Welcome to WebmasterWorld Guest from 35.172.100.232

Forum Moderators: phranque

RewriteRule, transparent redirect to subdomain

     
6:59 am on Sep 12, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:Mar 15, 2013
posts: 1165
votes: 118


When my users go to:

www.example.com

I currently show them information that's located at:

www.example.com/foo/bar/

On the server, this is located at:

/home/example/public_html/foo/bar

So I use this in the .htaccess that's located at /home/example/public_html/.htaccess:

RewriteEngine on

RewriteCond %{HTTP_HOST} example\.com [NC]
RewriteCond %{REQUEST_URI} !^/(foo/bar|images|cgi-bin)
RewriteRule ^(.*)$ foo/bar/$1 [QSA,L]


But now I would like to change it to show them what's at:

ww2.example.com/foo/bar

where "ww2" is a subdomain. On the server, it's located at /home/example/ww2.example.com/foo/bar (so before the /public_html/ directory).

I tried this modification using a relative path, but got a 400 error:

RewriteEngine on

RewriteCond %{HTTP_HOST} example\.com [NC]
RewriteCond %{REQUEST_URI} !foo/bar
RewriteCond %{REQUEST_URI} !^/(images|cgi-bin)
RewriteRule ^(.*)$ ../ww2.example.com/foo/bar/$1 [QSA,L]


Can you guys and gals suggest how I might get this to load the desired page?
7:46 am on Sept 12, 2019 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11817
votes: 236


i would suggest using a proxy request which you can implement by modifying your RewriteRule and using the [P] flag.
https://httpd.apache.org/docs/current/rewrite/flags.html#flag_p

btw the [QSA] flag is unnecessary unless you are using a query string in the target of the RewriteRule.
8:16 pm on Sept 12, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 20, 2006
posts:2152
votes: 89


Doesn't one of the Moderators help people with rewrite rules here?
[webmasterworld.com...]

As a marketer who often uses appended parameters to track Source / Medium, I'd say always include QSA.

The /public_html/ directory is the web readable root.
Use symlinks if you want another folder, at that level, to serve.
Upstream in the folder hierarchy, for security reasons, the files should not be web readable.

[edited by: phranque at 11:23 pm (utc) on Sep 12, 2019]
[edit reason] see charter [/edit]

11:10 pm on Sept 12, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:Mar 15, 2013
posts: 1165
votes: 118


A symlink isn't a bad idea at all! I'd forgotten about [P], but wouldn't that be pretty slow? If so then a symlink might be the better option. I haven't done that in awhile... I guess it's a simple matter of:

# Via SSH
cd /home/example/public_html
ln -s /home/example/ww2.example.com ww2

# .htaccess
RewriteEngine on

RewriteCond %{HTTP_HOST} example\.com [NC]
RewriteCond %{REQUEST_URI} !^/(foo/bar|images|cgi-bin)
RewriteRule ^(.*)$ ww2/foo/bar/$1 [QSA,L]


For whatever reason, the server created the subdomain before the /public_html/. I'm not sure why... I don't know if it's an Apache thing, or maybe a WHM/cPanel thing?

As for QSA, I use occasional appended params, too, so have always used it in a "why not?" kind of way. Does it make it any slower or anything? If so then now would be a good time to work on alternatives.
11:17 pm on Sept 12, 2019 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11817
votes: 236


As a marketer who often uses appended parameters to track Source / Medium, I'd say always include QSA.

since you probably haven't accessed the document i referenced above, i'll quote another section as explanation:
When the replacement URI contains a query string, the default behavior of RewriteRule is to discard the existing query string, and replace it with the newly generated one. Using the [QSA] flag causes the query strings to be combined.

Consider the following rule:

RewriteRule "/pages/(.+)" "/page.php?page=$1" [QSA]


With the [QSA] flag, a request for /pages/123?one=two will be mapped to /page.php?page=123&one=two. Without the [QSA] flag, that same request will be mapped to /page.php?page=123 - that is, the existing query string will be discarded.

(source: https://httpd.apache.org/docs/current/rewrite/flags.html#flag_qsa )

therefore it is clearly unnecessary unless the "Target" of the RewriteRule contains a query string.
11:47 pm on Sept 12, 2019 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11817
votes: 236


A symlink isn't a bad idea at all!

i would recommend against that solution!
a secure apache server would prevent apache from following symlinks using this configuration directive:
Options -FollowSymLinks
12:46 am on Sept 13, 2019 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4453
votes: 330


Is
Options +SymLinksIfOwnerMatch 
any better?
10:05 am on Sept 13, 2019 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11817
votes: 236


Note from the description of the SymLinksIfOwnerMatch option:
This option should not be considered a security restriction, since symlink testing is subject to race conditions that make it circumventable.

source: https://httpd.apache.org/docs/2.4/mod/core.html#options

a secure apache server would prevent apache from following symlinks using this configuration directive:
Options -FollowSymLinks

ignore this brain f@rt.
SymLinks are required for RewriteEngine On to work.

A symlink isn't a bad idea at all!

i would recommend against that solution!

i still don't think it's a secure practice to create a symlink to a folder outside the public_html directory.
11:22 am on Sept 13, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10281
votes: 1049


Just have to ask the question: Why have anything outside the public folder? Willing to be convinced if there is a valid reason to do that!
6:53 pm on Sept 13, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:Mar 15, 2013
posts: 1165
votes: 118


In my particular case, I'm the only one with root or SSH access to the server, so I don't think that there's much of a risk with symlinks. I remember using them several years back when I had multiple accounts (of my own) that I wanted to share directories, but that stopped working a few updates ago and I never could figure out why :-(

I also see that there's a default symlink of /www/ to /public_html/, so turning off symlinks by default might break a lot of programs.

@tangor, when I set up a subdomain in WHM/cPanel it automatically created it outside of public_html. Other than that, the only time I would usually set up something outside of public_html is when I use text files that I want to be accessed by programs but not by the general public.
1:24 am on Sept 14, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15804
votes: 845


But now I would like to change it to show them what's at:

ww2.example.com/foo/bar

I don't believe you can do it in htaccess. Rewriting simply doesn’t go above the document root.

:: quick detour to docs [httpd.apache.org] to make sure they haven't changed anything, as I'm still new to 2.4 ::
Note that the PT flag is implied in per-directory contexts such as <Directory> sections or in .htaccess files.
(And I'm pretty sure you can't do anything involving mod_proxy [P] in htaccess, so scratch that.)

But if you're rewriting to a php file, you can put almost any kind of filepath in there, so long as you end up in a space you control.
7:50 am on Sept 14, 2019 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11817
votes: 236


you got the QSA thing all twisted up

please explain.
7:55 am on Sept 14, 2019 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11817
votes: 236


(And I'm pretty sure you can't do anything involving mod_proxy [P] in htaccess, so scratch that.)


the [P] flag uses the RewriteRule directive, which is valid in the following contexts:
- server config
- virtual host
- directory
- .htaccess
5:45 pm on Sept 14, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15804
votes: 845


:: detour for extensive experimentation on test site ::

OK, you can use the [P] flag in htaccess--at least on some servers in some circumstances. If you repeat the experiment I made--simply rewriting requests for http://example.first/somepage to http://example.second/someotherpage--the results are more horrific than you can imagine, since what you get is the content of the page at example.second using the styles from example.first. (Just like a rewrite, except it involves a different site.) If you're proxying only to serve images, this will obviously not be a problem, but it's a useful demonstration of what's happening.

The two caveats I can see:
#1 since this is being done in htaccess, meaning that you can't write any <Proxy> rules, the [P] target can only be a site that is reachable by name via its own DNS, which in turn means you have to make extra sure that images.example.com doesn't get indexed in its own right. (This would also seem to mean that you can proxy into other people's sites, which is scary. My experimenting happened to involve two sites living in the same userspace on the same server; don't know if that makes a difference.)
#2 if the target site is https, you need some extra preparation. When using the [P] flag with my test site (https) as the target, I get this pair of errors:
[Sat Sep 14 09:55:45.816499 2019] [ssl:error] [pid 18133] [remote 2607:f298:5:105b::blahblah] AH01961: SSL Proxy requested for example.com:443 but not enabled [Hint: SSLProxyEngine]
[Sat Sep 14 09:55:45.816580 2019] [proxy:error] [pid 18133] AH00961: HTTPS: failed to enable ssl support for [2607:f298:5:105b::blahblah]:443 (example.com)
In logs the request comes through with a 500 error--what I call a low-grade 500, since it still permits my custom 500 page to be displayed. (A lethal syntax error would give you only a generic server error, since no content from the site can be retrieved.) This in turn leads to SSLProxyEngine [httpd.apache.org] which, again, can only be set up in config.
7:35 pm on Sept 14, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 20, 2006
posts:2152
votes: 89


please explain.


I already did, you ignored me then. The gave me suggested reading via your passive aggressive "since you probably haven't accessed the document i referenced above, i'll quote another section as explanation:"

Please re-read your answer:
With the [QSA] flag, a request for /pages/123?one=two will be mapped to /page.php?page=123&one=two. Without the [QSA] flag, that same request will be mapped to /page.php?page=123 - that is, the existing query string will be discarded.


If the incoming one=two is tracking info, without QSA, it will be discarded.
7:47 pm on Sept 14, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15804
votes: 845


If the incoming one=two is tracking info, without QSA, it will be discarded.
It will only be discarded if the target URL contains a query of its own, which by default replaces the former query. That includes targets with the null query, a final ? with nothing after it (equivalent to QSD flag, at a savings of three bytes, but really more about personal coding style). In the proposed RewriteRule that started this thread
RewriteRule ^(.*)$ foo/bar/$1 [QSA,L]
the target contains no new query, so it is not necessary to say anything about it. It will not do any harm, it just isn't needed.
8:08 pm on Sept 14, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:Mar 15, 2013
posts: 1165
votes: 118


For clarification, are you guys saying that [QSA] is only needed if I have hard-coded a query string in to the RewriteRule? Like:

RewriteRule ^(.*)$ foo/bar/$1?one=two [QSA,L]


@lucy24, that's excellent information about the [P] flag, I really appreciate all that you did there! I've only used [P] several years ago when moving to a new server and setting the old server to proxy the new one (for internet providers that hadn't seen the new IP yet). I didn't realize it would grab the styles from the origin, or the issues with SSL. I'm going to move to a new server again in a few weeks, so that's great information to have!
10:00 pm on Sept 14, 2019 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11817
votes: 236


are you guys saying that [QSA] is only needed if I have hard-coded a query string in to the RewriteRule?

this is correct
10:07 pm on Sept 14, 2019 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11817
votes: 236


Please re-read your answer:
With the [QSA] flag, a request for /pages/123?one=two will be mapped to /page.php?page=123&one=two. Without the [QSA] flag, that same request will be mapped to /page.php?page=123 - that is, the existing query string will be discarded.


If the incoming one=two is tracking info, without QSA, it will be discarded.

that does not apply to the OP's problem statement which included these directives (with no query string in the Target of the RewriteRule):
RewriteRule ^(.*)$ foo/bar/$1 [QSA,L]
...
RewriteRule ^(.*)$ ../ww2.example.com/foo/bar/$1 [QSA,L]

System

7:53 pm on Sept 15, 2019 (gmt 0)

redhat

 
 


To continue the discussion related to the QSA flag, 2 messages were cut out to new thread by not2easy. New thread at: apache/4964289.htm [webmasterworld.com]

[edited by: not2easy at 10:04 pm (utc) on Sep 15, 2019]

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members