[users@httpd] RE: Rewrite conflicts with partial downloads

["Belov, Charles" <Ch...@sfmta.com>]

I appear to have found a workable solution.

> -----Original Message-----
> From: Belov, Charles 
> Sent: Tuesday, February 15, 2011 11:53 AM
> To: 'users@httpd.apache.org'
> Subject: Rewrite conflicts with partial downloads
> 
> The SFMTA has various archival documents on the www.sfmta.com 
> website which we need to retain without modification for 
> public disclosure.  As the documents have the potential of 
> being mistaken for current information, I put in a feature in 
> which a request that comes in without a referer from a 
> document's parent directory will be shown a warning page 
> informing the requestor that the document is archival.  They 
> can then follow an altered link to the document which will 
> not require an authorized referer.
> 
> I had to back this change out because it turns out that when 
> Internet Explorer (and possibly other browsers) do this 
> download, it sends a referer for the initial request but then 
> sends additional partial requests without the referer.  So 
> the first part of the file gets downloaded, then requests for 
> additional parts of the file get redirected to the warning 
> page, causing Internet Explorer to freeze.
> 
> The question is, is there a way I can indicate to mod_rewrite 
> that this is a follow-up partial request -- that is, detect 
> the range request header -- and that it is not to do a 
> rewrite of the URL?
> 
> I plan to separately report this as a bug to Microsoft, but 
> in the meantime, site visitors need to be able to access the 
> file without freezing their browser.  So the question is, is 
> there a way I can prevent the rewrite in the case of a 
> partial request?
> 
> Details follow:
> 
> Example file of interest:  
> http://www.sfmta.com/cms/cmta/documents/2-15-11Item11.pdf
> 
> Example referer:
> http://www.sfmta.com/cms/cmta/SFMTABoardFeb.152011SpecialMeeti
> ngagenda.htm
> 
> .htaccess rewrite code for the /cms/cmta/documents directory 
> (currently backed out):
> 

Corrected solution .htaccess file, currently implemented in /cmta_test/
directory.

# /cms/cmta/documents/.htaccess

# if someone enters just www.sfmuni.com/cmta/, go to this page
DirectoryIndex mtaindx.htm

# if not referred from cmta and not an override, give warning before
allowing
RewriteEngine On
RewriteCond %{HTTP_REFERER}
!^http://(www\.)?sfmta\.com/cms/cmta(_test)?/ [NC]
RewriteCond %{HTTP_REFERER}
!^https://sfmta\.securesites\.net/cms/cmta(_test)?/ [NC]
RewriteCond %{QUERY_STRING} !^giveMeTheArchive$
RewriteRule ^(.*)$
/cms/asystem/302-archive-warning.php?request=/cms/cmta/documents/$1
[R=303,L]

# and feed back that the location is without the query part
# and that only the SFMTA.com location is to be indexed
SetEnvIf request_uri "^/(.*)$" this_request_uri=$1
Header set Location "http://www.sfmta.com/%{this_request_uri}e"

# prevent partial downloads for IE 
SetEnv acceptranges=bytes
BrowserMatchNoCase msie acceptranges=none 
Header set Accept-Ranges %{acceptranges}e

> 
> www.sfmta.com/cms/asystem/302-archive-warning.php?request=/cms
/cmta/documents/2-15-11Item11.pdf
> will give a warning page which produces a sanitized link to 
> http://www.sfmta.com/cms/cmta/documents/2-15-11Item11.pdf?give
> MeTheArchive
> 
> Server log for a sample Internet Explorer request:
> 
> Request 1 at 9:21:06 PT: 
> GET /cms/cmta/documents/2-15-11Item11.pdf HTTP/1.1
> Referer: 
> http://www.sfmta.com/cms/cmta/SFMTABoardFeb.152011SpecialMeeti
> ngagenda.htm
> Result:  200 OK status, 751,863 bytes 
> 
> Request 2 at 9:21:07 PT:
> GET /cms/cmta/documents/2-15-11Item11.pdf HTTP/1.1
> Referer: -
> Result:  303 See Other status, 253 bytes
> 
> Request 3 at 9:21:07 PT
> GET 
> /cms/asystem/302-archive-warning.php?request=/cms/cmta/documen
> ts/2-15-11Item11.pdf HTTP/1.1
> Referer: -
> Result:  416 Requested Range Not Satisfiable status, 230 bytes
> 
> Well, of course there is a 416, since the request is no 
> longer for the PDF but for the warning page.  But it's a moot 
> point, since the task was in trouble as of request 2 when it 
> came in without a referer, even though it's a follow-up on 
> request 1, which did have the referer, and got redirected.
> 

The issue is that by adding the header Accept-Ranges, it prevents
Internet Explorer from following up with a content-range request.
However, Firefox, which does provide a referer in conjunction with
content-range requests, displays a blank document in place of the PDF if
I send it the Accept-Ranges: none header.

BrowserMatch doesn't seem to allow me to conditionally send a header
only for IE, at least so far as I can tell by the documentation, and
none of the <...> directives seem to allow me to branch by browser.


 
Hope this helps,
Charles Belov
SFMTA Webmaster

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] RE: Rewrite conflicts with partial downloads

[Igor Galić <i....@brainsware.org>]

> Corrected solution .htaccess file, currently implemented in
> /cmta_test/
> directory.

Sorry to only chime in now - but I don't have enough of a clue
about mod_rewrite, so I don't feel comfortable answering more
complex questions.

The one thing I do know is that we do not recommend putting
RewriteRules in .htaccess, when you have access to the server's
configuration files.

http://wiki.apache.org/httpd/RewriteContext

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org