Set cookie value to referer

Forum Moderators: phranque

Message Too Old, No Replies

Set cookie value to referer

dfresh4130

8:55 pm on Jan 13, 2015 (gmt 0)

I'm working on a rewrite to create a cookie with a value of the HTTP_REFERER value. It seems simple enough, but I'm running into issue with the "http://" causing issues. Below is my config and some entries from the rewrite logs. Any suggestions on how I should modify it to properly encapsulate the procotol or just remove it?


RewriteCond %{HTTP_REFERER} ^.*example.com [NC]
RewriteRule ^ - [CO=REFERER_REDIRECT:"%{HTTP_REFERER}":.example.com:1440:/]

1.2.3.4 - - [13/Jan/2015:15:52:07 --0500] [www.example.com/sid#a7aa78][rid#e59610/initial] (5) setting cookie 'REFERER_REDIRECT=.example.com; path=/; domain=1440; expires=Tue, 13-Jan-2015 20:52:07 GMT'
1.2.3.4 - - [13/Jan/2015:15:52:07 --0500] [www.example.com/sid#a7aa78][rid#e59610/initial] (5) skipping already set cookie 'REFERER_REDIRECT'
1.2.3.4 - - [13/Jan/2015:15:52:07 --0500] [www.example.com/sid#a7aa78][rid#e59610/initial] (5) skipping already set cookie 'REFERER_REDIRECT'

dfresh4130

9:39 pm on Jan 13, 2015 (gmt 0)

Of course after searching forever and then posting here I find my answer shortly after here [corz.org].

The below rule works, but since the referrer I'm using shows up in the format of http://dev.example.net:9100/redirect the colon is causing me issues in testing to ensure I can pull the full URI. Shouldn't be an issue in the real world since all of the referring URLs will just be standard http, but wondering if I can accommodate that for testing purposes.


SetEnvIf Referer "^.*(dev.example.net)" TEST_REFERER=$1
RewriteCond %{HTTP_REFERER} ^.*dev.example.net [NC]
RewriteRule ^ - [CO=REFERER_REDIRECT:%{ENV:TEST_REFERER}:.example.com:1440:/]

[edited by: dfresh4130 at 9:51 pm (utc) on Jan 13, 2015]

lucy24

9:48 pm on Jan 13, 2015 (gmt 0)

Only the http, and not any slashes further along the line?

This question caught my interest because just a few days ago I was trying to figure out if you could use captured material ($1 and/or %1) in a flag value. The docs don't say explicitly that you can't, but cursory experimentation in test site says YES! It works!

RewriteCond %{HTTP_REFERER} example\.com/(.+)
RewriteRule (^|/|html)$ - [CO=newtest:%1:.example.com:525600]

See where it says .+ in the condition? That's the one caveat. If the capture is empty (referer is root, with rule expressed as .* instead of .+), the cookie will not be set. Or possibly an existing cookie will be un-set; I didn't investigate too closely. I got around it by making a supplementary rule that says

RewriteCond %{HTTP_REFERER} example\.com/$
RewriteRule (^|/|html)$ - [CO=newtest:root:.example.com:525600]

Play with that and see if it works on your system. (I'm in htaccess using Apache 2.2.)

:: wild with excitement because I had no idea this would work ::

Edit:

The below rule works

Oh, hurrah, a version involving environmental variables would have been the next thing I tried after a direct capture. So we've got two possible routes.

dfresh4130

10:26 pm on Jan 13, 2015 (gmt 0)

For some reason I'm not having any luck with your example. I'm on 2.2.26 and the rewrite logs show no matches at all when I test. The referrer should match based on what I'm seeing in the access log, but not sure why.


RewriteCond dev\.internal\.test\.net/(.+)
RewriteRule ^ - [CO=TEST_REDIRECT:%1:.example.com:1440:/]

1.2.3.4 - - [13/Jan/2015:17:31:45 -0500] "GET /us/en/landing.html HTTP/1.1" 200 151637 "http://dev.internal.test.net:9100/test-redirect/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0" 109376

lucy24

10:40 pm on Jan 13, 2015 (gmt 0)

RewriteCond dev\.internal\.test\.net/(.+)

Typo with accidentally omitted %{HTTP_REFERER} ? In htaccess I can't do a RewriteLog, so I just kept checking my browser's cookies. Constrain the rule to requests for pages, or your server will waste a lot of time evaluating referers and setting fresh cookies on every image request.

Anyway, I think I see the problem:

RewriteCond dev\.internal\.test\.net/(.+)
<snip>
1.2.3.4 - - [13/Jan/2015:17:31:45 -0500] "GET /us/en/landing.html HTTP/1.1" 200 151637 "http://dev.internal.test.net:9100/test-redirect/"

According to logs, your referer isn't internal.test.net/, it's internal.test.net:9100/

dfresh4130

11:19 pm on Jan 13, 2015 (gmt 0)

Yes, it was a typo and I forgot to include the %{HTTP_REFERER} variable. The referrer value is correct. The referrer in the log line is correct as it's coming from a direct hit on a java app from a dev environment. No web server in front of that. From reading I know colons are used as delimiters for mod_rewrite cookie options, so that can break it. Not sure if there's any way I can properly test on this setup to include the full URL of the referrer since it contains port number.

lucy24

1:16 am on Jan 14, 2015 (gmt 0)

From reading I know colons are used as delimiters for mod_rewrite cookie options, so that can break it. Not sure if there's any way I can properly test on this setup to include the full URL of the referrer since it contains port number.

Further experimentation turns up two approaches that do not work: escaping the colon as \: or putting it inside quotation marks as ":". (The former was actually a relief, since I have asserted many times that it is never necessary to escape a colon!)

But is the domain:portnumber part needed at all? First choice would be just to capture the part after the hostname. Then you don't have to worry about colons, whether in "http:" or in ":8888". If you do need some information about hostname, you can string together multiple captures, like

http://www\.(example\.com)(?::8888)?/(.+)

>> %1/%2

The double :: is not a typo.

dfresh4130

12:14 am on Jan 28, 2015 (gmt 0)

Ok, so I thought I had this figured out, but I guess not. I started testing again with my POC apache and modified local hosts file to match the referrer. I'm still finding that the referrer is being logged with http:// and the colon is still breaking the rewrite rule to create a cookie. I've even simplified the rewrite condition.


RewriteCond %{HTTP_REFERER} test\.com [NC]
RewriteRule ^(.*) - [CO=REDIRECTED:%{HTTP_REFERER}:.example.com:1440:/]

Access Log file example:

1.2.3.4 - - [27/Jan/2015:19:06:54 -0500] "GET /store/brands/product1.html HTTP/1.1" 404 12638 "http://www.test.com/redirectLinks.html" "Mozil
la/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0"

Rewrite Log Example:

1.2.3.4 - - [27/Jan/2015:18:32:40 --0500] [www.example.com/sid#1b92ba8][rid#1daab80/initial] (4) RewriteCond: input='http://www.test.com/redirectLinks.html' pattern='
^(.*)test\\.com/(.+)' [NC] => matched
1.2.3.4 - - [27/Jan/2015:18:32:40 --0500] [www.example.com/sid#1b92ba8][rid#1daab80/initial] (5) setting cookie 'REDIRECTED=http; path=1440; domain=//www.test.com/redirectLinks.html; expires=Tue, 27-Jan-2015 23:32:40 GMT'

At this point I'm at a loss as to how to get mod_rewrite to strip off the http:// part of the referrer. I started exploring mod_headers using setenvif and the cookie gets created successfully. The challenge I'm having there is how to make the below rule fire off conditionally based on the HTTP_REFERER and also not execute if the cookie already exists.


SetEnvIf Referer "(.*test.com.*)" REFERER=$1
Header add Set-Cookie "REDIRECTED=%{REFERER}e; domain=.example.com; path=/"

lucy24

12:40 am on Jan 28, 2015 (gmt 0)

I'm at a loss as to how to get mod_rewrite to strip off the http:// part of the referrer.

Refresh my memory, since it's been a few days: Why wasn't it possible to say

RewriteCond %{HTTP_REFERER} (example\.com/blahblah)
RewriteRule ^(.*) - [CO=REDIRECTED:%1:.example.com:1440:/]

or, for that matter,

SetEnvIf Referer http://www\.(test.com.+) REFERER=$1

dfresh4130

1:05 am on Jan 28, 2015 (gmt 0)

I swear I tested that previously and had no luck. I've also had sleep since then. Just tried it again and it's working correctly so I must've had some typo. Thanks again for all your help!