I am not sure if what I'm trying to do is valid, so please bear with me.
I am trying to use the ProxyMassMatch (Apache) Directive through a reverse proxy setup to change URLs which appear on a given page when accessed through my localhost and remove an "sid" parameter. I am aware this particular regex only accounts for when the parameter is not the first cgi arg, but the bigger problem I am having is this doesn't seem to work at all so I'm thinking maybe I do not understand ProxyPassMatch, despite reading the docs multiple times.
To visualize, if this were working, I would be able to mouse-over a url on my "localhost" page and instead of:
http://forums.mysite.com/viewtopic?foo=bar&sid=9746b404cec3e5270f79e6c1de861dae
I would see:
http://forums.mysite.com/viewtopic?foo=bar
I have successfully removed this cgi arg with mod_rewrite, but because of other mechanisms, I've been asked to do this using ProxyPassMatch so the URLs on the actual page do not display the "sid" parameter. Does anyone have any insight into this?
Here's one of the many variations I've tried in my .conf file.
ProxyPassMatch "(.*forums\.mysite\.com\/viewtopic\.php)(.*[^&]*)(&sid=.*)" "http://localhost/forums.mysite.com/$2"
Related
I have some http api behind nginx, and i want to make filter requests to API based on requests parameters value. Parameters are passed directly in url like
https://api.com/api/v1/action?param1=value1¶m2=value2&etc...
Lets assume that i want to filter requests with some value of param2 to some other url.
I thought that it will be easy like
location ~* /api/.*param2=somevalue.* { #location; }
But nginx cant find the match even if there is no alternative location at all.
I'm confused. Are these wildcards are truly wildcards, or I miss something? But what?
I already tried escaping and different modifiers but no luck. :(
I analyze the URL in a malicious e-mail. I parse the e-mail using BeautifulSoup. I get this URL
https://www.google.com/url?q=http://my.%42%41%44%2e%43%4F&sa=D&usg=AFQjCNGTKogvWUF40RsyeAXrGi6uQrlhoQ
This URL will force Google.com to redirect to http://my.BAD.CO Given a URL like the one above how can I know that the URL will trigger redirect?
I want to get an indication that this is a redirect and I want to get two separate URLs
http://my.BAD.CO and https://www.google.com/url?q=http://5sr0s.%61%6b%68%6f%72%61%62%2e%72%75&sa=D&usg=AFQjCNGTKogvWUF40RsyeAXrGi6uQrlhoQ
where http://my.BAD.CO is an encoded target URL http://my.%42%41%44%2e%43%4F
If the only solution is a custom RegEx like this
(?i)(http|https)://(www.|)google.com/url\?q=(http|https)://(\S+)\&usg=\S+
followed by a call to urllib.parse.unquote will it cover all corner cases?
Are there other ways to redirect besides https://www.google.com/url... ?
I found another way to redirect Here is another way to redirect: via https://www.google.de/url?sa=t&url=
I ended up with a regex
(?i)^(http|https)://(www.|)google.(ac|ad|aero|ae|af|ag|ai|al|am|an|ao|aq|arpa|ar|asia|as|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|biz|bi|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|cat|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|coop|com|co|cr|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|info|int|in|io|iq|ir|is|it|je|jm|jobs|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mg|mh|mil|mk|ml|mm|mn|mobi|mo|mp|mq|mr|ms|mt|museum|mu|mv|mw|mx|my|mz|name|na|nc|net|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pro|pr|ps|pt|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tel|tf|tg|th|tj|tk|tl|tm|tn|to|tp|travel|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|xn--0zwm56d|xn--11b5bs3a9aj6g|xn--80akhbyknj4f|xn--9t4b11yi5a|xn--deba0ad|xn--g6w251d|xn--hgbk6aj7f53bba|xn--hlcj6aya9esc7a|xn--jxalpdlp|xn--kgbechtv|xn--zckzah|ye|yt|yu|za|zm|zw)/url\?.+$
or a readable form
(?i)^(http|https)://(www.|)google.(com|de)/url\?.+$
Lot of people considered that the question is not worth an effort of anyone. I got -4 for the question. Some questions appear to be trivial. I still hope that there is a better solution for the problem. I did not find a list of WEB sites allowing redirect of the URL like what google.com/url\?q does
Here is another way to redirect https://www.google.de/url?sa=t&url=
For some reason I am in need of a views.py that returns only some text. Normally, i'd use HttpResponse("text") for this. However, In this case I require the text to be send over https, to counter the inevitable mixed content warning.
What is the simplest way of sending pure text via django(1.7.11) over https?
Django in the relevant docs of httprequest.build_absolute_uri reads:
Mixing HTTP and HTTPS on the same site is discouraged, therefore
build_absolute_uri() will always generate an absolute URI with the
same scheme the current request has. If you need to redirect users to
HTTPS, it’s best to let your Web server redirect all HTTP traffic to
HTTPS.
The docs make clear that
the method of communication is entirely the responsibility of the server
as Daniel Roseman commented.
My prefered choice is to force https throughout a site, however it is possible to do it only for a certain page.
The above can be achieved by either:
Upgrading to a secure and supported release of Django where the use of SECURE_SSL_REDIRECT and SecurityMiddleware will redirect all traffic to SSL
Asking your host provider an advice on how could this be implemented in their servers
Using the apache config files.
Using .htaccess to redirect a single page.
There are also other -off the road- hackish solutions like a snippet which can be used with a decorator in urls.py to force https, or a custom middleware that redirects certain urls to https.
I've run into the mixed content problems as well. From my experience, you simply can't use the HttpResponse objects without running into trouble. I was never totally sure though and eventually found a way "around" it.
My solution for it was to use the JsonResponse object instead, to return JSON strings, kind of a work-around with the views returning something like:
mytext = 'stuff blablabla'
return JsonResponse({'response_text': mytext})
Which is super easy to parse, and OK with HTTPS.
Maybe not what you're looking for, but I hope it helps you find your way.
I need to redirect this URL (http://www.example.com/learn) to this URL (http://www.example.com/learn-it).
Problem is that it matches the rule on the redirected URL, and makes an infinite loop.
This does not work:
Redirect 301 http://www.example.com/learn http://www.example.com/learn-it
.htaccess 301 Redirect
The smoothest way to redirect your visitors is to use an .htaccess redirect. This has no delay since before a page is served to the browser the server checks first for an .htaccess file... if it sees this the old page never loads, instead visitors are sent directly to the new page.
These are a few .htaccess redirect codes that I've used that might come in handy for you. This is not a complete list by any means, but it took me ages to find how to do these so I'll save you the hassle and list them here. Oh, and please don't email me with questions about how these work, like I said, I found these with the help of others.. I have no idea in the slightest how to write this stuff and take no credit (or responsibility) for how they work.
If you're more technically minded than I am and want the information straight from the source, check the Apache Tutorial: .htaccess files for more detailed info.
Important notes about htaccess redirection
Always be sure to upload .htaccess files in ascii mode, sending it up as binary will break it (and usually make your server very, very unhappy.)
.htaccess does not work if you're on a windows server.
Make sure you triple check your changes. Clear your cache and look, test the server headers to make sure you see a 301 (that means its permanent) not a 302 (temporary) unless you are absolutely sure you really mean temporary.
Since some operating systems don't allow you to make a file without something before the "." you may need to save it as something.htaccess, some may even have to save it as htaccess.txt and change it once you've uploaded it.
Make sure your ftp program will show .htaccess files (FileZilla does and is free) It is a bit hard to edit something you can't see ;)
Double check that you're not overwriting an old one (some servers already place one there for your custom 404 pages etc.)
Make sure you replace example.com with your own sites URL ;-)
To Move a single page
Quick, easy and seamless for your visitors.
Redirect 301 /oldpage.html http://www.example.com/newpage.html
To Move an entire site
This will catch any traffic on your old site and redirect it to your index page on your new server. If you want to redirect each page to its new spot, this isn't the one for you.
Redirect 301 / http://www.example.com/
For detail explanation. How to redirect page usin .htaccess . read this
You should use RedirectMatch in order to use regex to be able to match exact URI:
RedirectMatch 301 ^/learn/?$ /learn-it
Make sure to clear your browser cache before testing this.
I have my Django app. I have a redirect URL(say a 404 page) to be redirected when no other URL matches. Now if any url is called as
mysite.com/something
I am redirected to the 404 page. But
mysite/something/
works fine.
The redirection url added to the end of all:
url(r'^.*/',theview),
When I remove the redirect url from the urls.py, the problem is cleared and the above URL works (without / at the end). Why is the error?
First of all, it would be a good idea to link to your previous post and mention you are using a hack that I gave you, because (A) it's not normal setup and (B) Someone might come up with a better idea than mine
Secondly, you're seeing this behaviour because of normal url processing. See, the urls mysite.com/something and mysite.com/something/ are not the same. To match it with django's urls, the difference would be:
url(r'^something/$')
url(r'^something$')
Since the difference is so minor, when using a normal setup, after failing to find the a url without a forward slash django's common middlewere* will automatically try to add one and test it. It's only then that it would give up and forward you to a 404 page.
However, in your setup, the catch-all url prevents the second round because it does apply to the url without the forward slash. My solution? Don't worry about it. The only reason you're using this hack is because Debug=True means a debug page instead of your custom 404 page, a problem you won't be facing when moving to a production environment
*and a big thanks to #Alasdair who pointed this out in the comments