You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by James Moe <ji...@sohnen-moe.com> on 2015/06/26 07:16:28 UTC
[users@httpd] ReDirect question
apache v2.4.10
linux v3.16.7-21-desktop x86_64
I have reviewed the docs. I do not see what I have done incorrectly
with the first redirection below. The second Redirect is a fallback;
it works for the URL shown but the exact match does not.
Where have I gone astray?
Redirect /catalog/?app=ecom&ns=catshow&ref=books \
https://ya250.infusionsoft.com/app/storeFront/handleStoreFrontLink?displayType=Category&id=1&displayName=Books
Redirect /catalog/ https://sma-v3.sma.com/clickcart/
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Re: [users@httpd] ReDirect question
Posted by Kurtis Rader <kr...@skepticism.us>.
On Fri, Jun 26, 2015 at 10:15 PM, James Moe <ji...@sohnen-moe.com> wrote:
> The rewrite is in <.htaccess>. Other rewrites work as expected.
>
Okay then I feel quite confident in concluding the query string is not in
the form you expect. So I'll reinforce my earlier point that it is never a
good idea to perform a match on more than a single parameter at a time in a
query string using mod_rewrite. In the future, perhaps as part of this
migration, you or a coworker might make a change that alters the appearance
of that query string. Even an innocuous change that you don't believe will
alter the query string might have the unexpected side-effect of doing so.
And then your literal query string match will fail.
> That was one of the many variants I have tried. It does not work
> either. Since I cannot get logging to work either (grr), I cannot see
> what is happening.
Rather than trying to set LogLevel to include more verbose logging of the
rewrite module actions I would change the LogFormat to include the query
string. For example, this is the one I use:
LogFormat "%{%Y-%m-%dT%H:%M:%S}t %{sec}t.%{usec_frac}t %>s %{error-notes}e
%D %B %h %{Host}i \"%r\" \"%{User-Agent}i\"" krader_custom
CustomLog "/private/var/log/apache2/access.log" krader_custom
Notice the "%r". That logs the entire first line of the request. Here is
the log entry from the experiment I did to see if your rewrite rule works:
2015-06-26T18:01:39 1435366899.344840 200 - 228749 61272 ::1 localhost "GET
/?app=ecom&ns=catshow&ref=books HTTP/1.1" "curl/7.37.1"
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
Re: [users@httpd] ReDirect question
Posted by James Moe <ji...@sohnen-moe.com>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/26/2015 06:36 PM, Kurtis Rader wrote:
> So I submit to you that either the query string is not in the form
> you expect or there is something else wrong with your
> configuration. For example, perhaps you have the rewrite rule in
> the wrong container (i.e., server, location, directory, virtual
> host).
>
The rewrite is in <.htaccess>. Other rewrites work as expected.
> RewriteCond %{QUERY_STRING} =app=ecom&ns=catshow&ref=books
>
That was one of the many variants I have tried. It does not work
either. Since I cannot get logging to work either (grr), I cannot see
what is happening.
- --
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlWOMXYACgkQzTcr8Prq0ZN5IgCaApg8zqo4q5kzW0L8gwVNOSU5
XdgAoK48mhdhaLxhcW5fDKx9v4FxJ0Rh
=Cv9w
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] ReDirect question
Posted by Kurtis Rader <kr...@skepticism.us>.
On Fri, Jun 26, 2015 at 4:12 PM, James Moe <ji...@sohnen-moe.com> wrote:
> That is how our current shopping cart generates an URL to locate a
> page. It is completely predictable. I wish to match the Query String
> exactly as a string; I do not care about names and values.
> We are transitioning to another e-commerce service. I want to have
> the current store category URLs and a select number of product URLs
> re-directed to the new site's corresponding locations. Hence the
> rewrite rule.
Works for me. I added
RewriteCond %{QUERY_STRING} app=ecom&ns=catshow&ref=books
RewriteRule ^ /forbidden.php [END,E=error-notes:qstring-matched]
to my config and did a "apachectl graceful". I then did
curl -v 'http://localhost/?app=ecom&ns=catshow&ref=books' > x
and received my expected 403 /forbidden.php output. If I repeat the curl
command with a single character changed in the query string it no longer
matches that rewrite rule and I get the index page for my server. So I
submit to you that either the query string is not in the form you expect or
there is something else wrong with your configuration. For example, perhaps
you have the rewrite rule in the wrong container (i.e., server, location,
directory, virtual host).
P.S., If you want to match the query string literally rather than as a
pattern which matches a subset of the query string you should preface the
pattern with an equal-sign:
RewriteCond %{QUERY_STRING} =app=ecom&ns=catshow&ref=books
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
Re: [users@httpd] ReDirect question
Posted by James Moe <ji...@sohnen-moe.com>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/26/2015 01:36 PM, Kurtis Rader wrote:
> My question for James would be how do you know the query string has
> the parameters in that exact order?
>
That is how our current shopping cart generates an URL to locate a
page. It is completely predictable. I wish to match the Query String
exactly as a string; I do not care about names and values.
We are transitioning to another e-commerce service. I want to have
the current store category URLs and a select number of product URLs
re-directed to the new site's corresponding locations. Hence the
rewrite rule.
- --
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlWN3G8ACgkQzTcr8Prq0ZMr/gCeJQEeFXbHBKjHVzpw4pPzwubI
fkoAnRXzkwDOpbsjmI1SRIRypiqVdv+D
=U7l9
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] ReDirect question
Posted by Kurtis Rader <kr...@skepticism.us>.
On Fri, Jun 26, 2015 at 1:36 PM, Kurtis Rader <kr...@skepticism.us> wrote:
> My question for James would be how do you know the query string has the
> parameters in that exact order? Unless the query string has been
> hand-crafted you cannot assume the parameters will appear in any specific
> order. Also, your pattern doesn't handle the case where the parameters are
> separated by semicolons (which is a legal alternative to ampersand). In
> general matching against QUERY_STRING is very difficult to do in a robust
> manner.
>
P.S., Here is an example from my config of how to robustly check for the
presence of a specific query string parameter. In this case I'm looking for
a reference to the WordPress "Revolution Slider" plugin which has had
numerous security flaws and I will never install on my site as a
consequence.
# Malware loves to probe for revslider plugin vulnerabilities. Since we
don't
# use it (and never will given its history of vulnerabilities) blacklist
# references to it. This is related to the blacklisted-path rules above.
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/revslider/ [NC,OR]
RewriteCond %{QUERY_STRING} (?:^|&|;)action=revslider_ajax_action(?:&|;|$)
[NC,OR]
RewriteCond %{QUERY_STRING} (?:^|&|;)action=revslider_show_image(?:&|;|$)
[NC]
RewriteRule ^ /blocked.php [END,E=error-notes:probe-for-revslider-plugin]
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
Re: [users@httpd] ReDirect question
Posted by Kurtis Rader <kr...@skepticism.us>.
On Fri, Jun 26, 2015 at 12:34 PM, Eric Covener <co...@gmail.com> wrote:
> On Fri, Jun 26, 2015 at 3:21 PM, James Moe <ji...@sohnen-moe.com> wrote:
> > RewriteCond %{QUERY_STRING} app=ecom&ns=catshow&ref=books
> > RewriteRule ^
> >
> https://ya250.infusionsoft.com/app/storeFront/handleStoreFrontLink?displayType=Category&id=1&displayName=Books
> > [R=301,L]
>
> RewriteRule matches aginstt just the path, without the scheme host or
> query string.
That isn't the issue in this example. Notice that the rewrite rule pattern
is simply "^" which will match any path as it simply tests that the path
has a beginning (i.e., it anchors any subsequent part of the pattern to the
start of the path).
My question for James would be how do you know the query string has the
parameters in that exact order? Unless the query string has been
hand-crafted you cannot assume the parameters will appear in any specific
order. Also, your pattern doesn't handle the case where the parameters are
separated by semicolons (which is a legal alternative to ampersand). In
general matching against QUERY_STRING is very difficult to do in a robust
manner.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
Re: [users@httpd] ReDirect question
Posted by Eric Covener <co...@gmail.com>.
On Fri, Jun 26, 2015 at 3:21 PM, James Moe <ji...@sohnen-moe.com> wrote:
> RewriteCond %{QUERY_STRING} app=ecom&ns=catshow&ref=books
> RewriteRule ^
> https://ya250.infusionsoft.com/app/storeFront/handleStoreFrontLink?displayType=Category&id=1&displayName=Books
> [R=301,L]
RewriteRule matches aginstt just the path, without the scheme host or
query string.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] ReDirect question
Posted by James Moe <ji...@sohnen-moe.com>.
On 06/25/2015 10:18 PM, Eric Covener wrote:
>>
>> Redirect /catalog/?app=ecom&ns=catshow&ref=books \
>> https://ya250.infusionsoft.com/app/storeFront/handleStoreFrontLink?displayType=Category&id=1&displayName=Books
>>
>
>>
> Redirect doesn't match against the query string. Try mod_rewrite.
>
The original URL is
http://sma-v3.sma.com/catalog/?app=ecom&ns=catshow&ref=books
I then tried this:
RewriteEngine on
RewriteCond %{QUERY_STRING} app=ecom&ns=catshow&ref=books
RewriteRule ^
https://ya250.infusionsoft.com/app/storeFront/handleStoreFrontLink?displayType=Category&id=1&displayName=Books
[R=301,L]
It does not match either. :-(
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Re: [users@httpd] ReDirect question
Posted by Eric Covener <co...@gmail.com>.
On Fri, Jun 26, 2015 at 1:16 AM, James Moe <ji...@sohnen-moe.com> wrote:
>
> apache v2.4.10
> linux v3.16.7-21-desktop x86_64
>
> I have reviewed the docs. I do not see what I have done incorrectly
> with the first redirection below. The second Redirect is a fallback;
> it works for the URL shown but the exact match does not.
> Where have I gone astray?
>
> Redirect /catalog/?app=ecom&ns=catshow&ref=books \
>
> https://ya250.infusionsoft.com/app/storeFront/handleStoreFrontLink?displayType=Category&id=1&displayName=Books
>
> Redirect /catalog/ https://sma-v3.sma.com/clickcart/
Redirect doesn't match against the query string. Try mod_rewrite.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org