1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 7:03 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Newbie to Rewrites

         

tgnc

7:06 pm on Jan 31, 2010 (gmt 0)

10+ Year Member



Can someone assist with a confusing issue, I went to the Apache website and looked at what tutorials or examples they had and I hacked together a htaccess file.

yes url rewrites are allowed on the server but what I dont understand is how putting in the URLs to test the rewriting, I end up on a website thats nothing to do with what I have.

What I mean is, were on a .org.uk tld but the rewriter for some reason is writing the URL to another site called cms.co.uk and path gets reversed to /admin//cms/ with a // between the admin and cms. The question is WT hell did the .co.uk bit come from and the fact I am going to a completely different site baffles me! So I will post the original code of what I put together and start again. 

Options +FollowSymLinks
Options -Indexes
RewriteEngine On
# We need to test the URL to see if the request is for the admin URL
# 1. if the URL has /cms/admin/ in the REQUEST_URI and
# 2. if the DOMAIN has admin. as the subdomain, we issue the admin pages
RewriteCond %{REQUEST_URI} ^/cms/admin$ [NC]
RewriteCond %{HTTP_HOST} ^admin\. [NC]
RewriteRule (.*) http://$1/ [QSA,S=2]
# We need to test the URL to see if the request is for the admin URL witout the prefix
# 1. if the URL has /cms/admin/ in the REQUEST_URI and
# 2. if the DOMAIN has not got admin. as the subdomain, we issue the site root pages
RewriteCond %{REQUEST_URI} ^/cms/admin$ [NC]
RewriteCond %{HTTP_HOST} !^admin\. [NC]
RewriteRule ^(.*)/admin$ http://$1/cms/ 
# if we get here, its likely nothing matched, so do nothing to the URL
RewriteRule .* - [L]

What I have is to protect a URL by diverting normal requests for the admin side of things to the site root for the CMS in use while allowing an administrator subdomain to access the admin login side of things.

The admin. subdomain will be a different name in the working script, this being used to make accessing the admin pages difficult. The admin url login log for those pages shows a very high number of access attempts considering I and 1 other person log in to that site, another site I login occasionally and that is currently being hammered. Think someone trying to brute force their way in, so I would like to add a layer of security.

The big problem is that I am completely lost with URL rewriting, I tried the Apache site and that currently does not seem to be helping me much. Anyone here got any ideas on where or what I am missing or doing wrong?

[edited by: jdMorgan at 3:47 am (utc) on Feb. 1, 2010]
[edit reason] De-linked URLs in code. [/edit]

jdMorgan

4:01 am on Feb 1, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



This code is quite "non-optimal" and will obviously redirect you to a domain made up of the url-path-parts due to back-referencing errors. In addition, it's impossible to recommend a fix without concrete URL examples.

Please state *all* of the various subdomain and URL-path variations and their desired dispositions, e.g.

admin.example.com/cms/admin/ --> ?
admin.example.com/cms/admin/somefile.phd --> ?
admin.example.com/admin/ --> ?
admin.example.com/admin/somefile.phd --> ?
admin.example.com/<anything else but /cms or /admin --> ?

notadmin.example.com/cms/admin/ --> ?
notadmin.example.com/cms/admin/somefile.phd --> ?
notadmin.example.com/admin/ --> ?
notadmin.example.com//admin/somefile.phd --> ?
notadmin.example.com/<anything else but /cms or /admin --> ?

Also, instead of rewriting these bogus requests, have you considered simply returning a 403-Forbidden response? Or a zero-byte file?

I would give this requestor neither valid files nor any additional information, myself. Just a 403 and be done with it.

Jim

tgnc

8:25 pm on Feb 1, 2010 (gmt 0)

10+ Year Member



Thanks for your reply, first off I want to push these requests to the site root, a subtle message as well as that it helps site traffic.

What I am trying to do if I can first explain as text first is to...

Match the URI request /cms/admin or longer (/login.php + any other after login) and if a match for that URI exists and the http host has subdomain admin, the access is allowable.

If the subdomain admin does not exist in the URI and the /cms/admin is in the RequestURI then the request gets dumped at /cms/ and is served up the site cms default index page.

TBH I am having a hard time of this, I tried to apply some logic to it but its just not peculating through yet.

Can I assume that this... 

[size=3]Options +FollowSymLinks 
Options -Indexes 
RewriteEngine On[/size]


is correct..?

and the rest is just garbage, part garbage, total garbage, be honest, how was my first attempt?

What I would like to do is to be able to change this to a more obscure sub name, so that when I do notice in the logs more and more access attempts on that URL, I can simply change the sub and dump access to the site root.

I have gone over the Apache site backwards and for a complete newbie in the subject, it does not come across to me as user friendly or aimed at the first time user.

So in order for me to understand what is going on, if I explain what I understand, can you correct me? 

[size=3]RewriteCond %{REQUEST_URI} ^/cms/admin$ [NC] 
RewriteCond %{HTTP_HOST} ^admin\. [NC] 
RewriteRule (.*) http: //$1/ [QSA,S=2][/size]


In the REQUEST_URI, match /cms/admin part of URI "AND" with next condition
In the HTTP_HOST match admin. and if it exists perform the next operation
in the REQUEST store in back ref $1 the HOST & URI and output URL with QUERY STRING, then Skip next 2 conditions.

Should that be S=3 instead? The intended target is the final RewriteCond .* - [L] rule or to perform other rewrites if they exist between.

Does that make any sense?

jdMorgan

8:49 pm on Feb 1, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



That code is rather over-complicated, then. I'd suggest: 

Options +FollowSymLinks -Indexes
RewriteEngine on
#
# If the subdomain is not "admin", redirect /cms/admin requests to the /cms directory root
RewriteCond %{HTTP_HOST} !^admin\.example\.com
RewriteRule ^cms/admin/ http://www.example.com/cms/? [R=301,L]
#
# - end -

If the requested path is not /admin/cms or if the requested path *is* /admin/cms in the 'admin' subdomain, then this code does nothing, as the request can be allowed to proceed without change.

Jim

tgnc

8:00 pm on Feb 3, 2010 (gmt 0)

10+ Year Member



OK thanks, I will try it sometime over the weekend.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 7:03 am May 2, 2026