What I want to do (ALL THIS IS PERFORMED ON ONLY ONE SERVER);
(I'm working with example.com for not making any advertisement).
Redirect all incoming HTTP/HTTPS requests (Port 80 and 443) to a specific website, for example, filter.example.com. There I've made my own mechanism to filter malicious requests. After that, the requests should get back to the requested website.
My problem is, that every request is getting redirected back to the filter, so there's an endless loop.
Do you know any solution to that or maybe an alternative (Nginx)?
Here's the problem showed by the packet flow;
"User - Request = https://example.com " -> "Apache redirects it to = https://filter.example.com " -> "After getting filtered = https://example.com " -> "Apache is redirecting it back again."
I really hope you understand my problem.
Thank you.
EDIT:
This are my settings for the filter.example.com ServerName;
<VirtualHost *:80>
ServerName filter.example.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</VirtualHost>
<VirtualHost *:443>
ServerName filter.example.com
RewriteEngine On
DocumentRoot /var/www/filter/
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/filter.example.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/filter.example.com/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/filter.example.com/privkey.pem
ErrorDocument 404 /error404.html
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
</VirtualHost>
And here for my "real" website;
<VirtualHost *:80>
ServerName example.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
RewriteEngine On
DocumentRoot /var/www/html/
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
ErrorDocument 404 /error404.html
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
</VirtualHost>
So, David wrote;
You will really end up in a redirect loop because the request 1 to www.example.com will redirect to filter.example.com and again to www.example.com endlessly. To avoid this add a cookie/header to the incoming request from www.example.com in filter.example.com(of course, after completing the filter process) something like Filter: true, so you know this is already a filtered request and doesn't need to go to filter.example.com.
server {
server_name filter.example.com;
//logic to filter
add_header 'passed_filter' 'true';
}
If you redirect logic to add a check to verify if header Filter: true exists, if not redirect to filter.example.com, if yes - skip redirect and follow the normal execution procedure.
//If the header is not set, then we understand that this request should be redirected to filter.example.com
if($sent_passed_filter ~= 'true') {
//logic to redirect to filter
}
Is that Nginx, because I'm using Apache. Is there also a solution like that but for Apache?
You will really end up in a redirect loop, because the request 1 to www.example.com will redirect to filter.example.com and again to www.example.com endlessly.
To avoid this add a cookie/header to the incoming request from www.example.com in filter.example.com(of course, after completing the filter process) something like Filter: true, so you know this is already a filtered request and doesnt needs to go to filter.example.com.
server {
server_name filter.example.com;
//logic to filter
add_header 'passed_filter' 'true';
}
In you redirect logic add a check to verify if header Filter: true exists, if not redirect to filter.example.com, if yes - skip redirect and follow the normal execution procedure.
//If the header is not set, then we understand that this request should
be redirected to filter.example.com
if($sent_passed_filter ~= 'true') {
//logic to redirect to filter
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.