I use mod_rewrite to set some cookies and then redirect the user to the target url. As these cookies are used in a third party environment, I have to set the flag SameSite=none.
I tried to edit the Set-Cookie header via mod_headers, but I didn't get it to work.
My Apache config:
<VirtualHost *:80>
ServerName www.example.test
RewriteEngine on
RewriteRule ^/test/(.*)$ /test/$1 [CO=cookie1:1:.example.test:86400:/:true:true]
RewriteRule ^/test/(.*)$ /test/$1 [CO=cookie2:$1:.example.test:86400:/:true:true]
RewriteRule ^/test/(.*)$ http://www.example.test/test2/$1 [R,L]
Header always edit Set-Cookie ^(.*)$ "$1; SameSite=none"
Header always set X-Foo "bar"
Header always edit X-Foo ^(.*)$ "$1; SameSite=none"
</VirtualHost>
My test request:
Connecting to 127.0.0.1:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 302 Found
Date: Tue, 04 Feb 2020 09:12:23 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.27
X-Foo: bar; SameSite=none
Set-Cookie: cookie1=1; path=/; domain=.example.test; expires=Sat, 04-Apr-2020 09:12:23 GMT; secure; HttpOnly
Set-Cookie: cookie2=0815; path=/; domain=.example.test; expires=Sat, 04-Apr-2020 09:12:23 GMT; secure; HttpOnly
Location: http://www.example.test/test2/0815
Content-Length: 218
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Cookie coming from 127.0.0.1 attempted to set domain to 127.0.0.1
Cookie coming from 127.0.0.1 attempted to set domain to 127.0.0.1
Location: http://www.example.test/test2/0815
Why is the X-Foo header edited, but the Set-Cookie headers are not?
I finally got it - you can set the SameSite flag in the RewriteRule:
<VirtualHost *:80>
ServerName www.example.test
RewriteEngine on
RewriteRule ^/test/(.*)$ /test/$1 [CO=cookie1:1;\ SameSite=none:.example.test:86400:/:true:true]
RewriteRule ^/test/(.*)$ /test/$1 [CO=cookie2:$1;\ SameSite=none:.example.test:86400:/:true:true]
RewriteRule ^/test/(.*)$ http://www.example.test/test2/$1 [R,L]
</VirtualHost>
Now I get the following response:
wget --server-response --header "Host: www.example.test" "http://127.0.0.1/test/0815"
--2020-02-05 11:15:15-- http://127.0.0.1/test/0815
Connecting to 127.0.0.1:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 302 Found
Date: Wed, 05 Feb 2020 10:15:15 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.27
Set-Cookie: cookie1=1; SameSite=none; path=/; domain=.example.test; expires=Sun, 05-Apr-2020 10:15:15 GMT; secure; HttpOnly
Set-Cookie: cookie2=0815; SameSite=none; path=/; domain=.example.test; expires=Sun, 05-Apr-2020 10:15:15 GMT; secure; HttpOnly
Location: http://www.example.test/test2/0815
Content-Length: 218
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Cookie coming from 127.0.0.1 attempted to set domain to 127.0.0.1
Cookie coming from 127.0.0.1 attempted to set domain to 127.0.0.1
Location: http://www.example.test/test2/0815 [following]
Related
I have created an htaccess file for my multi-site Wordpress website, which contains the standard rewrite rules followed by a mod_headers section, with conditional FilesMatch directives.
The http headers all apply correctly to subdocuments of any Wordpress page (e.g. png, jpg, js, css etc), but never apply to the root document. Another pure html site on the same host does receive the headers correctly.
For example:
https://www.somedomain.com/site.css
returns:
HTTP/2 200 OK
content-type: text/css
date: Mon, 30 Mar 2020 09:36:10 GMT
server: Apache
x-content-type-options: nosniff
last-modified: Sun, 29 Mar 2020 12:55:43 GMT
etag: "14546d-5a1fdda3e88c5-gzip"
accept-ranges: bytes
cache-control: must-revalidate, public, max-age=31536000
expires: Sat, 20 Mar 2021 09:36:10 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
but https://www.somedomain.com/ only returns:
HTTP/1.1 200 Connection established
content-type: text/html; charset=UTF-8
date: Mon, 30 Mar 2020 09:36:09 GMT
server: Apache
x-powered-by: PHP/7.3.16
cache-control: no-cache
content-encoding: gzip
The htaccess code is below:
#BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
#add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) web/$1 [L]
RewriteRule ^(.*\.php)$ web/$1 [L]
RewriteRule . index.php [L]
</IfModule>
#END WordPress
#BEGIN Headers
<IfModule mod_headers.c>
#Remove server headers
Header always unset X-Redirect-By
Header always unset X-Powered-By
Header always unset Location
#Set server headers
Header always set X-Content-Type-Options nosniff
Header append Vary "Accept-Encoding, User-Agent"
#Set Cache-Control
<FilesMatch "\.(ico|jpe?g|png|gif|svg|webp|swf|css|mp4)$">
Header set Cache-Control "must-revalidate, public, max-age=31536000"
</FilesMatch>
<FilesMatch "\.(js)$">
Header set Cache-Control "private"
</FilesMatch>
<FilesMatch "\.(php|x?html?|pdf|xlsx?|docx?|pptx?|zipx?)$">
Header set Cache-Control "private, must-revalidate"
</FilesMatch>
#PHP/HTML specific headers
<FilesMatch "\.(php|x?html?)$">
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-DNS-Prefetch-Control "on"
Header always set Connection "keep-alive"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set X-Clacks-Overhead "GNU Terry Pratchett"
</FilesMatch>
</IfModule>
#END Headers
What I have at this moment.
In httpd-deflate.conf in Location section:
SetEnvIfNoCase Request_URI \
\\.(?:gif|jpe?g|jpg|png|rar|zip|exe|flv|swf|mov|wma|mp3|mp4|avi|mp?g)$ no-gzip dont-vary
In .htaccess:
Options +FollowSymlinks
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index\.php$ [NC]
RewriteRule ^(.+)$ /index.php?_route_=$1 [L,QSA]
With these settings images that are actually on the server are processed as needed - without gzip encoding and without "Content-Encoding: gzip" header in the server response.
But nonexistent images are processed in index.php file.
http://example.com/nonexistent-path/non-existent-image.jpg
The response body:
Cache-Control: max-age=84148768
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 49860
Content-Type: image/jpeg - ((I set it in php manually after image generation before output))
Date: Mon, 01 May 2017 22:04:48 GMT
Expires: Tue, 31 Dec 2019 20:44:16 GMT
Last-Modified: Thu, 17 Nov 2016 14:51:10 GMT
Server: nginx
Strict-Transport-Security: max-age=2592000
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
x-content-type-options nosniff
As you see this nonexistent image was processed as a document, not as a .jpg image.
On the server I have Apache and nginx proxy, as I understand. What should I paste in httpd-deflate.conf or in any other place to remove gzip encoding for nonexistent images and to remove "Content-Encoding: gzip" in the server response?
Thank you.
Use
apache_setenv( 'no-gzip', '1' );
in your PHP script before output.
I need to redirect all website url without www to www website
on some server that i usually use i never got issue using this
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
on this server url are redirect from not www to www but they lose query string
i try with curl from mac shell and it seems that 301 lose query sting
$ curl -I http://mywebsite.com/web/practice/?sbp=12
HTTP/1.1 301 Moved Permanently
Date: Fri, 11 Nov 2016 09:25:30 GMT
Server: Apache
Location: http://www.mywebsite.com/web/practice/
Cache-Control: max-age=0
Expires: Fri, 11 Nov 2016 09:25:30 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=iso-8859-1
I would like to grab the url, check if the url contains "#!" and redirect to the same url without the "#!" string? I tried the following - but this is not working?
RewriteCond %{REQUEST_URI} "(.*).html#!$"
RewriteRule "(.*)" $1 [NC,L,R=301]
Try that one:
RewriteCond %{REQUEST_URI} ".*\.html#!$"
RewriteRule "^(.*\.html)#!$" $1 [NC,L,R=301]
Unfortunately, the previous solution was wrong. The server will not process the data after the grid symbol:
[27/Oct/2016:10:23:12 +0300] domain.com xx.xx.xx.xx xx.xx.xx.xx 200 0 0.000 HEAD /index.html HTTP/1.1 - curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
$ curl -I 'http://domain.com/index.html#!1asfasgf1ghgh'
HTTP/1.1 200 OK
Server: nginx/1.10.1
Date: Thu, 27 Oct 2016 07:23:14 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 9977
Connection: keep-alive
Last-Modified: Sat, 23 Jan 2016 14:06:07 GMT
ETag: "a66b6-26f9-52a00d64891c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
I thought this would be a simple task but either I am worng or am just missing the easy answer!
I need a way for Apache to return a 200 for any page including a 404 page. Is there any easy solution?
This is the current header response:
HTTP/1.1
404 Article not found
Date: Mon, 01 Apr 2013 18:05:38 GMT
Server: Apache P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: 440d08f3c65b7f89402db924f5428cbd=ujg53v71nc68fi5pc36rllnd707; path=/
Set-Cookie: trcusr=%24%24; expires=Tue, 19-Jan-2038 03:14:07 GMT; path=/
Set-Cookie: cltid=103; expires=Tue, 19-Jan-2038 03:14:07 GMT; path=/
Set-Cookie: js_vsid=355; expires=Mon, 01-Apr-2013 22:05:38 GMT; path=/
Content-Type: text/html; charset=utf-8
I would use RewriteEngine to rewrite any URL to a file that doesn't exist to a page that does.
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^.*$ file-that-exists.html
Untested, but that should be close to it.