You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Andreas Ley <An...@kit.edu> on 2015/07/23 15:45:06 UTC
[users@httpd] matching when should match
Hello!
I have a configuration (apache 2.2, soon 2.4) which basically is
<VirtualHost 10.1.2.3:80>
DocumentRoot /var/www
<Location /server-status>
SetHandler server-status
</Location>
<Directory /var/www/>
RewriteEngine On
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI}
</Directory>
</VirtualHost>
(of course there is another VirtualHost on port 443)
I want to redirect all requests for _filesystem_ objects to a secure
connection, but the non-filesystem object served via a handler should
be available unencrypted. (FYI: I use the server-status for health
check by a loadbalancer, but the documents are protected by shibboleth)
However, also requests for /server-status get redirected :( Documentation
says "Enclose a group of directives that apply only to the named file-system
directory, sub-directories, and their contents." Cleary /server-status is
not within /var/www ...
My naive imagination would be that apache performs a url-to-filesystem-
path conversion, and only if the outcome really is a directory or a file,
then applies the corresponding directives. Either this is not the case,
or I'm missing something completly :(
There is a hidden hint in the docs for RewriteCond:
"REQUEST_FILENAME The full local filesystem path to the file or script
matching the request, if this has already been determined by the server
at the time REQUEST_FILENAME is referenced. Otherwise, such as when used
in virtual host context, the same value as REQUEST_URI. Depending on the
value of AcceptPathInfo, the server may have only used some leading
components of the REQUEST_URI to map the request to a file."
After reading this, I tried
RewriteCond "%{LA-U:REQUEST_FILENAME}" "/var/www/.*"
with no effect :(
Is there anybody familiar enough with how apache's working to explain
what's happening here? Or better yet, does somebody have any idea how
to accomplish what I'm seeking to do, i.e. redirecting all filesystem
objects while leaving alone all "virtual" URLs?
TIA, Andy
--
Andreas Ley, SCC, Karlsruhe Institute of Technology (KIT), D-76128 Karlsruhe
E-Mail: Andreas.Ley@kit.edu, Telephone: +49 721 608 46341, Fax: +49 721 32550
From the home of the imaginary deadlines:
"It will take 2i weeks to do that project." -- Michael Sinz
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] matching when should match
Posted by Eric Covener <co...@gmail.com>.
On Thu, Jul 23, 2015 at 9:45 AM, Andreas Ley <An...@kit.edu> wrote:
> However, also requests for /server-status get redirected :( Documentation
> says "Enclose a group of directives that apply only to the named file-system
> directory, sub-directories, and their contents." Cleary /server-status is
> not within /var/www ...
Your issue is partially due to how mod_status is configured only via
SetHandler. Nothing actually stops other phases of Apache processing
from mapping /server-status to $docroot/server-status, it's just that
the module that serves static files [separate from how URLs are mapped
to the filesystem) is pre-empted by mod_status.
Something like mod_proxy OTOH, would have short-circuited that URL to
filesystem mapping.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] matching when should match
Posted by Christian Hettler <ch...@asknet.de>.
hello Andy,
one possible solution to your problem will be
an additional VirtualHost on port 80 for server-status.
Christian
--
asknet AG * Vincenz-Priessnitz-Str. 3 * D-76131 Karlsruhe
fon: +49 721 96458 6445 * fax: +49 721 96458 9445 * web: http://www.asknet.com
executive board: Tobias Kaulfuss (CEO), Ute Imhof (COO)
chairman of the supervisory board: Dr. Joachim Bernecker * HRB 108713 Mannheim
On Thu, Jul 23, 2015 at 03:45:06PM +0200, Andreas Ley wrote:
> Hello!
>
> I have a configuration (apache 2.2, soon 2.4) which basically is
>
> <VirtualHost 10.1.2.3:80>
> DocumentRoot /var/www
> <Location /server-status>
> SetHandler server-status
> </Location>
> <Directory /var/www/>
> RewriteEngine On
> RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI}
> </Directory>
> </VirtualHost>
>
> (of course there is another VirtualHost on port 443)
>
> I want to redirect all requests for _filesystem_ objects to a secure
> connection, but the non-filesystem object served via a handler should
> be available unencrypted. (FYI: I use the server-status for health
> check by a loadbalancer, but the documents are protected by shibboleth)
>
> However, also requests for /server-status get redirected :( Documentation
> says "Enclose a group of directives that apply only to the named file-system
> directory, sub-directories, and their contents." Cleary /server-status is
> not within /var/www ...
>
> My naive imagination would be that apache performs a url-to-filesystem-
> path conversion, and only if the outcome really is a directory or a file,
> then applies the corresponding directives. Either this is not the case,
> or I'm missing something completly :(
>
> There is a hidden hint in the docs for RewriteCond:
> "REQUEST_FILENAME The full local filesystem path to the file or script
> matching the request, if this has already been determined by the server
> at the time REQUEST_FILENAME is referenced. Otherwise, such as when used
> in virtual host context, the same value as REQUEST_URI. Depending on the
> value of AcceptPathInfo, the server may have only used some leading
> components of the REQUEST_URI to map the request to a file."
>
> After reading this, I tried
> RewriteCond "%{LA-U:REQUEST_FILENAME}" "/var/www/.*"
> with no effect :(
>
> Is there anybody familiar enough with how apache's working to explain
> what's happening here? Or better yet, does somebody have any idea how
> to accomplish what I'm seeking to do, i.e. redirecting all filesystem
> objects while leaving alone all "virtual" URLs?
>
> TIA, Andy
>
> --
> Andreas Ley, SCC, Karlsruhe Institute of Technology (KIT), D-76128 Karlsruhe
> E-Mail: Andreas.Ley@kit.edu, Telephone: +49 721 608 46341, Fax: +49 721 32550
> From the home of the imaginary deadlines:
> "It will take 2i weeks to do that project." -- Michael Sinz
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org