I'm trying to set up mod proxy to block all traffic except to a specific domain. I can configure it to block individual domains using the ProxyBlock directive, and I can block everything using ProxyBlock *. Is there a way to block everything but one domain?
Thanks,
-Andrew
On apache 2.2 you need to have 2 proxy sections.
ProxyRequests On
ProxyVia On
# block all domains except our target
<ProxyMatch ^((?!www\.proxytarget\.com).)*$>
Order deny,allow
Deny from all
</ProxyMatch>
# here goes your usual proxy configuration...
<ProxyMatch www\.proxytarget\.com >
Order deny,allow
Deny from all
Allow from 127.0.0.1
</ProxyMatch>
On apache 2.4 it would be much easier because you could use the If directive instead of that regexp to invert the match for the domain name.
Note: I got that regexp from Invert match with regexp
Try:
ProxyBlock *
ProxyPass <path> <destination>
See if that works.
EDIT: scratch that. I think you have to get creative here with mod_rewrite (the basic reference is at http://httpd.apache.org/docs/current/rewrite/proxy.html):
RewriteCond %{HTTP_HOST} =allowtoproxy.com
RewriteRule ^/(.*)$ http://proxytarget.com/$1 [P]
ProxyPassReverse / http://proxytarget.com/
Try that?
Try this code:
RewriteEngine On
# Testing URLs
RewriteCond %{HTTP_HOST} !google.co.uk [NC]
RewriteCond %{HTTP_HOST} !bbc.co.uk [NC]
RewriteCond %{HTTP_HOST} !amazon.com [NC]
RewriteCond %{HTTP_HOST} !centos.org [NC]
RewriteCond %{HTTP_HOST} !opensuse.org [NC]
# Url to redirect to if not in allowed list
RewriteRule (.*) http://example.org/notallowed.htm
Related
<LocationMatch /foo/>
ProxyPreserveHost On
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule .* "ws://192.168.0.101:1234%{REQUEST_URI}" [P]
when client connects to
ws://www.example.com/foo/whatever_arbitrary_random
this works great, but the outcome is
ws://192.168.0.101:1234/foo/whatever_arbitrary_random
how can i get rid of the /foo/ so the outcome would be
ws://192.168.0.101:1234/whatever_arbitrary_random
client must still need to connect to /foo/ to trigger this
EDIT: I found how to do it, replace last line with
RewriteRule ([^/]+)/?$ ws://192.168.0.101:1234/$1 [P,L]
But please read the first answer suggesting not to do this in a Location
You shouldn't use mod_rewrite directives inside <Location> (and <LocationMatch>) containers.
UPDATE: As stated in the Apache docs for the RewriteRule directive:
Although rewrite rules are syntactically permitted in <Location> and <Files> sections (including their regular expression counterparts), this should never be necessary and is unsupported. A likely feature to break in these contexts is relative substitutions.
<Location> sections are merged very late. When used inside a <Location> section, the RewriteRule directive matches the absolute filesystem-path, not the URL-path as would ordinarily be expected.
If .htaccess overrides are disabled then you can do it like this instead inside the appropriate <Directory> container:
<Directory /path/to/foo>
# Disable .htaccess overrides if not already
AllowOverride None
ProxyPreserveHost On
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule .* ws://192.168.0.101:1234/$0 [P]
</Directory>
The backreference $0 naturally excludes /foo/.
UPDATE:
RewriteRule ([^/]+)/?$ ws://192.168.0.101:1234/$1 [P,L]
This only matches the last path segment, it doesn't strictly match everything after /foo/. This may or may not be OK, depending on your requests. eg. It will redirect a request for /foo/bar/baz to /baz only, not /bar/baz.
The regex should really be anchored. However, you've probably written it this way because the directive is inside a <Location> section and matches the absolute file-path, rather than the requested URL-path.
Incidentally, you don't need the L flag when used with P - it is implied.
An alternative to the above... you don't need to use these directvies in a directory context (ie. inside a <Directory> or <Location> section). You can instead place these rules directly in the <VirtualHost> container (a virtualhost context), in which case they should be written like this instead:
ProxyPreserveHost On
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/foo/(.*) ws://192.168.0.101:1234/$1 [P]
I have a SilverStripe website which I'd like to always use the www domain prefix and always use https.
So:
http://example.com
http://www.example.com
https://example.com
Would all redirect to:
https://www.example.com
However when I put the following lines in /app/_config.php:
Director::forceWWW();
Director::forceSSL();
I get a redirect loop. The same thing happens if I swap the order:
Director::forceSSL();
Director::forceWWW();
Does this mean that Director::forceWWW() and Director::forceSSL() can't be used together?
What configuration should I use to get my desired outcome?
I think you are correct in that forceWWW() and forceSSL() can't be used together.
If our site is on an Apache server we can add redirect rules to our root .htaccess file to do these two redirects:
# ...
<IfModule mod_rewrite.c>
SetEnv HTTP_MOD_REWRITE On
RewriteEngine On
# Redirect non www to www
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
# Redirect non https to https
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# ...
Well I say what's said in the title again, I can't find a way to rewrite all my urls without getting a loop.
I've tried many options but I can't find about one way which avoid a redirection loop:
RewriteRule ^/(.+) http://example.com/example/index.php$1 [R,L]
RewriteRule ^/?(.*) /var/www/example/index.php$1 [R]
RewriteRule ^/(.*)$ %{DOCUMENT_ROOT}/example/index.php$1 [R]
RewriteRule ^$ /example/ [L]
And below is my directory apache-conf
<Directory /var/www/example>
Options FollowSymLinks
DirectoryIndex index.php
Order allow,deny
Allow from all
</Directory>
I understand why it loops though I can't imagine (either find!) the good rule to do what I want.
EDIT
Basically I'm redirecting example.fr hosted at OVH to an IP virtual machine. Does this could get involved in my issue ?
Cheers
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/example/
RewriteRule (.*) /example/index.php/$1 [L,R]
This will redirect anything that is outside /example/ to /example/index.php adding the original path in the end
EDIT:
So, if you want everything to be redirected to /project_name/index.php instead, you need to swap the word "example" both in RewriteCond and in RewriteRule lines with your project name...
PS:
The RewriteCond line here is needed to ensure the rewriting does not loop (hence the url stayed /example/contact when you tried this).
This rule should not cause a loop
RewriteRule ^/(.+) http://example.com/example/index.php$1 [R,L]
This rule will not do anything at all
RewriteRule ^/?(.*) /var/www/example/index.php$1 [R]
For this rule you should add a RewriteCond
RewriteCond %{REQUEST_URI} !^/example/
RewriteRule ^/(.*)$ %{DOCUMENT_ROOT}/example/index.php$1 [R]
This is fine
RewriteRule ^$ /example/ [L]
Based on what I read on Apache I used the following example they provided to do a 301 Redirect on all my web sites.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [L,R=301]
This is not quite working as they said it would. If I try www.domain.com it works. If I try domain.com I get www.domain.com//home/www/public_html/www.domain.com
Looks like it wants to include the DOCUMENT_ROOT in the redirect. Am I better off to create an individual .htaccess for each web site?
What is faster to run - Apache or HTACCESS?
Try this instead. Make sure you include the RewriteBase /
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
If you still get the old result, your previous 301 redirect is probably cached, retest in Private (Incognito) Browsing Mode.
Using Apaches httpd.conf is faster since accessing the .htaccess file adds a small overhead—Apache checks every directory—and parent directory—for the file and it will be loaded for every request.
Using the httpd.conf is better when you have access to it. Use .htaccess if you don't have access to the main configuration file.
I am looking for a way to rewrite non-www-domains to www-domains, while at the same time not redirecting direct IP-requests.
I have multiple sites on the same server - that is: a default (virtual)host and one VirtualHost with a ServerName and multiple ServerAlias'es, which work perfectly. I prefer the domainnames to start with "www". So I have hacked the following code together, which works great:
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
It doesn't handle https, but the biggest problem is that requests to the server-IP are also rewritten from eg. "123.45.67.8" to "www.123.45.67.8". I could add the line below to solve that:
RewriteCond %{HTTP_HOST} !^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$
... but it is it effective? And what about IPv6?
Being no mod_rewrite-wiz, I have been trying to figure out how other people have solved this problem, but with no luck.
That's because your condition is only checking if it starts with www, try this instead (I left the optional https code):
RewriteCond %{HTTP_HOST} ^(yourdomain|thisdomain|thatdomain)\.com
#RewriteCond %{HTTPS} =on
#RewriteRule .* https://www.%{SERVER_NAME}%{REQUEST_URI} [R,L]
RewriteRule .* http://www.%{SERVER_NAME}%{REQUEST_URI} [R,L]