Re: [users@httpd] RedirectMatch and rewrite rules not working
Step one is to increase the log level to find the source of the 404 errors.
Then, you can use the rewrite log to debug further.
On Wed, Jul 19, 2023 at 5:36 PM Darryl Baker
wrote:
> Ever have one of those days where after staring at the configuration for
> hours you don’t see what you are doing wrong?
>
> I am having that kind of day. I browse to the URLs
> https://evumail8prd01.ci.northwestern.edu/activate and
> https://evumail8prd01.ci.northwestern.edu/manage and all I get is a 404
> error. Nothing usable in the logs. I know I am missing something simple but
> the issue is escaping me. The configuration is stolen from the existing
> RHEL 6 & Apache 2.2 instance combined with the Mozilla template from
> https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=modern&openssl=1.1.1k&ocsp=false&guideline=5.7
> now on RHEL 8 & Apache 2.4
>
>
>
> Please help!
>
>
>
> My configuration:
>
>
>
> # generated 2023-06-08, Mozilla Guideline v5.7, Apache 2.4.41, OpenSSL
> 1.1.1k, modern configuration
>
> #
> https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=modern&openssl=1.1.1k&guideline=5.7
>
>
>
> # modern configuration
>
> SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
>
> SSLHonorCipherOrder off
>
> SSLSessionTickets off
>
>
>
> SSLUseStapling Off
>
> SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
>
>
>
> # this configuration requires mod_ssl, mod_socache_shmcb, mod_rewrite, and
> mod_headers
>
>
>
> RewriteEngine On
>
> RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
>
> RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
>
>
>
>
>
>
>
> ServerName evumail8prd01.ci.northwestern.edu
>
> ServerName evumail.northwestern.edu
>
> ServerName umail.northwestern.edu
>
>
>
> DocumentRoot /var/www/html
>
> ScriptAlias /cgi-bin /var/www/cgi-bi
>
>
>
> RewriteEngine on
>
>
>
> # RewriteRule ^/activate /umail3/netid.php?r=a [R]
>
> # RewriteRule ^/manage/umail3/netid.php?r=m [R]
>
> LogLevel alert rewrite:trace6
>
> RedirectMatch permanent ^/activate$ "
> https://evumail8prd01.ci.northwestern.edu/umail3/netid.php?r=a";
>
> RedirectMatch permanent ^/manage$ "
> https://evumail8prd01.ci.northwestern.edu/umail3/netid.php?r=m";
>
>
>
>
>
> Options -Indexes
>
>
>
>
>
>
>
> SSLOptions +StdEnvVars
>
> Options -Indexes
>
>
>
>
>
> DirectorySlash On
>
>
>
>
>
> SSLOptions +StdEnvVars
>
>
>
>
>
> # Qualys
>
> Header always append X-Frame-Options SAMEORIGIN
>
>
>
> # Tenable
>
> Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
>
>
>
> # enable HTTP/2, if available
>
> Protocols h2 http/1.1
>
>
>
> # HTTP Strict Transport Security (mod_headers is required) (63072000
> seconds)
>
> Header always set Strict-Transport-Security "max-age=63072000"
>
>
>
> ErrorLog logs/ssl_error_log
>
> #LogLevel debug
>
>
>
> CustomLog logs/ssl_agent_log agent
>
> CustomLog logs/ssl_referer_log referer
>
>
>
> TransferLog logs/ssl_access_log
>
>
>
> CustomLog logs/ssl_request_log \
>
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>
> SSLEngine on
>
> SSLCertificateFile
> /etc/httpd/certs/evumail8prd01_ci_northwestern_edu_cert.cer
>
> SSLCertificateKeyFile
> /etc/httpd/certs/evumail8prd01_ci_northwestern_edu.key
>
>
>
>
>
>
>
>
>
> ServerName u.northwestern.edu
>
> ServerAlias www.u.northwestern.edu
>
> Redirect / https://mail.google.com/a/u.northwestern.edu/
>
>
>
>
>
>
>
> ServerName u.northwestern.edu
>
> ServerAlias www.u.northwestern.edu
>
> Redirect / https://mail.google.com/a/u.northwestern.edu/
>
>
>
>
>
>
>
>
>
> *Darryl Baker, *GSEC, GCLD (he/him/his)
>
> Sr. System Administratorhttps://evumail8prd01.ci.northwestern.edu/activate
>
> Distributed Application Platform Services
>
> *Northwestern University*
>
> 4th Floor
>
> 2020 Ridge Avenue
>
> Evanston, IL 60208-0801
>
> *darryl.ba...@northwestern.edu *
>
> (847) 467-6674 <+18474676674>
>
Re: [users@httpd] RedirectMatch using current server name
On Fri, Oct 12, 2012 at 3:22 PM, plot.lost wrote: > On 12/10/2012 15:19, Tom Evans wrote: >> >> On Fri, Oct 12, 2012 at 2:15 PM, plot.lost wrote: >>> >>> Is there a way to do something like the following where the domain part >>> is >>> replaced by whatever has been configured in ServerName >>> >>> RedirectMatch permanent ^/$ http://the.domain.com/path/to/file.html >>> >>> i.e. where 'the.domain.com' is whatever the current ServerName is without >>> having to edit the RedirectMatch line (it would be in a config section >>> that >>> gets included into several different virtual hosts). Want to keep this in >>> the main config files, not in any .htacess files >>> >>> Thanks in advance for any help on this. >>> >> RedirectMatch permanent ^/$ /path/to/file.html >> >> Apache will construct a canonical URL from the '/path/to/file.html' >> component, this will use the ServerName, if you have UseCanonicalName >> on. >> >> Cheers >> >> Tom >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > Thanks, that should do the job. > > Out of interest, if 'UseCanonicalName' was off would that cause the redirect > to go to whatever hostname the client had used in the request - say for > example if the vhost had a couple of aliases (I don't actually want to do > that, just interested to know) > > Thanks again. > Yes, "UseCanonicalName off" would result in httpd using the values supplied in the Host header. http://httpd.apache.org/docs/2.2/mod/core.html#usecanonicalname Cheers Tom - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RedirectMatch using current server name
On Fri, Oct 12, 2012 at 9:15 AM, plot.lost wrote: > Is there a way to do something like the following where the domain part is > replaced by whatever has been configured in ServerName > > RedirectMatch permanent ^/$ http://the.domain.com/path/to/file.html > > i.e. where 'the.domain.com' is whatever the current ServerName is without > having to edit the RedirectMatch line (it would be in a config section that > gets included into several different virtual hosts). Want to keep this in > the main config files, not in any .htacess files If you use a 2nd arg like /path/to/file.html the server will construct a URL for the redirect based on ServerName, UseCanonicalName, etc. This generated a warning in older levels of 2.2.x. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RedirectMatch using current server name
On 12/10/2012 15:19, Tom Evans wrote: On Fri, Oct 12, 2012 at 2:15 PM, plot.lost wrote: Is there a way to do something like the following where the domain part is replaced by whatever has been configured in ServerName RedirectMatch permanent ^/$ http://the.domain.com/path/to/file.html i.e. where 'the.domain.com' is whatever the current ServerName is without having to edit the RedirectMatch line (it would be in a config section that gets included into several different virtual hosts). Want to keep this in the main config files, not in any .htacess files Thanks in advance for any help on this. RedirectMatch permanent ^/$ /path/to/file.html Apache will construct a canonical URL from the '/path/to/file.html' component, this will use the ServerName, if you have UseCanonicalName on. Cheers Tom - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Thanks, that should do the job. Out of interest, if 'UseCanonicalName' was off would that cause the redirect to go to whatever hostname the client had used in the request - say for example if the vhost had a couple of aliases (I don't actually want to do that, just interested to know) Thanks again. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RedirectMatch using current server name
On Fri, Oct 12, 2012 at 2:15 PM, plot.lost wrote: > Is there a way to do something like the following where the domain part is > replaced by whatever has been configured in ServerName > > RedirectMatch permanent ^/$ http://the.domain.com/path/to/file.html > > i.e. where 'the.domain.com' is whatever the current ServerName is without > having to edit the RedirectMatch line (it would be in a config section that > gets included into several different virtual hosts). Want to keep this in > the main config files, not in any .htacess files > > Thanks in advance for any help on this. > RedirectMatch permanent ^/$ /path/to/file.html Apache will construct a canonical URL from the '/path/to/file.html' component, this will use the ServerName, if you have UseCanonicalName on. Cheers Tom - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RedirectMatch - http://host/xyz[/abc] => http://xyz.host/[abc]
On 17 August 2012 15:58, sebb wrote: > On 17 August 2012 15:30, Eric Covener wrote: maybe RedirectMatch ^xyz(/.*)? http://xyz.host$1 >>> >>> That won't match >>> >>> http://host/xyz >> >> question mark was part of the regex not punctuation, > > Very sorry, my bad, I should have read more carefully. > > Your suggestion will work fine. Actually it does have a problem, because it matches http://host/xyz123 and redirects to http://xyz.host/ this is because it can match without the trailing context. So I think one needs to anchor the regex: RedirectMatch ^xyz(/.*)?$ http://xyz.host$1 That seems to work OK. Thanks for putting me on the right track. >> but not sure the redirect w/o trailing slash is okay. > > It's OK if it is a directory. > > If xyz is a directory, then without the redirect, http://host/xyz should > display > > http://host/xyz/index.html > > If http://host/xyz is redirected to > > http://xyz.host/ > > This should result in displaying > > http://xyz.host/index.html > > as intended. > > Maybe your solution should be added as an example to the RedirectMatch docs? - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RedirectMatch - http://host/xyz[/abc] => http://xyz.host/[abc]
On 17 August 2012 15:30, Eric Covener wrote: >>> maybe RedirectMatch ^xyz(/.*)? http://xyz.host$1 >> >> That won't match >> >> http://host/xyz > > question mark was part of the regex not punctuation, Very sorry, my bad, I should have read more carefully. Your suggestion will work fine. > but not sure the redirect w/o trailing slash is okay. It's OK if it is a directory. If xyz is a directory, then without the redirect, http://host/xyz should display http://host/xyz/index.html If http://host/xyz is redirected to http://xyz.host/ This should result in displaying http://xyz.host/index.html as intended. Maybe your solution should be added as an example to the RedirectMatch docs? - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RedirectMatch - http://host/xyz[/abc] => http://xyz.host/[abc]
>> maybe RedirectMatch ^xyz(/.*)? http://xyz.host$1 > > That won't match > > http://host/xyz question mark was part of the regex not punctuation, but not sure the redirect w/o trailing slash is okay. rejiggered to always have the trailing slash: RedirectMatch ^xyz/?(.*) http://xyz.host/$1 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RedirectMatch - http://host/xyz[/abc] => http://xyz.host/[abc]
On 17 August 2012 15:02, Eric Covener wrote: >> The following works >> >> RedirectMatch ^xyz(.*) http://xyz.host$1 >> >> but suffers from the problem that >> >> http://host/xyz123 > > maybe RedirectMatch ^xyz(/.*)? http://xyz.host$1 That won't match http://host/xyz which should redirect to http://xyz.host/ > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RedirectMatch - http://host/xyz[/abc] => http://xyz.host/[abc]
> The following works > > RedirectMatch ^xyz(.*) http://xyz.host$1 > > but suffers from the problem that > > http://host/xyz123 maybe RedirectMatch ^xyz(/.*)? http://xyz.host$1 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RedirectMatch
On Monday 17 January 2011 11:35, Matus UHLAR - fantomas wrote: > On 17.01.11 11:31, Jørn wrote: > > Yes, but the probem is that RedirectMatch only check the string to the > > left of the ?-sign. > > I must fix this by chaning the scripts. > > aha! > So, in this case, you will have to use mod_rewrite... Or just rewrite the original scripts so that they do a redirect. I don't want to use mod_rewrite in this case :) -- Jørn Dahl-Stamnes homepage: http://www.dahl-stamnes.net/dahls/ - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RedirectMatch
> On Monday 17 January 2011 11:27, Matus UHLAR - fantomas wrote: > > On 13.01.11 11:07, Jørn wrote: > > > I got a problem with using RedirectMatch. > > > > > > The following RedirectMatch line works well: > > > RedirectMatch 301 /Foto/Album.*img_([0-9]*)\. > > > "http://www.dahl-stamnes.net/Foto/r_img.php?img=$1"; > > > > > > But now I want to add another RedirectMatch: > > > > > > RedirectMatch 301 ^/Foto/show.*album\=(.*)$ > > > "http://some.other.url/album.php?album=$1"; > > > > Tried to remove the backslash and quotes? On 17.01.11 11:31, Jørn wrote: > Yes, but the probem is that RedirectMatch only check the string to the left > of > the ?-sign. > I must fix this by chaning the scripts. aha! So, in this case, you will have to use mod_rewrite... My apologies to Eric Coverner... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Honk if you love peace and quiet. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RedirectMatch
On Monday 17 January 2011 11:27, Matus UHLAR - fantomas wrote: > On 13.01.11 11:07, Jørn wrote: > > I got a problem with using RedirectMatch. > > > > The following RedirectMatch line works well: > > RedirectMatch 301 /Foto/Album.*img_([0-9]*)\. > > "http://www.dahl-stamnes.net/Foto/r_img.php?img=$1"; > > > > But now I want to add another RedirectMatch: > > > > RedirectMatch 301 ^/Foto/show.*album\=(.*)$ > > "http://some.other.url/album.php?album=$1"; > > Tried to remove the backslash and quotes? Yes, but the probem is that RedirectMatch only check the string to the left of the ?-sign. I must fix this by chaning the scripts. -- Jørn Dahl-Stamnes homepage: http://www.dahl-stamnes.net/dahls/ - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RedirectMatch
> On Thu, Jan 13, 2011 at 5:07 AM, Jørn wrote: > > The following RedirectMatch line works well: > > RedirectMatch 301 /Foto/Album.*img_([0-9]*)\. > > "http://www.dahl-stamnes.net/Foto/r_img.php?img=$1"; > > > > But now I want to add another RedirectMatch: > > > > RedirectMatch 301 ^/Foto/show.*album\=(.*)$ > > "http://some.other.url/album.php?album=$1"; On 13.01.11 07:39, Eric Covener wrote: > I don't think you can match against the query string It's documented in RedirectMatch docs. If it didn't, the first line wouldn't work even. > -- you'll need mod_rewrite. ...please, don't use mod_rewrite for something it's not needed for, and don't advise people to do so. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RedirectMatch
On 13.01.11 11:07, Jørn wrote: > I got a problem with using RedirectMatch. > > The following RedirectMatch line works well: > RedirectMatch 301 /Foto/Album.*img_([0-9]*)\. > "http://www.dahl-stamnes.net/Foto/r_img.php?img=$1"; > > But now I want to add another RedirectMatch: > > RedirectMatch 301 ^/Foto/show.*album\=(.*)$ > "http://some.other.url/album.php?album=$1"; Tried to remove the backslash and quotes? > But it does not match. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted, then used against you. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RedirectMatch
On Thu, Jan 13, 2011 at 5:07 AM, Jørn wrote: > Hello, > > I got a problem with using RedirectMatch. > > The following RedirectMatch line works well: > RedirectMatch 301 /Foto/Album.*img_([0-9]*)\. > "http://www.dahl-stamnes.net/Foto/r_img.php?img=$1"; > > But now I want to add another RedirectMatch: > > RedirectMatch 301 ^/Foto/show.*album\=(.*)$ > "http://some.other.url/album.php?album=$1"; > > But it does not match. After restart I tried but still get the same page. The > logfile says: > > 192.168.2.10 - - [13/Jan/2011:11:01:22 +0100] > "GET /Foto/show.php?album=some_album HTTP/1.1" 200 15850 > > Any way of debugging how the server handles RedirectMatch's? > Any suggestions what could be wrong with the new statement? I don't think you can match against the query string -- you'll need mod_rewrite. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RedirectMatch regex question.
On 6/7/05, Michael Bellears <[EMAIL PROTECTED]> wrote:
> Wondering if someone can please assist with the following two
> RedirectMatch regex's (My regex skills are zilch!)
>
> RedirectMatch /main.cfm?=page&content&id=946
> http://www.domain.com.au/privacy.html
> RedirectMatch /main.cfm?page=unsubscribe
> http://www.domain.com.au/unsubscribe/index.html
>
> The ".", "?" , "&" + "=" signs probably need escape char in front of
> them, but every combo I've tried fails miserably!
Using mod_alias to deal with the query string is not, in general, a good idea.
Try mod_rewrite instead. For your second Redirect, it would look
something like this:
RewriteEngine On
RewriteCond %{QUERY_STRING} ^page=unsubscribe$
RewriteRule ^/main.cfm http://www.domain.com.au/unsubscribe/index.html [R]
But be sure to consult the mod_rewrite docs.
Joshua.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
