1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 1:08 pm May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Query String Validation with Apache

         

prasee

1:07 pm on Aug 14, 2014 (gmt 0)

10+ Year Member



Hello There,

I am a beginner in Apache and trying to figure out a way to validate a query string in the request handled by Apache and proxy the request to backend application only upon validation of the query string value.

For Example My current Virtual Host directive in httpd.conf is like this. Please excuse me if this is lengthy.
==================================================
<Location /fed/idp>
# Standalone weblogic that contains the custom code
WebLogicHost <hostname>.<domain>.com
WebLogicPort 7499
# If Client Certificate Authentication successful in Apache,
# redirect to AD Authentication for 2nd Factor
RewriteEngine On
RewriteCond %{SSL:SSL_CLIENT_VERIFY} ^SUCCESS$
# If referenceid is not found in the query string, it means the user is first time user.
# Send him to custom code for 2nd factor AD AuthN
RewriteCond %{QUERY_STRING} !referenceid
# Application deployed in Weblogic for AD AuthN
RewriteRule .* /authenticator/internal/Processor [L]
==================================================

In the above piece, I am passing the request to a custom AD Authentication module deployed in my Weblogic if Certificate AuthN succeeds to perform a 2-factor AuthN.

1) For a first time user, upon certificate AuthN success in Apache, his request will not contain a query string named "referenceid" (which is set by my custom AuthN module that gets invoked in #2 below ) and so the user will be directed to AD Authentication module for 2nd factor Authentication.

2) Upon successful AD Authentication, I will set a random "referenceid:value" in the original request URL as query string and redirect back to Apache.

3) Now when Apache receives this access request from #2 above, Cert AuthN will not be invoked as there will be a SSL session maintained. But to identify whether this user access has to be sent to AD AuthN, i currently validate the existence of referenceid in query string.

However, I want to actually validate whether the value of referenceid in the query string matches with what i have set in #2. If successful, I do not want the second factor AuthN to be invoked. The user must be proxied to the backend application directly.

Can you please throw some lights to achieve this in Apache ?

lucy24

10:04 pm on Aug 14, 2014 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



If I've understood the question correctly, it can't be done. The good news is that it is possible I did not understand the question correctly.

I want to actually validate whether the value of referenceid in the query string matches with what i have set in #2


#1 browser sends request to server

#2 server tells browser to make a fresh request, incorporating specific text that the server sends out

#3 browser sends new request to server

#4 server checks to see whether the request agrees with the information sent out in #2.

If you're asking specifically about RewriteRules, it can't be done, because each request is an island. You'd need to store the information somewhere, such as a short-lived database.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 1:08 pm May 1, 2026