I am trying to create a secure download web app with the following scenario. Anybody know how this can be achieved:
1) The user is given a one-time URL
a) This one-time URL is stored in an Oracle DB mapped to the actual URL
2) When the user visits the one-time URL:
a) Apache module connects to the DB to see if the one-time URL exists
b) if it exists, apache does an internal rewrite to the actual URL
c) if not, then 404 or any sort of error (404 or something else) is good enough
2.a and 2.b are the what I am looking answers on. I am not sure how to do this and make sure the rewrites happen internally.
Thanks
This should be possible using the new dbd-type RewriteMap functionality available in the trunk version of Apache. Obviously with this being the current development branch of the server you'll need to be careful about config-breaking changes over time.
RewriteEngine On
RewriteMap urlmapper "dbd:SELECT redirect_url from my_table WHERE some_key = %s"
RewriteRule /one_time/(.+) ${urlmapper:$1|/404.html}
Of course you will need some additional logic for handling cases where no results are returned.
http://httpd.apache.org/docs/trunk/rewrite/rewritemap.html#dbd
AFAIK this is not possible just by apache. What you must want to do is:
Configure apache to redirect that unique links to a server script which will make the "magic" happen
the server script checks if the unique provided url is still valid and acts in accordance:
serves the file and invalidate (delete or mark as served) the unique-url row in database
replies with status 404 or redirects to a 404 page in other cases
The exact details on how to make things happen depends on the scripting engines available to you on the server, and your preferences. It can be done in a variety of engines, from php to cgi to .NET to asp and many others.
Figured this out... You can achieve this using XSEND (https://tn123.org/mod_xsendfile/)... Setup a php script to handle any URI's with file download and denied all access to the actual file directory so the only way to get the file it to force it through XSEND.
Related
how is it adviced to alternate between online and local development, since you want to modify your websites on local.
Do you systematically change all URLs (by search/replace) in your project code to fit local URL type and sometimes create personal SSL certificate for https, or do you use another solution like localhost aliases, rewrite rules, or online developpement tools?
What could be an automatic solution in order to avoid this fastidious modifications like search/replace sometimes looking quite primitive and time costing since I develop during the few hours left after my main work.
What are the operation modes to facilitate developpment,
Have a nice day,
for all the biginners, here's the thing.
I've created a config.php file which contains constants: one config file for the local project folder and one for the online server folder.
Inside this config file, I've create a constant (constant are then available everywhere in the project) to define the main URL of the project. e.g.:
define('CST_MAIN_URL',http://www.myproject.com); // for the online config.php file
define('CST_MAIN_URL',http://localhost:8888); // for the local config.php file
Thus, each header or redirection can work with that constant, like:
header('location:' . CST_MAIN_URL . 'index.php');
Then, things must have to do with RewriteEngine in your htaccess file, for instance whenever you must modify the behavior of MAMP/WAMP if an interrogation point or a slash provokes you with its malicious resistance. But, unfortunately RegEx expression must be understood as a basic level for mastering those url rewritings.
Hope it'll helps.
I maintain (system side) an application that utilizes IBM HTP Server and WebSphere Application Server (standalone). The team wants a change made but I can't figure out what I need to do.
The problem - a users enters
http://my-site.com/customerfiles/Client/subdir/file.pdf
into his/her browser. The site allows the file to be directly sent to the user, bypassing the application code. Basically, the pdf file simply gets sent to the browser and opened. The application team would like the application to get control and send the file back (if the user is authorized to retrieve the file). Right now, any customer can access any other customers' files.
They would like the above URL redirected to something like
siteinfo getafile?cust=Client&filetype=subdir&file=file.pdf
I have a test IHS system that I can play with and have coded
RewriteRule ^/customerfiles/(\w+)/(\w+)/(\w+)$ http://%{HTTP_HOST}/xs2/getafile?cust={$1}&filetype={$2}&file={$3} [R=301,L,QSA]
I enabled the RewriteLog feature and these are the messages being issued:
10.17.1.163 - - [14/Jul/2015:07:37:02 --0500] [10.17.1.163/sid#474ff0]
[rid#6c1620/initial] (3) applying pattern '^/customerfiles/(\w+)/(\w+)/(\w+)$'
to uri '/customerfiles/Client/subdir/file.pdf'
10.17.1.163 - - [14/Jul/2015:07:37:02 --0500] [10.17.1.163/sid#474ff0]
[rid#6c1620/initial] (1) pass through /customerfiles/Client/subdir/file.pdf
I am very much a novice at this and would appreciate help while keeping the solution as a RewriteRule in the configuration file (we don't use .htaccess).
I need to bypass an MVC route for an application where the developer left - we're going to fully replace it, but for now if I can bypass this one route, it'll save us a ton of time.
The route is (e.g.) www.this.site/path/subpath
Since it's on IIS, I can take advantage of the default document and create the following folder / file structure: /path/subpath/index.htm
However if I do this, I'll "break" the parent www.this.site/path route (it throws a 403 - Forbidden: Access is denied) because I now have an actual file folder where the /path/ route was.
Is there a way to get around this / have IIS defer to MVC on /path/ but still handle the child html file?
thanks. Again, this is not intended as a long term solution but a work-around until we can replace the app entirely.
Perhaps a better workaround would be to use the IIS AAR module and it's reverse proxy functionality out the app.
To do so:
a) stand up the app at it's own site the proper path -- so it should work at something like http://localhost:1234/path/subpath/index.htm
b) install IIS AAR module and enable the reverse proxy functions using the WebPI and the IIS management tools
c) Ignore the /path/subpath route in your app
d) Add a virtual directory for /path/subpath to IIS
e) Configure that to reverse back to localhost:1234 or whatever port you configured the site
This will keep the legacy app completely separate while keeping the public facing URLs looking correct for the rest of the world.
The setup I have is as follows:
I have one Apache server acting as a URL rewriting engine (SERVER1).
I have a second server (Apache too) which runs a web application (SERVER2). First tries to authenticate users. Part of the authentication protocol involves a lot of redirection between that application server and the authentication server.
My problem is that once the authencation is successfull, the authentication server needs to redirect the user back to the application server, which is only visible from SERVER1. Effectively, SERVER2 needs to be able to reconstruct a URL based on SERVER1's parameters.
Most of the environement variable are helpful i.e. I know the host name, script name, page called etcc but I can 't figure out wether the call was made through HTTP or HTTPS: that information is wiped in the rewrite process by SERVER1...
Anybody knows if/how I can get that information through environement variables? I am limited in that I can't use query string parameters...
Thanks all !
This may sound strange, but I have found part of the answer to my question.
The rewrite engine (at least in Apache 2, I haven't looked anywhere else) allows for writting extra request header.
The rule should look something like that.
RewriteRule .* -
[E=INFO_PATH_INFO:%{PATH_INFO},NE]
Put simple, it creates a new header called INFO_PATH_INFO and sets the value to PATH_INFO.
( For more info check out http://www.askapache.com/htaccess/crazy-advanced-mod_rewrite-tutorial.html )
Then it can be retrieved in any languages.
For info I am using Oracle's OWA which adds an extra layer of complication due to the fact that the default environment variables are limited to a few and additional variables need to be specified in thr dads.conf
Hope this will help anyone !
Can anyone guide me for setting up suffix proxy server , so that user can access some specific sites cached in our campus server without doing any configuration in their browsers.
by suffix proxy i mean that if user wants to open http: //en.wikipedia.org/wiki/Proxy_server page then he should enter link:
http ://en.wikipedia.org.CAMPUSPROXY.NET/wiki/Proxy_server (where campusproxy.net is our proxy server) and this requested page can be retrived from our proxy server in place of wikipedia.org
It's a redirect really - your server needs to have a url check that will catch the prefix portion of the url and for this you obviously need unlimited prefix's available from the registered domain URI then it just reforms the uri of the prefix makes the request for the page and then presents it as content to the user - normally you'll also inject a banner at the top of the page also.
so it goes
User - http-get en.wikipedia.org.CAMPUSPROXY.NET/wiki/Proxy_server
your server takes this and creates "en.wikipedia.org/wiki/Proxy_server" via a script or what have you.
CAMPUSPROXY.NET http-get en.wikipedia.org/wiki/Proxy_server
inject the banner code into the webpage via a script or what have you.
probably also modify the html tags and headers to include your prefix proxy info
some knowledge of python - perl or whatever is all you need together with apache or similar server, their are of course scripts out there already but if you do that you'll learn nothing.