You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Fabio S. Schmidt" <fa...@improve.inf.br> on 2017/03/11 13:07:54 UTC

[users@httpd] Apache 2.4 : Rewrite to keep the original URL

Hi,

I'm trying to setup an environment with a frontend interface which login
and redirects to my application.

The scenario is: The user access with webmail.domain.com and the login page
redirects to the application, running on the same host, but on port 81.

How could I keep the original URL? I mean, the browser should keep the "
webmail.domain.com" as the address.

My Apache configuration:

<VirtualHost *:443>
DocumentRoot "/var/www/html/login_domain"
DirectoryIndex index.html *.php
ServerName webmail.domain.com
SSLEngine on
SSLCertificateFile /etc/ssl/crt/apache.crt
SSLCertificateKeyFile /etc/ssl/crt/apache.key
        SSLCertificateChainFile /etc/ssl/crt/ca.crt
</VirtualHost>

<VirtualHost *:80>
DocumentRoot "/var/www/html/login_domain"
DirectoryIndex index.html *.php
ServerName  webmail.domain.com
</VirtualHost>

Kind regards.
Fabio S. Schmidt

Re: [users@httpd] Apache 2.4 : Rewrite to keep the original URL

Posted by Marat Khalili <mk...@rqc.ru>.
Best way is to avoid redirects completely: show requested application page if user is authenticated, otherwise show login page. This is what happens if you use apache authentication modules, like mode_auth_basic (warning: SSL is mandatory for it). Some applications use redirects, but pass original url in query string and hidden form fields.

From your scenario it is not clear how application will know that user actually passed login page and not typed application URL directly. Also, you'll need to securely pass user identity from login page to application. Generally, writing your own authentication is not recommended, because it's almost impossible to avoid major security blunders when you do it the first time.
-- 

With Best Regards,
Marat Khalili

On March 11, 2017 4:07:54 PM GMT+03:00, "Fabio S. Schmidt" <fa...@improve.inf.br> wrote:
>Hi,
>
>I'm trying to setup an environment with a frontend interface which
>login
>and redirects to my application.
>
>The scenario is: The user access with webmail.domain.com and the login
>page
>redirects to the application, running on the same host, but on port 81.
>
>How could I keep the original URL? I mean, the browser should keep the
>"
>webmail.domain.com" as the address.
>
>My Apache configuration:
>
><VirtualHost *:443>
>DocumentRoot "/var/www/html/login_domain"
>DirectoryIndex index.html *.php
>ServerName webmail.domain.com
>SSLEngine on
>SSLCertificateFile /etc/ssl/crt/apache.crt
>SSLCertificateKeyFile /etc/ssl/crt/apache.key
>        SSLCertificateChainFile /etc/ssl/crt/ca.crt
></VirtualHost>
>
><VirtualHost *:80>
>DocumentRoot "/var/www/html/login_domain"
>DirectoryIndex index.html *.php
>ServerName  webmail.domain.com
></VirtualHost>
>
>Kind regards.
>Fabio S. Schmidt

Re: [users@httpd] Apache 2.4 : Rewrite to keep the original URL

Posted by Robert Moskowitz <rg...@htt-consult.com>.
Fabio,

Right now I am not in the position to test this.  Your .conf attempt 
looks a LOT like what I tried.

I was told:

Rewriterules and https.  Actually, looking at what you have doesn't
really tell me why it gets applied to everything and not just the
webmail.  However, I'd say that your roundcubemail.conf is much
overworked.  We use something like that on openssl.org, but it
generally looks like this:

     <VirtualHost *:80>
             ServerAdmin webmaster@localhost
             ServerName ${HOSTNAME}
             ServerAlias ${HOSTALIASES}
     
             Redirect permanent /https://${HOSTNAME}/
     </VirtualHost>

Since you already know that the host is correct and that's the port 80
virtualhost, there's no point testing that with those RewriteCond you
have.  Also, Redirect is faster and preferable to RewriteRule for this
kind of stuff, seehttps://httpd.apache.org/docs/2.4/rewrite/avoid.html

Also, specifically for virtualhost config files, they should be
located in sites-available/ rather than conf.d/, see 'man a2ensite'.
conf.d/ is older style configuration of general stuff...  or well,
that's at least true for Debian, I'm not sure this is specific for
Debian distributions and their derivates or if it's a native Apache
thing.  You'll have to check the manuals to confirm.


I need to check out sites-available directory for Centos7...

But see what this does, and let me know!  I am at the IEEE 802 
conference this week, and testing is challenging right now.....


On 03/11/2017 05:07 AM, Fabio S. Schmidt wrote:
> Hi,
>
> I'm trying to setup an environment with a frontend interface which 
> login and redirects to my application.
>
> The scenario is: The user access with webmail.domain.com 
> <http://webmail.domain.com> and the login page redirects to the 
> application, running on the same host, but on port 81.
>
> How could I keep the original URL? I mean, the browser should keep the 
> "webmail.domain.com <http://webmail.domain.com>" as the address.
>
> My Apache configuration:
>
> <VirtualHost *:443>
> DocumentRoot "/var/www/html/login_domain"
> DirectoryIndex index.html *.php
> ServerName webmail.domain.com <http://webmail.domain.com>
> SSLEngine on
> SSLCertificateFile /etc/ssl/crt/apache.crt
> SSLCertificateKeyFile /etc/ssl/crt/apache.key
>         SSLCertificateChainFile /etc/ssl/crt/ca.crt
> </VirtualHost>
>
> <VirtualHost *:80>
> DocumentRoot "/var/www/html/login_domain"
> DirectoryIndex index.html *.php
> ServerName webmail.domain.com <http://webmail.domain.com>
> </VirtualHost>
>
> Kind regards.
> Fabio S. Schmidt