RewriteRule and php download counter - apache

(1) I have a site that serves up MP3 files:
http://domain/files/1234567890.mp3
(2) I have a php script that tracks file download counts:
http://domain/modules/download_counter.php?file=/files/1234567890.mp3
After download_counter.php records the download, it redirects to the original file:
Header("Location: $FQDN_url");
(3) I'd like all my public links to be presented as the direct file urls from (1). I'm trying to use Apache to redirect the requests to download_counter.php:
RewriteRule ^files/(.+\.mp3)$ /modules/download_counter.php?file=/files/$1 [L]
I'm currently stuck on (3), as it results in a redirect loop, since download_counter.php simply redirects the request back to the original file (rather than streaming the file contents).
I'm also motivated to use download_counter.php as is (without modifying it's redirect behaviour). This is because the script is part of a larger CMS module, and I'd like to avoid complicating my upgrade path.
Perhaps there is no solution to my problem (other than modifying the download_counter script). WDYT?

If this is not about the strongest protection ever (as I can see, it is not), then just have your script to redirect browser not to the file, but to the
http://domain/files/1234567890.mp3/redirected
Ensure your webserver will still serve such request correctly as a file download. If it will, then just add negative RewriteCond that will ensure, that redirection is done if and only if the link is not ending with /redirected

UPDATED ANSWER
i think you are into a lot of troubles because your pseudo url are actually real urls: they lead to the file. So you should change your pseudo url to something like domain.com/downloads/file.mp3 and then just check whether the requested file does not exist, so that the redirect does not loop.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^downloads/(.+\.mp3)$ /modules/download_counter.php?file=/files/$1 [L]

I first thought something that would use the referer would work:
RewriteCond %{HTTP_REFERER} !download_conter\.php
RewriteCond %{HTTP_REFERER} !=""
RewriteRule ^files/(.+\.mp3)$ /modules/download_counter.php?file=/files/$1 [L]
However, the browser does not cooperate. Let's say you click some link in file.html to something.mp3 and then are forwarded to download_counter.php. When the php script does the forward it sets as referer not download_counter.php but file.html.
The only way I see you could do this would be using an external rewriting program that would keep some state -- the first time the user requested the file it would save that information and make the rewrite, the second time it would know it had made the rewrite in the first place and would pass through the request unmodified. See the documentation of RewriteMap.

Put in http://domain/files/ this .htaccess file...
RewriteEngine On
RewriteOptions Inherit
RewriteRule ^(.*).(mp3)$ /modules/download_counter.php?file=$1.$2 [R,L]
This should do the trick...

Related

htaccess Remove directory from end of URL in apache

Ok, so I know this is a question that has been asked many times, however, I have not been able to find an answer to my particular case, so please do not shoot me down.
I have a website: http://gmcomputers.co.za.
I am redirecting this URL, using .htaccess file, to a subfolder to load the content:
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/$
RewriteRule (.*) /gmcomputers/ [L,DPI,R=301]
Which works perefectly, except when I go to http://gmcomputers.co.za I get http://gmcomputers.co.za/gmcomputers/.
So my question is, how do I modify the above code to remove the /gmcomputers/ from being appended?
Please note I copied the code above from a website as I am not at all experienced in redirect, etc and am still learning. Also, the reason I am using .htaccess to redirect is due to there being other websites in the root directory and I therefore cannot edit any config files for Apache.
Thanking you.
You contradict yourself in your question. On the one hand you write that you want to redirect and that this "works perfectly", but then you write that you do not want that result.
My guess is that you actually do not want to redirect at all, but that instead you want to internally rewrite your requests to point to that server side folder. While the URL visible in the browser's URL bar does not show that folder. Is that what you are trying to ask?
If so take a look at this example:
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/gmcomputers
RewriteRule ^ /gmcomputers%{REQUEST_URI} [END]
You might want to add an actual redirection to direct clients actually using the folder name in their requests:
RewriteEngine on
RewriteRule ^/?gmcomputers/(.*)$ /$1 [R=301,END]
RewriteCond %{REQUEST_URI} !^/gmcomputers
RewriteRule ^ /gmcomputers%{REQUEST_URI} [END]
Best is to implement such rules in the central http server's host configuration. If you do not have access to that you can instead use a distributed configuration file (typically called ".htaccess") located in the DOCUMENT_ROOT folder configured for the http host, if you enabled the consideration of such files in your host configuration . Though that comes with a number of disadvantages. Above implementation works likewise for both approaches.

Redirect loop with simple htaccess rule

I have been pulling my air out over this. It worked before the server migration!
Ok so basically it's as simple as this:
I have a .php file that I want to view the content of using a SEO friendly URL via a ReWrite rule.
Also to canonicalise and to prevent duplicate content I want to 301 the .php version to the SEO friendly version.
This is what I used and has always worked till now on the new server:
RewriteRule ^friendly-url/$ friendly-url.php [L,NC]
RewriteRule ^friendly-url.php$ /friendly-url/$1 [R=301,L]
However disaster has struck and now it causes a redirect loop.
Logically I can only assume that in this version of Apache it is tripping up as it's seeing that the script being run is the .php version and so it tries the redirect again.
How can I re-work this to make it work? Or is there a config I need to switch in WHM?
Thanks!!
This is how your .htaccess should look like:
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteBase /
# To externally redirect /friendly-url.php to /friendly-url/
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/+(friendly-url)\.php [NC]
RewriteRule ^ /%1/? [R=302,L]
## To internally redirect /anything/ to /anything.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{DOCUMENT_ROOT}/$1\.php -f
RewriteRule ^(.+?)/$ $1.php [L]
Note how I am using R=302, because I don't want the rule to cache on my browser until I confirm its working as expected, then, once I can confirm its working as expected I switch from R=302 to R=301.
Keep in mind you may have also been cached from previous attempts since you're using R=301, so you better of trying to access it from a different browser you have used just to make sure its working.
However disaster has struck and now it causes a redirect loop.
It causes a redirect loop because your redirecting it to itself, the different on my code is that I capture the request, and redirect the php files from there to make it friendly and then use the internal redirect.
The exact same .htaccess file will work differently depending on where it's placed because the [L]ast flag means something different depending on location. In ...conf, [L]ast means all finished processing so get out, but in .htaccess the exact same [L]ast flag means start all over at the top of this file.
To work as expected when moving a block of code from ...conf to .htaccess, most .htaccess files will need one or the other of these tweaks:
Change the [L]ast flags to [END]. (Problem is, the [END] flag is only available in newer [version 2.3.9 and later] Apaches, and won't even "fall back" in earlier versions.)
Add boilerplate code like this at the top of each of your .htaccess files:
*
RewriteCond %{ENV:REDIRECT_STATUS} !^[\s/]*$
RewriteRule ^ - [L]

How do I hide actual directories using mod_rewrite?

I am hosting a couple of domains of the same wordpress installation, now I'd like to have a per-domain folder for some various files I need to put up there.
Essentially I want to map like this:
URL Path
webbfarbror.se/f/* _files/webbfarbror.se/*
grapefrukt.com/f/* _files/grapefrukt.com/*
This little snippet does the job nicely and the RewriteCond let's me enable and disable this on a per domain basis.
ReWriteCond %{HTTP_HOST} webbfarbror.se
ReWriteRule ^f/(.*)$ _files/%{HTTP_HOST}/$1 [L]
However, a file at say, http://grapefrukt.com/f/awesome.jpg is also accessible at it's "real" URL http://grapefrukt.com/_files/grapefrukt.com/awesome.jpg
All my attempts result in infinite redirects back and forth.
How do I disable access through the latter URL?
You can examine the original request as it was sent to the server, which is available as %{THE_REQUEST}. Checking for the /_files/ prefix indicates that the request was of the latter type, and you can then redirect to the appropriate format:
RewriteCond %{THE_REQUEST} ^[A-Z]+\s/_files/
RewriteRule ^_files/[^/]+/(.*)$ http://%{HTTP_HOST}/f/$1 [R=301,L]

.htaccess mod_rewrite issue

Almost in any project I work on, some issues with .htaccess occur. I usually just find the easiest solution and leave it because I don't have any knowledge or understanding for Apache, servers etc. But this time I thought I would ask you guys.
This is the files and folders in my (simplified) setup:
/modrewrite-test
.htaccess
/config
/inc
/lib
/public_html
.htaccess
/cms
/navigation
index.php
edit.php
/pages
index.php
edit.php
login.php
page.php
The "config", "inc" and "lib" folders are meant to be "hidden" from the root of the website. I try to accomplish this by making a .htaccess-file in the root that redirects the user to "public_html". The .htacess-file contains this:
RewriteEngine On
RewriteRule (.*) public_html/$1
This works perfect. If I type "http://localhost/modrewrite-test/login.php" in my browser, I end up in public_html/login.php which is my intention. So this works fine. The .htaccess-file in "public_html" contains this:
RewriteEngine On
# Root
RewriteRule ^$ page.php [L]
# Login
RewriteRule ^(admin)|(login)\/?$ login.php [L]
# Page (if not a file/directory)
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ page.php?url=$1 [L]
The first rewrite just redirects me to public_html/page.php if I try to reach "http://localhost/modrewrite-test/". The next rewrite is just for the convenience of users trying to log in - so if they try to reach "http://localhost/modrewrite-test/admin" or "http://localhost/modrewrite-test/login" they will end up at the login.php-file. The third and last rewrite handles the rest of the requests. If I try to reach "http://localhost/modrewrite-test/bla/bla/bla" it will just redirect me to public_html/page.php (with the 'url' GET-variable set) instead of finding a folder called "la", containing a folder named "bla" and etc.
All of these things work perfect but a minor issues occurs when I for instance try to reach "http://localhost/modrewrite-test/cms/navigation" without a slash at the end of the URL. When I try to reach that page the browser is somehow redirected to "http://localhost/modrewrite-test/public_html/cms/navigation/". The correct page is shown but why does it get redirected and add the "public_html" part in the URL? The desired behavior is that the URL stays intact and that the page public_html/cms/navigation/index.php is shown.
The files and folders in the (simplified) can be found at http://highbars.com/modrewrite-test.zip
I ran into the same problem with "strange" redirects when trying to access existing directory without slash at end. In my case this redirection was done by mod_dir Apache module. To disable redirection I used DirectorySlash directive. Try putting in .htaccess files following string:
DirectorySlash Off
RewriteBase may help. Try this in public_html/.htaccess:
RewriteEngine On
RewriteBase /
Add the following to /modrewrite-test/.htaccess:
RewriteBase /modrewrite-test
Just to be on the safe side, I'd add the same rule also to /modrewrite-test/public_html/.htaccess. I found that having RewriteBase always set prevents a lot of potential problems in the future. This however means that you might need to update the values if you change the URI structure of your site.
Update:
I don't think that this is possible with your current folder structure. I believe that the problem is that existing subdirectories prevent rewrite rules from firing. Note the behavior please - everything works fine while you are working with non-existent files and directories, thanks to these two conditions:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
However if you try to open any index file from an existing subdirectory, you get redirected to .../public_html/.... Since you can properly open /modrewrite-test/cms/navigation/edit.php, I can only assume that the request is being overwritten by some Apache core directive, which adds slashes at end of folder URLs. Notice that everything works fine if you have an ending-slash at each URL (i.e. the Apache core directory does not need to "correct" your URL, thus everything gets rewritten by your own rewrite rules).
Suggested solution (unless anyone can advise better):
Change /modrewrite-test/public_html/.htaccess as follows:
RewriteEngine On
RewriteBase /modrewrite-test
# Page (if not a file/directory)
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ page.php?url=$1 [L]
Then Remove all PHP files from subfolders and use the Front Controller pattern, i.e. route all requests through your main page.php file and do not delegate anything down below.
You can then use the Factory pattern to initiate individual UIs (i.e. navigation/edit.php) directly from your main page.php file based on contents of $_GET['url'] (make sure to properly sanitize that).
Update #2:
This other post on StackOverflow advises on project structure used by Zend Framework - it essentially shows the approach which I suggested above. It is a valuable information asset regardless if you use Zend Framework or not.

Why would mod_rewrite rewrite twice?

I only recently found out about URL rewriting, so I've still got a lot to learn.
While following the Easy Mod Rewrite tutorial, the results of one of their examples is really confusing me.
RewriteBase /
RewriteRule (.*) index.php?page=$1 [QSA,L]
Rewrites /home as /index.php?page=index.php&page=home.
I thought the duplicates might have had been caused by something in my host's configs, but a clean install of XAMPP does the same.
So, does anyone know why this seems to parse twice?
And, to me this seems like, if it's going to do this, it would be an infinite loop -- why does it stop at 2 cycles?
From Example 1 on this page, which is part of the tutorial linked in your question:
Assume you are using a CMS system that rewrites requests for everything to a single index.php script.
RewriteRule ^(.*)$ index.php?PAGE=$1 [L,QSA]
Yet every time you run that, regardless of which file you request, the PAGE variable always contains "index.php".
Why? You will end up doing two rewrites. Firstly, you request test.php. This gets rewritten to index.php?PAGE=test.php. A second request is now made for index.php?PAGE=test.php. This still matches your rewrite pattern, and in turn gets rewritten to index.php?PAGE=index.php.
One solution would be to add a RewriteCond that checks if the file is already "index.php". A better solution that also allows you to keep images and CSS files in the same directory is to use a RewriteCond that checks if the file exists, using -f.
1the link is to the Internet Archive, since the tutorial website appears to be offline
From the Apache Module mod_rewrite documentation:
'last|L' (last rule)
[…] if the RewriteRule generates an internal redirect […] this will reinject the request and will cause processing to be repeated starting from the first RewriteRule.
To prevent this you could either use an additional RewriteCond directive:
RewriteCond %{REQUEST_URI} !^/index\.php$
RewriteRule (.*) index.php?page=$1 [QSA,L]
Or you alter the pattern to not match index.php and use the REQUEST_URI variable, either in the redirect or later in PHP ($_SERVER['REQUEST_URI']).
RewriteRule !^index\.php$ index.php?page=%{REQUEST_URI} [QSA,L]