Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

mod_rewrite help needed to differentiate sessions

Status
Not open for further replies.

sinaowolabi

Technical User
Nov 10, 2014
6
NG
Hi!

Please I need some assistance with mod_rewrite, which works a little TOO well Smile

I am trying to capture 3-4 digits when sent as part of a URL, for them to be proxied to another URL. I have no control over how the source sends this data, I am supposed to redirect it. Which works.

#RewriteCond %{HTTP:whoisd-ussd-message} ([\d]{2,4})
#RewriteRule ^/original/individual.do(.*)$ [P]

The problem is this works for all URLs that have digits to this server.
I am expecting to trap URLs that send digits as part of the first call to the server, but this also affects URL calls that are part of other server call transactions, once digits appear, it gets redirected.
Please what can I do to stop this interference, and differentiate properly between the sessions?

Thanks!
 
the short form digit match of \d should NOT be enclosed in square brackets as if it were a character class.

And

\d{2,4} will match TWO to four digits not three or four digits.

I am expecting to trap URLs that send digits as part of the first call to the server, but this also affects URL calls that are part of other server call transactions, once digits appear, it gets redirected.
Try using the [L] flag (last) to skip further processing of rewrite rules that are causing the 'looping' .

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum
 
Hi Chris,

and thanks for the reply, I have changed things like you advised, but its still happening. What I have there is now:

RewriteCond %{HTTP:whoisd-ussd-message} ^\d{3,4}$
RewriteRule ^/original/individual.do(.*)$ [L,P]

It is still catching random 3-4 digit numbers, though now, ONLY numbers that are 3 or 4 digits long (thanks so very much for pointing this out!)
If you have any other advice, I'm open to try.
 
What do the incoming requests actually look like.

What is {HTTP:whoisd-ussd-message} supposed to represent?

Are all incoming request identical in their structure or at least have a fair amount of similarities.

Because if they are not you may have to have several 'conditionals'

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum
 
Hi Chris,

I think I have gotten what I need at this point:

RewriteCond %{HTTP:whoisd-ussd-message} ^\d{3,4}$
#do not honor if string is found
RewriteCond %{QUERY_STRING} !string= [NC]
RewriteRule ^/original/individual.do(.*)$ [L,P]

I just have one more question, how easy is it to chain multiple rewrite conditions if I want to have more extensive matching?
 
{HTTP:whoisd-ussd-message} represents a string of characters that is sent to apache server from the server that's trying to GET an URL. It can be anything from a single digit to a phone number, or a name, etc.
For instance from this log:
192.168.2.251 - - [11/Nov/2014:02:42:17 +0100] "-" "25252" "GET /original/individual.do?abonent=1234567890&protocol=ussd&string1=10418365&string2=1234567890&textFromUser=25252 HTTP/1.1" 200 466 "-" "Jakarta Commons-HttpClient/3.1"

The "25252" (and the textFromUser string) is/are the whoisd-ussd-message.

I'm also curious to know how to get Apache to expose the full URL and data payload it is receiving, and sending out. I turned the LogLevel to info which helps somewhat with what's incoming, but I can't see whats going out.
 
It can be anything from a single digit to a phone number,

If the requested URI has a sequence of digits in it before the set that you want to match the regular expression WILL match those instead. You will have to make the expression more specific so that it only matches the one you need.

From this example;
192.168.2.251 - - [11/Nov/2014:02:42:17 +0100] "-" "25252" "GET /original/individual.do?abonent=1234567890&protocol=ussd&string1=10418365&string2=1234567890&textFromUser=25252 HTTP/1.1" 200 466 "-" "Jakarta Commons-HttpClient/3.1

the regexp pattern would be TextFromUser(\d{3,4}) so only the digits are carried in first match ($1)

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum
 
Hi Chris, sorry for the late reply!

Actually, the first URL seen by the server (from the logs) is usually like the below, and I really cant tell all of the strings and how they will appear (like TextfromUser did). I am just sure there will be a 3-4 digit number sent, and it will be between 100-9000:

192.168.2.251 - - [13/Nov/2014:08:35:36 +0100] "-" "100" "GET /fnb/individual.do?abonent=2341231231234&protocol=ussd&string1=2348034022578 HTTP/1.1" 200 147 "-" "Jakarta Commons-HttpClient/3.1"

It doesnt have text from user, but I am sure there is some hidden field called "sessionid" in the URLs, that is not in the very first URL called. Its this string (sessionid == string1) that I've told mod_rewrite to ignore if it sees. If it's not present then mod_rewrite can proxy/rewrite the URL. This seems to work great for now. If you think I can do better I am eager to learn:

RewriteCond %{HTTP:whoisd-ussd-message} ^\d{3,4}$
#do not honor if sessionid is found
RewriteCond %{QUERY_STRING} !sessionid= [NC]
RewriteRule ^/original/individual.do(.*)$ [L,P]

How can I tell apache to expose the hidden fields/headers? Thanks for all your assistance, I couldn't have gotten this far without you.
 
URL rewriting only really 'works' if there is a common (regular) feature in every request that can be matched with a standard pattern, because regular expressions will match the FIRST instance of the pattern that is found in the string. with request URLs that have no regular, repeating pattern in their construction are almost impossible to match reliably.

The HTTP headers and server variables that can be used are detailed in the Apache Documentation,

for Apache 2.4



Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum
 
Thanks, but I am not seeking mod_rewrite headers... I'm trying to get all the URLs being requested from the apache server in full, including any hidden values.
Sorry again for the late response, its been crazy in the gutters.
 
mod_rewrite doesn't have 'headers', it USES the headers from the HTTP request of which REQUEST_URI is one.

The document identifies and NAMES the headers and environment variables that mod_rewrite can use in conditions and output, and guess what value REQUEST_URI carries, ... ...

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top