Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How RewriteEngine works in Apache web server?

Posted on 2014-11-07
12
Medium Priority
?
199 Views
Last Modified: 2014-11-15
I have following in my httpd.conf file in a web server

<VirtualHost *:80>
#stand-alone instances
include conf/my_application.conf
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L,NE]
</VirtualHost>

Open in new window


I would like to understand what it does?
0
Comment
Question by:beer9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 4
12 Comments
 
LVL 51

Expert Comment

by:Steve Bink
ID: 40429925
See my comments:
# Declare a virtual host answering to any domain name on port 80<VirtualHost *:80>
#stand-alone instances
# include the file conf/my_application.conf.  Any directives found in that file will apply to this 
# scope as if they were written here individually
include conf/my_application.conf
# Turn on the rewrite engine
RewriteEngine On
# The next three directives make up a single rewrite
# the RewriteRule is matched first.  If it is matched, the two RewriteCond directives are
# tested.  If the conditions pass, the request is finally rewritten
#
# the request is on port 80 
RewriteCond %{SERVER_PORT} 80
# the requested host is not an empty string
RewriteCond %{HTTP_HOST} !^$
# for every request, capture the entire content of the request string
# and forward to the requested host with the same request string
# the forward is done as a 301 redirect, with no URL escaping of the
# string, and this will be the last rewrite processed
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L,NE]
# end the virtual host definition
</VirtualHost>

Open in new window


Note that this rewrite does nothing useful, and will likely result in an endless redirection loop.

You can read more about rewrites in the Apache docs.
0
 

Author Comment

by:beer9
ID: 40429957
Thanks for the help Steve,

On Line number 9 you mention RewriteRule is matched first but we have declared 2 RewriteCond first then 1 RewriteRule.

Also we we are starting rewrite engine with 'RewriteEngine On' and now how are are stopping it?

Could you please give a example URL and help me to understand how it flows in such rule? Thanks :-)
0
 
LVL 62

Expert Comment

by:gheist
ID: 40430005
RewriteEngine stops where section (Like VirtualHost) ends.

Since your rewrite rule runs on http host checking for port 80 is moot. You can as well replace all rewrite rules with one line
Redirect / https://site_name_.com/
0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 
LVL 51

Expert Comment

by:Steve Bink
ID: 40430356
>>> you mention RewriteRule is matched first but we have declared 2 RewriteCond first then 1 RewriteRule.

That is correct.  Take a look at mod_rewrite's flow diagram.  Note that the rule's pattern is matched, then conditions are processed, then the rewrite is applied.

>>> we are starting rewrite engine with 'RewriteEngine On' and now how are are stopping it?

That question is a little ambiguous.  The RewriteEngine directive simply tells mod_rewrite to process any rules within this scope.  You can also use "RewriteEngine Off" to force mod_rewrite to ignore any rules.  If mod_rewrite is processing rules, i.e., "RewriteEngine On", the every rule in the request's scope is applied to each request.  The application of rules ends when one of the following conditions is met:
there are no more rules,
the request is redirected externally, either on a successful rule application with a [R] modifier, or a redirect to an external URL,
a rule with the [L] or [END] modifiers are successfullt applied

Also, as gheist mentioned, the ruleset you posted is really just a return to the current request.  I was incorrect in my earlier assertion that it would result in a redirect loop...the rule is redirecting to the https version of the same request.  This rule enforces https on all requests:

1) Apache receives the request for http://mydomain.com/page.htm
2) mod_rewrite matches "/page.htm" to the rule's ^(.*)$ pattern
3) mod_rewrite passes the condition %{SERVER_PORT} = 80
4) mod_rewrite passes the condition %{HTTP_HOST} != <blank string>
5) mod_rewrite redirects the request to https://mydomain.com/page.htm with a 301.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40430907
2) would match any request
3) would match all requests on that virtual host
4) will be always true again on the virtualhost context
5) Actually rewrite effectively in this place is
Redirect perm / https://%{HTTP_HOST}/

Sure it is nice to dig some config snipplets on the internet, but what is the value of them that you do 3 NOOP checks?
0
 

Author Comment

by:beer9
ID: 40430931
So when I access http://client.myapplication.com then I see it redirects to the address bar as https://client.myapplication.com/myapplication then again it redirects as https://client.myapplication.com/myapplication/web/login

All of this is happening due to below config?

# Declare a virtual host answering to any domain name on port 80<VirtualHost *:80>
#stand-alone instances
# include the file conf/my_application.conf.  Any directives found in that file will apply to this 
# scope as if they were written here individually
include conf/my_application.conf
# Turn on the rewrite engine
RewriteEngine On
# The next three directives make up a single rewrite
# the RewriteRule is matched first.  If it is matched, the two RewriteCond directives are
# tested.  If the conditions pass, the request is finally rewritten
#
# the request is on port 80 
RewriteCond %{SERVER_PORT} 80
# the requested host is not an empty string
RewriteCond %{HTTP_HOST} !^$
# for every request, capture the entire content of the request string
# and forward to the requested host with the same request string
# the forward is done as a 301 redirect, with no URL escaping of the
# string, and this will be the last rewrite processed
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L,NE]
# end the virtual host definition
</VirtualHost>

Open in new window

0
 

Author Comment

by:beer9
ID: 40430934
Steve, How apache checks if 'URI changed' as mentioned in your below diagram: http://httpd.apache.org/docs/current/rewrite/tech.html#InternalRuleset

Thanks for helping
0
 
LVL 62

Expert Comment

by:gheist
ID: 40431078
Can you post output of httpd -V ?
You refer to the documentation of development version of apache. That document is not relevant for any usable version of apache of today.
0
 
LVL 51

Expert Comment

by:Steve Bink
ID: 40431362
@gheist
>>> You refer to the documentation of development version of apache.

That document is for Apache 2.4, which is the most up-to-date production version of Apache.  The Apache 2.2 version of the same document shows the same overall flow, but with a little less detail.

All of my links are pointing to v2.4 documentation.  To see the v2.2 equivalent page, change the word "current" to "2.2" in the respective link.


@beer9
>>> How apache checks if 'URI changed' as mentioned in your below diagram

You would have to check the source code for Apache or mod_rewrite to be sure, but I imagine it is a simple string comparison.  The URI is generally changed if a rewrite is successfully applied.  The final branch of that decision making simply determines if:

a) no rewrites were done, in which case, serve the originally requested resource,
b) a rewrite was successful, and the new URI points to a resource on the same server.  In this case, re-submit the new URI into Apache's request chain,
c) a rewrite was successful, and the new URI points to an external location.  In this case, Apache returns a 3xx response to the client telling them to go elsewhere.
0
 

Author Comment

by:beer9
ID: 40434944
Thanks for the help :-)

Does rewrite and redirect add any HTTP header to request/reponse? (like X-Forwarded-For) ??
0
 
LVL 51

Accepted Solution

by:
Steve Bink earned 2000 total points
ID: 40435395
Different headers may be sent in the response based on the circumstances of the rewrite.  For example, if you use the [R=xxx] modifier, then the response will include the "xxx" response code to the client.  In the case of internal rewrites, no headers are changed are added.  There's also the [P] modifier, which makes Apache/mod_rewrite generate a proxy request to the target URL.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40435591
No it adds just 301/302 with target address, resulting request to new place  has referer of redirect page.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question