Re: [users@httpd] Redirecting based on IP

[Dave Wreski]

Hi,


The staging site is even protected with a RequireAll statement for the 
DocumentRoot based on the IP, which then results in a 404 and other errors in 
GSC.

That sound wrong. If your RequireAll was working as advertised, should
it not return a 403?


Yes, it does - my mistake.


The next steps I'd like to do is to redirect anyone not in that RequireAll 
statement to be redirected to the production site. Is this possible? Perhaps a 
RewriteCond that depends upon certain IPs, then otherwise redirects to the 
production site?

I don't think relying on the IPs is a good idea, since those will
change, and the proper process to validate them requires 2 DNS
lookups, if I'm not mistaken. Just use a rewriteCond + rewriteRule to
generously check the User-Agent and perform the redirect. You may have
to set an environment variable in the rewrite rule and check that in
your RequireAll statement to permit the 301 response to be sent. You
may want to verify that the Vary:User-Agent response header gets sent
to the client to prevent cache pollution.


I used your rewritecond+rewriterule approach, and it worked perfectly in 
my tests. Thanks so much.

Re: [users@httpd] Directory Trailing Slash When Behind Load Balancer

[Rainer Canavan]

On Tue, May 14, 2024 at 6:07 PM Gavin Spomer  wrote:
>
> Hello,
>
> I recently migrated my Apache web server from FreeBSD to Ubuntu Server and 
> found an issue with URLs that point to a directory, but don't include the 
> trailing slash, when going through our institution's load balancer. If I 
> access directly (not going through the load balancer), everything works fine:
>
>http://mywebserver.example.com/application
>
>Above works as, from reading the mod_dir documentation, it redirects to
>http://mywebserver.example.com/application/ (adds the trailing slash) and 
> thus the application's index.php script
>is executed.
>
> My web server is fronted by our institution's load balancer which does SSL 
> termination and then sends the request to my web server on port 81. I am not 
> seeing the same behavior when accessing through our load balancer:
>
>https://loadbalancer.example.com/application
>
>The above doesn't work. It hangs, times out and then redirects to 
> http://loadbalancer.example.com:81/application/
>with a "This site can’t be reached" message. It does work if I explicitly 
> add the slash to the URL in my browser:

That's probably not the order that events are acutally happening. It
most likely redirects to
http://loadbalancer.example.com:81/application/ first.

[...]
> 
>ServerName mywebserver.example.com:81

Redirects require a complete URL, and mod_dir is probably assembling
that using the ServerName. Use the developer tools in your browser or
curl -v to see what's actually going on, particularly the "Location:"
response header, which is the URL the redirect is sending your browser
to.

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org