DevHeads.net

Apache 2.4 : Rewrite to keep the original URL

Hi,

I'm trying to setup an environment with a frontend interface which login
and redirects to my application.

The scenario is: The user access with webmail.domain.com and the login page
redirects to the application, running on the same host, but on port 81.

How could I keep the original URL? I mean, the browser should keep the "
webmail.domain.com" as the address.

My Apache configuration:

<VirtualHost *:443>
DocumentRoot "/var/www/html/login_domain"
DirectoryIndex index.html *.php
ServerName webmail.domain.com
SSLEngine on
SSLCertificateFile /etc/ssl/crt/apache.crt
SSLCertificateKeyFile /etc/ssl/crt/apache.key
SSLCertificateChainFile /etc/ssl/crt/ca.crt
</VirtualHost>

<VirtualHost *:80>
DocumentRoot "/var/www/html/login_domain"
DirectoryIndex index.html *.php
ServerName webmail.domain.com
</VirtualHost>

Kind regards.
Fabio S. Schmidt

Comments

Re: Apache 2.4 : Rewrite to keep the original URL

By Robert Moskowitz at 03/13/2017 - 21:26

Fabio,

Right now I am not in the position to test this. Your .conf attempt
looks a LOT like what I tried.

I was told:

Rewriterules and https. Actually, looking at what you have doesn't
really tell me why it gets applied to everything and not just the
webmail. However, I'd say that your roundcubemail.conf is much
overworked. We use something like that on openssl.org, but it
generally looks like this:

<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName ${HOSTNAME}
ServerAlias ${HOSTALIASES}

Redirect permanent /https://${HOSTNAME}/
</VirtualHost>

Since you already know that the host is correct and that's the port 80
virtualhost, there's no point testing that with those RewriteCond you
have. Also, Redirect is faster and preferable to RewriteRule for this
kind of stuff, seehttps://httpd.apache.org/docs/2.4/rewrite/avoid.html

Also, specifically for virtualhost config files, they should be
located in sites-available/ rather than conf.d/, see 'man a2ensite'.
conf.d/ is older style configuration of general stuff... or well,
that's at least true for Debian, I'm not sure this is specific for
Debian distributions and their derivates or if it's a native Apache
thing. You'll have to check the manuals to confirm.

I need to check out sites-available directory for Centos7...

But see what this does, and let me know! I am at the IEEE 802
conference this week, and testing is challenging right now.....

On 03/11/2017 05:07 AM, Fabio S. Schmidt wrote:

Re: Apache 2.4 : Rewrite to keep the original URL

By Marat Khalili at 03/11/2017 - 14:24

Best way is to avoid redirects completely: show requested application page if user is authenticated, otherwise show login page. This is what happens if you use apache authentication modules, like mode_auth_basic (warning: SSL is mandatory for it). Some applications use redirects, but pass original url in query string and hidden form fields.

From your scenario it is not clear how application will know that user actually passed login page and not typed application URL directly. Also, you'll need to securely pass user identity from login page to application. Generally, writing your own authentication is not recommended, because it's almost impossible to avoid major security blunders when you do it the first time.