Hello everyone!
I hope there is someone out there who can help with this or can point me
out to someone who might be able to...
We use Scientific Linux IV (based on Redhat Enterprise 4) and Apache
2.2.3-1i386 (RPM from Apache)
Here is the snippet from my virthost
RewriteEngine on
# Block every IP that is not from DESY
RewriteCond %{HTTP:ORIGCLIENTADDR} ^131\.169\.* [OR]
RewriteCond %{HTTP:ORIGCLIENTADDR} ^141\.34\.*
RewriteRule ^(.*) http://localhost:8080/sites/mysite$1 [P,L]
RewriteRule ^(.*) http://www.desy.de/ [L]
(Info: ORIGCLIENTADDR is a variable set by our loadbalancer to use for
rewriting and logging purposes.)
a.)
If I send a request to "/" from a machine with the IP 192.76.172.251 the
virthostlog shows this
192.76.172.251 - - [28/Sep/2006:15:44:16 +0200] "GET / HTTP/1.0" 302 269
"-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7)
Gecko/20060909 Firefox/1.5.0.7"
As expected he or she sees http://www.desy.de/ and I have the
corresponding line in the RewriteLog.
b.)
If now someone with a matching IP-Adress requests "/" he or she gets
correctly redirected to "localhost:8080/..." and get's the page and
elements from the underlying content management system.
virthostlog and rewritelog show that everything works as expected.
c.)
NOW, if I repeat step a.) suddenly the virthostlog shows
192.76.172.251 - - [28/Sep/2006:15:40:17 +0200] "GET / HTTP/1.0" 200
16173 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7)
Gecko/20060909 Firefox/1.5.0.7"
and there is not even a single line in the RewriteLog!
Why does apache suddenly serve out "/" without even running into the
RewriteConds? Where does Apache fetch it from? As it seems Apache
completely overrides my RewriteBlock causing a security risk to our
data.
This is quite serious trouble here at the WebOffice and I am completely
out of ideas.
I have tried rewriting the RewriteBlock in several ways but the outcome
is always the same. It works so far but in case of c.) it doesn't even
get touched -> no line in the RewriteLog...
Oh, one thing, I've checked the underlying CMS, too, it's not giving out
stuff "through the backdoor".
Tired an puzzled greetings /Carsten
------------------------------------------------------------------------
Carsten Germer Deutsches Elektronen Synchrotron (Web-Office, IT)
phone: +49-40-8998-1661 Notkestr. 85
web: http://wof.desy.de 22607 Hamburg
e-mail: carsten.germer@xxxxxxx Germany
------------------------------------------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|