stackoom
  简体   繁体   中英

Redirect all HTTP/HTTPS requests Apache to a specific website and then back

 原文  2017-10-17 07:22:03       apache/ redirect/ nginx

Question

What I want to do (ALL THIS IS PERFORMED ON ONLY ONE SERVER);

(I'm working with example.com for not making any advertisement).

Redirect all incoming HTTP/HTTPS requests (Port 80 and 443) to a specific website, for example, filter.example.com. There I've made my own mechanism to filter malicious requests. After that, the requests should get back to the requested website.

My problem is, that every request is getting redirected back to the filter, so there's an endless loop.

Do you know any solution to that or maybe an alternative (Nginx)?

Here's the problem showed by the packet flow;

"User - Request = https://example.com " -> "Apache redirects it to = https://filter.example.com " -> "After getting filtered = https://example.com " -> "Apache is redirecting it back again."

I really hope you understand my problem.

Thank you.

EDIT:

This are my settings for the filter.example.com ServerName;

<VirtualHost *:80>
    ServerName filter.example.com
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</VirtualHost>

<VirtualHost *:443>
    ServerName filter.example.com
    RewriteEngine On
    DocumentRoot /var/www/filter/
    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/filter.example.com/cert.pem
    SSLCertificateChainFile /etc/letsencrypt/live/filter.example.com/chain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/filter.example.com/privkey.pem
    ErrorDocument 404 /error404.html
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
</VirtualHost>

And here for my "real" website;

<VirtualHost *:80>
    ServerName example.com
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</VirtualHost>

<VirtualHost *:443>
    ServerName example.com
    RewriteEngine On
    DocumentRoot /var/www/html/
    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
    SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    ErrorDocument 404 /error404.html
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
</VirtualHost>

So, David wrote;

You will really end up in a redirect loop because the request 1 to www.example.com will redirect to filter.example.com and again to www.example.com endlessly. To avoid this add a cookie/header to the incoming request from www.example.com in filter.example.com(of course, after completing the filter process) something like Filter: true, so you know this is already a filtered request and doesn't need to go to filter.example.com.

server {
    server_name filter.example.com;
    //logic to filter 
    add_header 'passed_filter' 'true'; 
}

If you redirect logic to add a check to verify if header Filter: true exists, if not redirect to filter.example.com, if yes - skip redirect and follow the normal execution procedure.

//If the header is not set, then we understand that this request should be redirected to filter.example.com
if($sent_passed_filter ~= 'true') {
   //logic to redirect to filter
}

Is that Nginx, because I'm using Apache. Is there also a solution like that but for Apache?

1 answers

solution1
 1 ACCPTED  2017-10-17 18:40:39

You will really end up in a redirect loop, because the request 1 to www.example.com will redirect to filter.example.com and again to www.example.com endlessly.

To avoid this add a cookie/header to the incoming request from www.example.com in filter.example.com(of course, after completing the filter process) something like Filter: true, so you know this is already a filtered request and doesnt needs to go to filter.example.com.

server {
  server_name filter.example.com;
  //logic to filter 
  add_header 'passed_filter' 'true'; 
}

In you redirect logic add a check to verify if header Filter: true exists, if not redirect to filter.example.com, if yes - skip redirect and follow the normal execution procedure.

//If the header is not set, then we understand that this request should 
be redirected to filter.example.com
if($sent_passed_filter ~= 'true') {
   //logic to redirect to filter
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Apache Redirect certain HTTPS requests to HTTP not working Redirect all http requests (including subdomains) to https apache mod rewrite (all HTTP requests to HTTPs) Redirecting all http requests to https in apache Apache Https to Http Redirect apache http: redirect to https: Redirect HTTPS to HTTP in Apache With .htaccess, allow a specific set of Wordpress pages to be served over HTTPS://, and redirect all others back to HTTP:// apache rewrite rule to change https to http requests for specific file Redirect Loop while redirecting all http requests to https using .htaccess
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM