You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Alexander Lazic <al...@none.at> on 2006/03/28 16:09:17 UTC
[users@httpd] mod_rewrite and Location(Match)?
Hi,
we have a customer who needs a specific query-string and location
password protected.
The location is protected by LocationMatch containing Basic-Auth.
The setup in our webserver is:
---
<LocationMatch "apps/test">
AuthType Basic
AuthName "Auth-Part"
AuthUserFile /usr/local/apache/conf/.auth1htpasswd
AuthGroupFile /usr/local/apache/conf/.auth1htgroup
<Limit GET POST>
require group authgr1
</Limit>
</LocationMatch>
---
Some Requests do not have the 'apps/test' as prefix but the
query-string contains 'auth=require' which also requires
authentification.
We tried to solve this by using mod_rewrite.
Our setup is:
RewriteCond %{LA-U:REMOTE_USER} =""
RewriteCond %{QUERY_STRING} .*auth=require.*
RewriteRule ^.+$ /apps/test/\? [L,R,NS]
This causes every unauthorized request to be redirected to the protected
area.
---
.
.
.
<Directory /usr/local/apache/htdocs>
RewriteEngine on
RewriteRule ^/?test/?$ /apps/test.jsp?Param1=Value1&Param2=Val2 [QSA,NS]
</Directory>
<LocationMatch "\.jsp">
SetHandler app-handler
</LocationMatch>
.
.
.
<VirtualHost _default_:443>
.
.
<LocationMatch "\.jsp">
SetHandler weblogic-handler
</LocationMatch>
RewriteEngine on
RewriteRule ^/?test/?$ /apps/test.jsp?Param1=Value1&Param2=Val2 [QSA,NS]
</VirtualHost>
---
I have tested the setup with the aktiv RewriteRule in the VirtualHost
and inaktiv in the global Scope.
Apache try to get the file:
/usr/local/apache/htdocs/apps/test.jsp
[test.server/sid#82987b0][rid#8455820/initial] (1) go-ahead with \
/usr/local/apache/htdocs/apps/test.jsp [OK]
But when i deaktivate the RewriteRule in the VirtualHost and aktivate in
the global Scope the apache make the request to the Appserver.
[test.server/sid#8312088][rid#84766d0/initial/redir#1] (1) [per-dir \
/usr/local/apache/htdocs/] pass through /web/sportal3/htdocs/apps
Please can anybody help us.
regards
Alex
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] [addenum] Re: [users@httpd] mod_rewrite and Location(Match)?
Posted by Alexander Lazic <al...@none.at>.
Hi,
On Die 28.03.2006 18:24, Alexander Lazic wrote:
>
[snipp]
>in VirtualHost-Contex but i loose the user after the
>[INTERNAL REDIRECT].
[snipp]
>[test.server/sid#82733f8][rid#840b4e8/initial] (1) [per-dir \
>/usr/local/apache/htdocs/] internal redirect with /apps/test.jsp \
>[INTERNAL REDIRECT]
>
>[test.server/sid#82733f8][rid#8410950/initial/redir#1] (2) init rewrite \
>engine with requested uri /apps/test.jsp
i have added the function into the output:
[test.server/sid#8273438][rid#840e948/initial/redir#1] (2) \
hook_uri2file() init rewrite engine with requested uri /apps/test.jsp
Is there a know bug with mod_rewrite and %{LA-U:REMOTE_USER}?
I hav seen that should be fixed since 2.0.11 and haven't found any open
bug on http://issues.apache.org/bugzilla/?!
Regards
Alex
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] [Addnum] Re: [users@httpd] mod_rewrite and Location(Match)?
Posted by Alexander Lazic <al...@none.at>.
On Die 28.03.2006 18:24, Alexander Lazic wrote:
>Hi and thanks for help ;-),
>
>On Die 28.03.2006 10:52, Joshua Slive wrote:
>>
>>You were going in the right direction: you need to use mod_rewrite. I
>>thought that you explained that it worked when placed outside the
>><VirtualHost> but not inside. If so, you just leave it outside, but
>>set the inherit option as described above.
>
>I have know testet it with:
[snipped]
Sorry i have forgotten to tell you my env:
bin/httpd -V
Server version: Apache/2.0.55
Server built: Nov 14 2005 13:57:53
Server's Module Magic Number: 20020903:11
Architecture: 32-bit
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/worker"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_FCNTL_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D SHARED_CORE
-D HTTPD_ROOT="/usr/local/apache"
-D SUEXEC_BIN="/usr/local/apache/bin/suexec"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
on
SunOS 5.10 Generic i86pc i386 i86pc
Regards
Alex
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_rewrite and Location(Match)?
Posted by Alexander Lazic <al...@none.at>.
Hi,
On Die 04.04.2006 10:23, Joshua Slive wrote:
>On 4/4/06, Alexander Lazic <al...@none.at> wrote:
>
>> But as Joshua Slive wrote it is not an option :-(
>
>I don't think it is "not an option". But it does have significant
>disadvantages, so you would need to really demonstrate why it is
>crucial.
1.) If you don't need the mod_rewrite but you want to make *Match*
against the *full* request.
2.) It makes easier to make auth* areas with *Match* command against the
*full* request.
.
.
.
Is this setup so seldom?!
regards
Alex
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_rewrite and Location(Match)?
Posted by Joshua Slive <jo...@slive.ca>.
On 4/4/06, Alexander Lazic <al...@none.at> wrote:
> I would be nice if a LocationMatchFullURL check against 'unparsed_uri'
> or similar thing.
>
> But as Joshua Slive wrote it is not an option :-(
I don't think it is "not an option". But it does have significant
disadvantages, so you would need to really demonstrate why it is
crucial.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_rewrite and Location(Match)?
Posted by Alexander Lazic <al...@none.at>.
Hi,
On Son 02.04.2006 15:48, Robert Ionescu wrote:
>Alexander Lazic wrote:
>>in VirtualHost-Contex but i loose the user after the
>>[INTERNAL REDIRECT].
>
>I tried to reproduce it (very limited because you posted only some
>parts of the RewriteLog, so it's hard to reconstruct the exact
>processing), but it works for me.
Thanx ;-)
I would be nice if a LocationMatchFullURL check against 'unparsed_uri'
or similar thing.
But as Joshua Slive wrote it is not an option :-(
regards
Alex
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_rewrite and Location(Match)?
Posted by Robert Ionescu <ro...@googlemail.com>.
Alexander Lazic wrote:
> in VirtualHost-Contex but i loose the user after the
> [INTERNAL REDIRECT].
I tried to reproduce it (very limited because you posted only some parts
of the RewriteLog, so it's hard to reconstruct the exact processing),
but it works for me.
I attached the RewriteLog.
Used in virtual host:
RewriteEngine on
RewriteCond %{LA-U:REMOTE_USER} =""
RewriteCond %{QUERY_STRING} auth=require
RewriteRule ^/ - [F,NS]
DocumentRoot is /var/www
<LocationMatch "protect/test">
AuthName "test"
AuthType Basic
AuthUserFile ...
Require valid-user
</LocationMatch>
<Directory "/var/www">
RewriteEngine on
RewriteRule ^protect/test/?$ /protect/test.php [L]
Options FollowSymlinks
</Directory>
Request was /protect/test, rewritten to /protect/test.php (physically
/var/www/protect/test.php) in per-dir context.
I can't reproduce jsp settings here.
--
Robert
Re: [users@httpd] mod_rewrite and Location(Match)?
Posted by Alexander Lazic <al...@none.at>.
Hi and thanks for help ;-),
On Die 28.03.2006 10:52, Joshua Slive wrote:
>
>You were going in the right direction: you need to use mod_rewrite. I
>thought that you explained that it worked when placed outside the
><VirtualHost> but not inside. If so, you just leave it outside, but
>set the inherit option as described above.
I have know testet it with:
RewriteEngine on
RewriteOptions inherit
RewriteCond %{LA-U:REMOTE_USER} =""
RewriteCond %{QUERY_STRING} .*auth=require.*
RewriteRule ^.+$ - [L,F]
in VirtualHost-Contex but i loose the user after the
[INTERNAL REDIRECT].
---
[test.server/sid#82733f8][rid#840b4e8/initial] (5) lookahead: \
path=/apps/test var=REMOTE_USER -> val=al
[test.server/sid#82733f8][rid#840b4e8/initial] (4) RewriteCond: \
input='al' pattern='=""' => not-matched
[test.server/sid#82733f8][rid#840b4e8/initial] (1) pass through \
/apps/test
[test.server/sid#82733f8][rid#840b4e8/initial] (3) [per-dir
/usr/local/apache/htdocs/] add path info postfix: \
/usr/local/apache/htdocs/apps -> /usr/local/apache/htdocs/apps/test
[test.server/sid#82733f8][rid#840b4e8/initial] (2) [per-dir \
/usr/local/apache/htdocs/] rewrite apps/test -> /apps/test.jsp?auth=require
[test.server/sid#82733f8][rid#840b4e8/initial] (1) [per-dir \
/usr/local/apache/htdocs/] internal redirect with /apps/test.jsp \
[INTERNAL REDIRECT]
[test.server/sid#82733f8][rid#8410950/initial/redir#1] (2) init rewrite \
engine with requested uri /apps/test/sportal.jsp
....
[test.server/sid#82733f8][rid#8412a50/subreq] (1) pass through \
/apps/test.jsp
[test.server/sid#82733f8][rid#8410950/initial/redir#1] (5) lookahead: \
path=/apps/test.jsp var=REMOTE_USER -> val=
---
>And you should remove the <Limit GET POST> and </Limit> lines, which
>are unnecessary and quite possibly a security risk. See the docs for
><Limit>.
Ok, thanx.
Regards.
Alex
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_rewrite and Location(Match)?
Posted by Joshua Slive <jo...@slive.ca>.
On 3/28/06, Alexander Lazic <al...@none.at> wrote:
> >> But when i deaktivate the RewriteRule in the VirtualHost and aktivate
> >> in the global Scope the apache make the request to the Appserver.
> >
> >That's a confusing problem description, but I think what you want is
> >RewriteEngine On
> >RewriteOptions inherit
> >in the <VirtualHost> container.
>
> After rereading you are right, sorry :-(
>
> I try to make it cleaner.
>
> With LocationMatch i can make a basic-auth area:
>
> ---
> <LocationMatch "apps/test">
> AuthType Basic
> AuthName "Auth-Part"
> AuthUserFile /usr/local/apache/conf/.auth1htpasswd
> AuthGroupFile /usr/local/apache/conf/.auth1htgroup
>
> <Limit GET POST>
> require group authgr1
> </Limit>
> </LocationMatch>
> ---
>
> How can i make this similar for a part of query-string?
You were going in the right direction: you need to use mod_rewrite. I
thought that you explained that it worked when placed outside the
<VirtualHost> but not inside. If so, you just leave it outside, but
set the inherit option as described above.
And you should remove the <Limit GET POST> and </Limit> lines, which
are unnecessary and quite possibly a security risk. See the docs for
<Limit>.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_rewrite and Location(Match)?
Posted by Alexander Lazic <al...@none.at>.
Hi,
On Die 28.03.2006 09:17, Joshua Slive wrote:
>On 3/28/06, Alexander Lazic <al...@none.at> wrote:
>>
>> But when i deaktivate the RewriteRule in the VirtualHost and aktivate
>> in the global Scope the apache make the request to the Appserver.
>
>That's a confusing problem description, but I think what you want is
>RewriteEngine On
>RewriteOptions inherit
>in the <VirtualHost> container.
After rereading you are right, sorry :-(
I try to make it cleaner.
With LocationMatch i can make a basic-auth area:
---
<LocationMatch "apps/test">
AuthType Basic
AuthName "Auth-Part"
AuthUserFile /usr/local/apache/conf/.auth1htpasswd
AuthGroupFile /usr/local/apache/conf/.auth1htgroup
<Limit GET POST>
require group authgr1
</Limit>
</LocationMatch>
---
How can i make this similar for a part of query-string?
As the doc say it is impossible with LocationMatch:
--- http://httpd.apache.org/docs/2.0/mod/core.html.en#location
For all origin (non-proxy) requests, the URL to be matched is a URL-path
of the form /path/. No scheme, hostname, port, or query string may be
included. For proxy requests, the URL to be matched is of the form
scheme://servername/path, and you must include the prefix.
---
Regards
Alex
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_rewrite and Location(Match)?
Posted by Joshua Slive <jo...@slive.ca>.
On 3/28/06, Alexander Lazic <al...@none.at> wrote:
>
> But when i deaktivate the RewriteRule in the VirtualHost and aktivate in
> the global Scope the apache make the request to the Appserver.
That's a confusing problem description, but I think what you want is
RewriteEngine On
RewriteOptions inherit
in the <VirtualHost> container.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org