters, numbers, hyphen, or underscore only, 3 to 12 characters total)
RewriteCond %{HTTP_HOST} ^(www\.)?([a-z][a-z0-9_\-]{2,11})\.example\.com
# Do not rewrite requests for username.example.com/user_<username> (and see next rule below)
RewriteCond $1 !^user_
# Rewrite subdomain to subdirectory
RewriteRule ^/(.*)$ /user_%2/$1 [L]
#
# Forbid client attempts to discover or access username subdirectories directly
# (Prevent direct access at www.example.com/user_<username>)
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /user_
RewriteRule ^/user_ - [F]

Your sign-up script should enforce the same rules as the code above; As shown, usernames must start with a lowercase letter, and be all-lowercase letters, numbers, hyphens, or underscores only, and 3 to 12 characters in length. I suggest you do not allow any other characters, in order to prevent problems.

This code does not manipulate or change query strings; They will be passed through unchanged (The [QSA] flag is not needed.)

An alternative for this somewhat 'complex' method is to use Apache mod_user_dir [httpd.apache.org].

Jim

I really appreciate your help. Thanks a million for catching the potential vulnerability also. I am still not there though.. I found out that as long as there was a separate virtual host directive in my httpd.conf the rewrite rule was not taking effect. I removed virtual host portion now and the forbidden access is working fine but the subdirectory is still not accessed. Whenever i try [test.example.com...] or [product.example.com...] - I always get the page from my document root and not the subdirectory. Here are the details from my httpd.conf

DocumentRoot "F:/Apache2/htdocs/public/example"
Options +FollowSymLinks
RewriteEngine on
# As long as request is not for "www.example.com" or "<anything>.www.example.com", etc.
RewriteCond %{HTTP_HOST}!www\.example\.com
# Extract subdomain (must start with lowercase letter, and be all-lowercase letters, numbers, hyphen, or underscore only, 3 to 12 characters total)
RewriteCond %{HTTP_HOST} ^(www\.)?([a-z][a-z0-9_\-]{2,11})\.example\.com
# Do not rewrite requests for username.example.com/user_<username> (and see next rule below)
RewriteCond $1!^user_
# Rewrite subdomain to subdirectory
RewriteRule ^/(.*)$/user_%2/$1 [L]
#
# Forbid client attempts to discover or access username subdirectories directly
# (Prevent direct access at www.example.com/user_<username>)
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /user_
RewriteRule ^/user_ - [F]

I have subdirectories like user_test, user_product inside the document root directory F:/Apache2/htdocs/public/example ..any suggestions? also will you please explain the meaning of this part ^/(.*)$/ in the rule ^/(.*)$/user_%2/$1 [L] that will make me understand the path scenario better.. Thanks again..

^/(.*)$ means "Match any local URL-path starting with "/" and ending with anything or nothing, and "copy" the anything-or-nothing part into local variable $1 for use in the following substitution URL-path. Therefore, ant URL-path requested will be copied into the new subdirectory path, so that all resources appear to be 'moved' one subdirectoy level down.

You will probably need to declare a 'wild-card' subdomain ServerAlias in order to get your subdomains to work.

Something like

ServerAlias *.example.com

This directive is usually placed right after the Servername directive in httpd.conf.

For more information, see the documentation at [httpd.apache.org,...] including the 'core' Apache directives which include directives for declaring the domains that the server should handle. There is also a tutorial on setting up name-based virtual hosting which may clarify some points. In addition, our charter contains citations of various tutorials and documentation. Of interest would be the regular-expressions tutorial, which explains the regex patterns used for mod_rewrite patterns.

Jim

Yes..it worked..This is really great discussion board..cool..
Earlier I used to put this rewrite code outside virtual host block..now i put it inside and it works good..will you please verify i did alright..

<VirtualHost --ip-address-->
DocumentRoot "F:\apache2\htdocs\example\"
ServerName www.example.com
ServerAlias *.example.com
RewriteEngine On
Options +FollowSymLinks
RewriteCond %{HTTP_HOST}!www\.example\.com
# Extract subdomain (must start with lowercase letter, and be all-lowercase letters, numbers, hyphen, or underscore only, 3 to 12 characters total)
RewriteCond %{HTTP_HOST} ^(www\.)?([a-z][a-z0-9_\-]{2,11})\.example\.com
# Do not rewrite requests for username.example.com/user_<username> (and see next rule below)
RewriteCond $1!^user_
# Rewrite subdomain to subdirectory
RewriteRule ^/(.*)$ /user_%2/$1 [L]
#
# Forbid client attempts to discover or access username subdirectories directly
# (Prevent direct access at www.example.com/user_<username>)
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /user_
RewriteRule ^/user_ - [F]
</VirtualHost>