Rewrite Condition

Forum Moderators: phranque

Message Too Old, No Replies

Rewrite Condition

redirect condition

satu

6:40 pm on Jun 3, 2014 (gmt 0)

I manage apache webserver for few stores, we host multiple domains on this server. We have mod_rewrite engine enabled and have rewrite rules for web tracking using pattern match.

for one of our virtual domain we want to control the redirection to only specific domains.

Example:
http://test.example.com/ab/xyz.php?abc/1234/7834/ http://example.com/site/?123=email

In the above example we want to restrict redirection to only "example.com" and not to any other domain. OR a list of domains which want to redirect. Do we need add redirect condition above the redirect rules or below?

Any help is much appreciated.

Thank you

[edited by: incrediBILL at 12:27 am (utc) on Jun 4, 2014]
[edit reason] unlinked example URL [/edit]

lucy24

8:55 pm on Jun 3, 2014 (gmt 0)

I'm not sure I understand the question. You can constrain rules to certain requests-- the pattern of the rule-- but you can't restrict targets. That's determined by the rules you yourself wrote.

In the example, the request is for a subdomain and the target is for a different host (it doesn't matter whether it's the same overall domain as the one originally requested). Is this part of the question?

Neither the hostname nor the query can go in the body of the rule. But you'll need to give a few more examples before we can figure out the pattern.

satu

9:17 pm on Jun 3, 2014 (gmt 0)

Thank you for your response.

The requested domain [test.example.com] and the target domains are different, I am exploring for rewrite rules to control the target redirections to a specific domain(s). Meaning if some one hijack the url and can create unnecessary traffic on it. by restricting the target domain redirection can I can secure my bandwidth.

lucy24

10:09 pm on Jun 3, 2014 (gmt 0)

if some one hijack the url

There's something you're not telling us. All redirects on your server-- whether by mod_rewrite, mod_alias or other means-- include the full protocol-plus-hostname in the target. So how would anyone be able to "hijack" anything? You're not running an open proxy are you?

satu

2:12 pm on Jun 4, 2014 (gmt 0)

We are not running any Open proxy on the server.

We use mod_rewrite for capturing all the web clicks on our urls and then allow redirect to our landing pages. If our client or some one from outside use the same url and use a different landing page to redirect we want to restrict it to our own landing pages hosted on different servers.

Thank you,
Satu

lucy24

5:32 pm on Jun 4, 2014 (gmt 0)

If our client or some one from outside use the same url

Are you talking about different sites that coincidentally happen to use the same URL, like
example.com/rats/
example.in/rats/
example.pk/rats/
and so on? All running through the same mod_rewrite block in the config file? The target is still irrelevant; you need to put a condition looking at the request.

phranque

8:43 pm on Jun 4, 2014 (gmt 0)

welcome to WebmasterWorld, satu!

please post the relevant mod_rewrite directives for discussion.
this may help us understand your intention as your description is not clear.

IMPORTANT: Please Use Example.com For Domain Names in Posts [webmasterworld.com]

satu

11:28 pm on Jun 4, 2014 (gmt 0)

I am trying to explain "Open redirect" vulnerability issue and looking for remediation steps using mod_rewrite.

phranque

11:47 pm on Jun 4, 2014 (gmt 0)

if i understand correctly, you have a redirect script (xyz.php) and you want to use mod_rewrite directives to limit which requested query string patterns get access to that redirect script?