Rewrite based upon URL variables

Forum Moderators: phranque

Message Too Old, No Replies

Rewrite based upon URL variables

wesmoc

8:27 pm on Apr 21, 2005 (gmt 0)

I've been digging through the archives and, unfortunately, I've only confused myself further.

What we are trying to do is prevent access to:
[oursite.com...]

The entire /app tree is proxied to a back end service, and the "collab" part is passed off to another (somewhat brain dead) back end service.

I'm no where near as fluent as I should be with the rewrite rules, regular expressions, and such, so I was hoping someone could lend a hand (or, at the very least, an idea).

I have a bunch of rewrite rules in place for other features, and then, below our rewrite rules, I have the ProxyPass and ProxyPassReverse lines for /app to point off to our load balancer.

What I am hoping to do is have a couple of ReWrite rules in before the ProxyPass stuff to catch requests going to /app/collab?admin.index and deny/fail the requests (or, perhaps, get fancy and just redirect them to another page).

I've grappled with a couple of ideas, but, so far, nothing has worked.. :(

wesmoc

8:40 pm on Apr 21, 2005 (gmt 0)

As fate would have it, I think I managed to figure this one out right after posting.


  RewriteCond %{HTTP_HOST}  ^www.oursite.com$ [NC]
  RewriteCond %{QUERY_STRING}  func=admin.index
  RewriteRule ^/app/collab?$ -  [F]  RewriteCond %{HTTP_HOST}  ^www.oursite.com$ [NC]
  RewriteCond %{QUERY_STRING}  func=admin.adminpwd
  RewriteRule ^/app/collab?$ -  [F]

The above rules did the trick. The fact that I just have "func=admin.index" makes the rule flexible enough that it picks up that variable setting anywhere in the query string.

sitz

1:05 am on Apr 22, 2005 (gmt 0)

One thing to note about your Rule:

RewriteCond %{HTTP_HOST} ^www.oursite.com$ [NC]

...is incomplete, since the following is also a valid Host: header:


Host: www.oursite.com:80

One way to fix this would be to tweak your Cond thusly:


RewriteCond %{HTTP_HOST} ^www.oursite.com(:80)$ [NC]

...although if you handle HTTPS requests as well, perhaps this:


RewriteCond %{HTTP_HOST} ^www.oursite.com(:(80Ś443))$ [NC]

...would be better. Don't forget to replace the 'Ś' with the solid bar character. =)

wesmoc

1:23 am on Apr 22, 2005 (gmt 0)

Since this is all within a 443 virtual host (not that I mentioned this in the original posting), isn't the definition of the port within the condition redundant (just curious)?

jdMorgan

4:54 am on Apr 22, 2005 (gmt 0)

The main point is that if you end-anchor the domain name, and the user types in a port number, he can break your rule. Adding literal-period escaping, I'd recommend:


RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]

Jim

sitz

8:00 pm on Apr 22, 2005 (gmt 0)

Since this is all within a 443 virtual host (not that I mentioned this in the original posting), isn't the definition of the port within the condition redundant (just curious)?

No, because all mod_rewrite is doing is performing a simple string match on the Host: header, and any of the following are valid host headers:


Host: www.example.com
Host: www.example.com:443
Host: WWW.EXAMPLE.com:443
Host: WWW.ExAMplE.COm:443

It depends on what the person types into their browser; if they type 'https://www.example.com/', you'll get:


Host: www.example.com

If, on the other hand, they type (or click on a link to) 'https://www.example.com:443/', then you'll get:


Host: www.example.com:443

Everything between the last '/' on the left side and the first '/' on the right side, in other words. =)