Welcome to WebmasterWorld Guest from 54.242.94.72

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

mod_rewrite & errordocument

     

compooter

6:55 pm on Jan 14, 2004 (gmt 0)

10+ Year Member



I am using:

# rewrite the domain so cookies are consistent
RewriteCond %{HTTP_HOST} ^mydomain.org$ [NC]
RewriteRule ^.*$ http://www.mydomain.org/$1 [R,L]

to redirect all requests for [mydomain.org...] >> [mydomain.org...] (for cookie consistency reasons)

I am also using (please excuse my beastly mod_rewrite):

# page & subtopic requests
RewriteCond %{HTTP_HOST} ^www.mydomain.org$ [NC]
RewriteRule ^([0-9a-z]+)/([0-9a-z]+)/([0-9a-z]+)/?$ /index.php?page=$1\&topic=$2\&subtopic=$3 [NC,L]
RewriteCond %{HTTP_HOST} ^www.mydomain.org$ [NC]
RewriteRule ^([0-9a-z]+)/([0-9a-z]+)/?$ /index.php?page=$1\&topic=$2\&subtopic= [NC,L]
RewriteCond %{HTTP_HOST} ^www.mydomain.org$ [NC]
RewriteRule ^([0-9a-z]+)/?$ /index.php?page=$1\&topic=\&subtopic= [NC,L]

# ErrorDocument directives
ErrorDocument 400 /error/error.php?error=400
ErrorDocument 401 /error/error.php?error=401
ErrorDocument 403 /error/error.php?error=403
ErrorDocument 404 /error/error.php?error=404
ErrorDocument 500 /error/error.php?error=500

so that I can use slash-forward navigation and custom error documents. For example, [mydomain.org...] >> $page=foo $topic=bar (etc)

My problem is that if someone enters [mydomain.org...] it gets rewritten as [mydomain.org...]

Any ideas how to tweak this so it will rewrite properly to [mydomain.org...]

Thanks!

compooter

8:02 pm on Jan 14, 2004 (gmt 0)

10+ Year Member



Interesting sidenote that may shed some light. By changing the line:

RewriteRule ^.*$ [mydomain.org...] [R,L]
to
RewriteRule ^(.*)$ [mydomain.org...] [R,L]

The rewrite changes from:

[mydomain.org...]
to
[mydomain.org...]

This IS technically the page I want displayed, but I can't figure out why it's actually writing out the error document's URI. If the same forbidden page is requested WITH 'www.' the same error document is shown, but is not written to the address bar. I'd like to keep it hidden so that people aren't messing around with error.php?error=MALICIOUS_CODE. Any reason why it would write it and not just include it?

jdMorgan

7:43 pm on Jan 15, 2004 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



compooter,

Welcome to WebmasterWorld [webmasterworld.com]!

It looks like the ErrorDocument directive is applied before the domain redirect. So the URL is changed internally to your error page, and then an external redirect is done to correct the missing www. As a result, the browser is given the error document URL.

One way to get around it might be to define the ErrorDocument pages as static URLs, and then use mod_rewrite to redirect those URLs into the script. This does not fix the exposure of your custom error pages, but it will expose a static URL instead of a script query.

Another approach would be to exclude error documents from being redirected, even if requested in the wrong domain, by adding anothere RewriteCond to your domain redirect


RewriteCond %{REQUEST_URI} !^/error

Neither is really a fix. But Apache defines the order in which its modules process config files, and we can only control the order of directive processing on a per-module basis. Don't think of your code as a linear program; Think of it as a list of directives that is scanned in turn by each Apache module, and each module processes only the directives that it understands. Thus, the server sets the order in which modules run, and not us.

Also, in order to avoid possibly-major problems with the search engines, I strongly urge you to change your domain redirect rule to generate a 301-Moved Permanently redirect instead of a 302-Found; Use [R=301,L] or [R=permanent,L] in your domain redirect rule.

Jim

compooter

5:33 pm on Jan 16, 2004 (gmt 0)

10+ Year Member



It looks like the ErrorDocument directive is applied before the domain redirect. So the URL is changed internally to your error page, and then an external redirect is done to correct the missing www. As a result, the browser is given the error document URL.

That's exactly what is happening; I wasn't sure if my explanation was coming thru clear enough. Your rewriterule solution works perfectly for my needs.

...I strongly urge you to change your domain redirect rule to generate a 301-Moved Permanently redirect instead of a 302-Found; Use [R=301,L]...

Thanks! Done and done.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month