1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * _ __ ___ ___ __| | _ __ _____ ___ __(_) |_ ___
19 * | '_ ` _ \ / _ \ / _` | | '__/ _ \ \ /\ / / '__| | __/ _ \
20 * | | | | | | (_) | (_| | | | | __/\ V V /| | | | || __/
21 * |_| |_| |_|\___/ \__,_|___|_| \___| \_/\_/ |_| |_|\__\___|
24 * URL Rewriting Module
26 * This module uses a rule-based rewriting engine (based on a
27 * regular-expression parser) to rewrite requested URLs on the fly.
29 * It supports an unlimited number of additional rule conditions (which can
30 * operate on a lot of variables, even on HTTP headers) for granular
31 * matching and even external database lookups (either via plain text
32 * tables, DBM hash files or even external processes) for advanced URL
35 * It operates on the full URLs (including the PATH_INFO part) both in
36 * per-server context (httpd.conf) and per-dir context (.htaccess) and even
37 * can generate QUERY_STRING parts on result. The rewriting result finally
38 * can lead to internal subprocessing, external request redirection or even
39 * to internal proxy throughput.
41 * This module was originally written in April 1996 and
42 * gifted exclusively to the The Apache Software Foundation in July 1997 by
50 #include "apr_strings.h"
54 #include "apr_signal.h"
55 #include "apr_global_mutex.h"
61 #include "apr_thread_mutex.h"
64 #define APR_WANT_MEMFUNC
65 #define APR_WANT_STRFUNC
66 #define APR_WANT_IOVEC
69 /* XXX: Do we really need these headers? */
73 #if APR_HAVE_SYS_TYPES_H
74 #include <sys/types.h>
85 #if APR_HAVE_NETINET_IN_H
86 #include <netinet/in.h>
89 #include "ap_config.h"
91 #include "http_config.h"
92 #include "http_request.h"
93 #include "http_core.h"
95 #include "http_protocol.h"
96 #include "http_vhost.h"
97 #include "util_mutex.h"
101 #include "mod_rewrite.h"
104 #if APR_CHARSET_EBCDIC
105 #include "util_charset.h"
108 static ap_dbd_t *(*dbd_acquire)(request_rec*) = NULL;
109 static void (*dbd_prepare)(server_rec*, const char*, const char*) = NULL;
110 static const char* really_last_key = "rewrite_really_last";
113 * in order to improve performance on running production systems, you
114 * may strip all rewritelog code entirely from mod_rewrite by using the
115 * -DREWRITELOG_DISABLED compiler option.
117 * DO NOT USE THIS OPTION FOR PUBLIC BINARY RELEASES. Otherwise YOU are
118 * responsible for answering all the mod_rewrite questions out there.
120 /* If logging is limited to APLOG_DEBUG or lower, disable rewrite log, too */
121 #ifdef APLOG_MAX_LOGLEVEL
122 #if APLOG_MAX_LOGLEVEL < APLOG_TRACE1
123 #ifndef REWRITELOG_DISABLED
124 #define REWRITELOG_DISABLED
129 #ifndef REWRITELOG_DISABLED
132 #define rewritelog(...) do_rewritelog(__LINE__, __VA_ARGS__)
134 #define rewritelog do_rewritelog
136 #define REWRITELOG_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
137 #define REWRITELOG_FLAGS ( APR_WRITE | APR_APPEND | APR_CREATE )
139 #else /* !REWRITELOG_DISABLED */
142 #define rewritelog(...)
144 #define rewritelog do_rewritelog
146 #endif /* REWRITELOG_DISABLED */
148 /* remembered mime-type for [T=...] */
149 #define REWRITE_FORCED_MIMETYPE_NOTEVAR "rewrite-forced-mimetype"
150 #define REWRITE_FORCED_HANDLER_NOTEVAR "rewrite-forced-handler"
152 #define ENVVAR_SCRIPT_URL "SCRIPT_URL"
153 #define REDIRECT_ENVVAR_SCRIPT_URL "REDIRECT_" ENVVAR_SCRIPT_URL
154 #define ENVVAR_SCRIPT_URI "SCRIPT_URI"
156 #define CONDFLAG_NONE (1<<0)
157 #define CONDFLAG_NOCASE (1<<1)
158 #define CONDFLAG_NOTMATCH (1<<2)
159 #define CONDFLAG_ORNEXT (1<<3)
160 #define CONDFLAG_NOVARY (1<<4)
162 #define RULEFLAG_NONE (1<<0)
163 #define RULEFLAG_FORCEREDIRECT (1<<1)
164 #define RULEFLAG_LASTRULE (1<<2)
165 #define RULEFLAG_NEWROUND (1<<3)
166 #define RULEFLAG_CHAIN (1<<4)
167 #define RULEFLAG_IGNOREONSUBREQ (1<<5)
168 #define RULEFLAG_NOTMATCH (1<<6)
169 #define RULEFLAG_PROXY (1<<7)
170 #define RULEFLAG_PASSTHROUGH (1<<8)
171 #define RULEFLAG_QSAPPEND (1<<9)
172 #define RULEFLAG_NOCASE (1<<10)
173 #define RULEFLAG_NOESCAPE (1<<11)
174 #define RULEFLAG_NOSUB (1<<12)
175 #define RULEFLAG_STATUS (1<<13)
176 #define RULEFLAG_ESCAPEBACKREF (1<<14)
177 #define RULEFLAG_DISCARDPATHINFO (1<<15)
178 #define RULEFLAG_QSDISCARD (1<<16)
179 #define RULEFLAG_END (1<<17)
180 #define RULEFLAG_ESCAPENOPLUS (1<<18)
181 #define RULEFLAG_QSLAST (1<<19)
183 /* return code of the rewrite rule
184 * the result may be escaped - or not
186 #define ACTION_NORMAL (1<<0)
187 #define ACTION_NOESCAPE (1<<1)
188 #define ACTION_STATUS (1<<2)
191 #define MAPTYPE_TXT (1<<0)
192 #define MAPTYPE_DBM (1<<1)
193 #define MAPTYPE_PRG (1<<2)
194 #define MAPTYPE_INT (1<<3)
195 #define MAPTYPE_RND (1<<4)
196 #define MAPTYPE_DBD (1<<5)
197 #define MAPTYPE_DBD_CACHE (1<<6)
199 #define ENGINE_DISABLED (1<<0)
200 #define ENGINE_ENABLED (1<<1)
202 #define OPTION_NONE (1<<0)
203 #define OPTION_INHERIT (1<<1)
204 #define OPTION_INHERIT_BEFORE (1<<2)
205 #define OPTION_NOSLASH (1<<3)
206 #define OPTION_ANYURI (1<<4)
207 #define OPTION_MERGEBASE (1<<5)
208 #define OPTION_INHERIT_DOWN (1<<6)
209 #define OPTION_INHERIT_DOWN_BEFORE (1<<7)
210 #define OPTION_IGNORE_INHERIT (1<<8)
211 #define OPTION_IGNORE_CONTEXT_INFO (1<<9)
212 #define OPTION_LEGACY_PREFIX_DOCROOT (1<<10)
213 #define OPTION_LONGOPT (1<<11)
216 #define RAND_MAX 32767
219 /* max cookie size in rfc 2109 */
220 /* XXX: not used at all. We should do a check somewhere and/or cut the cookie */
221 #define MAX_COOKIE_LEN 4096
223 /* max line length (incl.\n) in text rewrite maps */
224 #ifndef REWRITE_MAX_TXT_MAP_LINE
225 #define REWRITE_MAX_TXT_MAP_LINE 1024
228 /* buffer length for prg rewrite maps */
229 #ifndef REWRITE_PRG_MAP_BUF
230 #define REWRITE_PRG_MAP_BUF 1024
233 /* for better readbility */
234 #define LEFT_CURLY '{'
235 #define RIGHT_CURLY '}'
238 * expansion result items on the stack to save some cycles
240 * (5 == about 2 variables like "foo%{var}bar%{var}baz")
242 #define SMALL_EXPANSION 5
245 * check that a subrequest won't cause infinite recursion
247 * either not in a subrequest, or in a subrequest
248 * and URIs aren't NULL and sub/main URIs differ
250 #define subreq_ok(r) (!r->main || \
251 (r->main->uri && r->uri && strcmp(r->main->uri, r->uri)))
253 #ifndef REWRITE_MAX_ROUNDS
254 #define REWRITE_MAX_ROUNDS 10000
258 * +-------------------------------------------------------+
260 * | Types and Structures
262 * +-------------------------------------------------------+
266 const char *datafile; /* filename for map data files */
267 const char *dbmtype; /* dbm type for dbm map data files */
268 const char *checkfile; /* filename to check for map existence */
269 const char *cachename; /* for cached maps (txt/rnd/dbm) */
270 int type; /* the type of the map */
271 apr_file_t *fpin; /* in file pointer for program maps */
272 apr_file_t *fpout; /* out file pointer for program maps */
273 apr_file_t *fperr; /* err file pointer for program maps */
274 char *(*func)(request_rec *, /* function pointer for internal maps */
276 char **argv; /* argv of the external rewrite map */
277 const char *dbdq; /* SQL SELECT statement for rewritemap */
278 const char *checkfile2; /* filename to check for map existence
279 NULL if only one file */
280 const char *user; /* run RewriteMap program as this user */
281 const char *group; /* run RewriteMap program as this group */
284 /* special pattern types for RewriteCond */
308 char *input; /* Input string of RewriteCond */
309 char *pattern; /* the RegExp pattern string */
310 ap_regex_t *regexp; /* the precompiled regexp */
311 ap_expr_info_t *expr; /* the compiled ap_expr */
312 int flags; /* Flags which control the match */
313 pattern_type ptype; /* pattern type */
314 int pskip; /* back-index to display pattern */
317 /* single linked list for env vars and cookies */
318 typedef struct data_item {
319 struct data_item *next;
324 apr_array_header_t *rewriteconds;/* the corresponding RewriteCond entries */
325 char *pattern; /* the RegExp pattern string */
326 ap_regex_t *regexp; /* the RegExp pattern compilation */
327 char *output; /* the Substitution string */
328 int flags; /* Flags which control the substitution */
329 char *forced_mimetype; /* forced MIME type of substitution */
330 char *forced_handler; /* forced content handler of subst. */
331 int forced_responsecode; /* forced HTTP response status */
332 data_item *env; /* added environment variables */
333 data_item *cookie; /* added cookies */
334 int skip; /* number of next rules to skip */
335 int maxrounds; /* limit on number of loops with N flag */
336 char *escapes; /* specific backref escapes */
340 int state; /* the RewriteEngine state */
341 int options; /* the RewriteOption state */
342 apr_hash_t *rewritemaps; /* the RewriteMap entries */
343 apr_array_header_t *rewriteconds; /* the RewriteCond entries (temp.) */
344 apr_array_header_t *rewriterules; /* the RewriteRule entries */
345 server_rec *server; /* the corresponding server indicator */
346 unsigned int state_set:1;
347 unsigned int options_set:1;
348 } rewrite_server_conf;
351 int state; /* the RewriteEngine state */
352 int options; /* the RewriteOption state */
353 apr_array_header_t *rewriteconds; /* the RewriteCond entries (temp.) */
354 apr_array_header_t *rewriterules; /* the RewriteRule entries */
355 char *directory; /* the directory where it applies */
356 const char *baseurl; /* the base-URL where it applies */
357 unsigned int state_set:1;
358 unsigned int options_set:1;
359 unsigned int baseurl_set:1;
360 } rewrite_perdir_conf;
362 /* the (per-child) cache structures.
364 typedef struct cache {
368 apr_thread_mutex_t *lock;
372 /* cached maps contain an mtime for the whole map and live in a subpool
373 * of the cachep->pool. That makes it easy to forget them if necessary.
381 /* the regex structure for the
382 * substitution of backreferences
384 typedef struct backrefinfo {
386 ap_regmatch_t regmatch[AP_MAX_REG_MATCH];
389 /* single linked list used for
392 typedef struct result_list {
393 struct result_list *next;
398 /* context structure for variable lookup and expansion
403 const char *vary_this;
408 apr_pool_t *temp_pool;
412 * +-------------------------------------------------------+
414 * | static module data
416 * +-------------------------------------------------------+
419 /* the global module structure */
420 module AP_MODULE_DECLARE_DATA rewrite_module;
422 /* rewritemap int: handler function registry */
423 static apr_hash_t *mapfunc_hash;
426 static cache *cachep;
428 /* whether proxy module is available or not */
429 static int proxy_available;
432 static int rewrite_lock_needed = 0;
433 static apr_global_mutex_t *rewrite_mapr_lock_acquire = NULL;
434 static const char *rewritemap_mutex_type = "rewrite-map";
436 /* Optional functions imported from mod_ssl when loaded: */
437 static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *rewrite_ssl_lookup = NULL;
438 static APR_OPTIONAL_FN_TYPE(ssl_is_https) *rewrite_is_https = NULL;
439 static char *escape_backref(apr_pool_t *p, const char *path, const char *escapeme, int noplus);
442 * +-------------------------------------------------------+
444 * | rewriting logfile support
446 * +-------------------------------------------------------+
449 /* Slightly complicated definitions follow here to support
450 * compile-time choice of enabled/disabled of rewritelog both with or
451 * without C99 support, where varargs macros are only available with
454 * do_rewritelog is defined for (rewritelog enabled) or (rewritelog
455 * disabled AND no C99 support) but is an noop for the latter case and
456 * should get optimized away.
458 * For the (rewritelog disabled) case the function is defined
459 * differently for C99/non-C99. For C99, the rewritelog() macro passes
460 * __LINE__, allowing accurate logging of line numbers. For non-C99
461 * the line number used for rewritelog() tracing is always
464 #if !defined(REWRITELOG_DISABLED) || !defined(AP_HAVE_C99)
467 static void do_rewritelog(int line,
468 request_rec *r, int level, char *perdir,
469 const char *fmt, ...)
470 __attribute__((format(printf,5,6)));
472 static void do_rewritelog(request_rec *r, int level, char *perdir,
473 const char *fmt, ...)
474 __attribute__((format(printf,4,5)));
477 static void do_rewritelog(
481 request_rec *r, int level, char *perdir,
482 const char *fmt, ...)
484 #ifndef REWRITELOG_DISABLED
485 char *logline, *text;
486 const char *rhost, *rname;
491 if (!APLOG_R_IS_LEVEL(r, APLOG_DEBUG + level))
494 rhost = ap_get_useragent_host(r, REMOTE_NOLOOKUP, NULL);
495 rname = ap_get_remote_logname(r);
497 for (redir=0, req=r; req->prev; req = req->prev) {
502 text = apr_pvsprintf(r->pool, fmt, ap);
505 logline = apr_psprintf(r->pool, "%s %s %s [%s/sid#%pp][rid#%pp/%s%s%s] "
507 rhost ? rhost : "UNKNOWN-HOST",
509 r->user ? (*r->user ? r->user : "\"\"") : "-",
510 ap_get_server_name(r),
513 r->main ? "subreq" : "initial",
514 redir ? "/redir#" : "",
515 redir ? apr_itoa(r->pool, redir) : "",
516 perdir ? "[perdir " : "",
517 perdir ? perdir : "",
521 AP_REWRITE_LOG((uintptr_t)r, level, r->main ? 0 : 1, (char *)ap_get_server_name(r), logline);
523 /* Intentional no APLOGNO */
525 ap_log_rerror(__FILE__, line, APLOG_MODULE_INDEX, APLOG_DEBUG + level, 0, r, "%s", logline);
527 ap_log_rerror(APLOG_MARK, APLOG_DEBUG + level, 0, r, "%s", logline);
530 #endif /* !REWRITELOG_DISABLED */
532 #endif /* !defined(REWRITELOG_DISABLED) || !defined(AP_HAVE_C99) */
536 * +-------------------------------------------------------+
538 * | URI and path functions
540 * +-------------------------------------------------------+
543 /* return number of chars of the scheme (incl. '://')
544 * if the URI is absolute (includes a scheme etc.)
546 * If supportqs is not NULL, we return a whether or not
547 * the scheme supports a query string or not.
549 * NOTE: If you add new schemes here, please have a
550 * look at escape_absolute_uri and splitout_queryargs.
551 * Not every scheme takes query strings and some schemes
552 * may be handled in a special way.
554 * XXX: we may consider a scheme registry, perhaps with
555 * appropriate escape callbacks to allow other modules
556 * to extend mod_rewrite at runtime.
558 static unsigned is_absolute_uri(char *uri, int *supportsqs)
562 sqs = (supportsqs ? supportsqs : &dummy);
565 if (*uri == '/' || strlen(uri) <= 5) {
572 if (!ap_cstr_casecmpn(uri, "jp://", 5)) { /* ajp:// */
580 if (!ap_cstr_casecmpn(uri, "alancer://", 10)) { /* balancer:// */
588 if (!ap_cstr_casecmpn(uri, "tp://", 5)) { /* ftp:// */
591 if (!ap_cstr_casecmpn(uri, "cgi://", 6)) { /* fcgi:// */
599 if (!ap_cstr_casecmpn(uri, "opher://", 8)) { /* gopher:// */
606 if (!ap_cstr_casecmpn(uri, "ttp://", 6)) { /* http:// */
610 else if (!ap_cstr_casecmpn(uri, "ttps://", 7)) { /* https:// */
614 else if (!ap_cstr_casecmpn(uri, "2://", 4)) { /* h2:// */
618 else if (!ap_cstr_casecmpn(uri, "2c://", 5)) { /* h2c:// */
626 if (!ap_cstr_casecmpn(uri, "dap://", 6)) { /* ldap:// */
633 if (!ap_cstr_casecmpn(uri, "ailto:", 6)) { /* mailto: */
641 if (!ap_cstr_casecmpn(uri, "ews:", 4)) { /* news: */
644 else if (!ap_cstr_casecmpn(uri, "ntp://", 6)) { /* nntp:// */
651 if (!ap_cstr_casecmpn(uri, "cgi://", 6)) { /* scgi:// */
659 if (!ap_cstr_casecmpn(uri, "s://", 4)) { /* ws:// */
663 else if (!ap_cstr_casecmpn(uri, "ss://", 5)) { /* wss:// */
673 static const char c2x_table[] = "0123456789abcdef";
675 static APR_INLINE unsigned char *c2x(unsigned what, unsigned char prefix,
676 unsigned char *where)
678 #if APR_CHARSET_EBCDIC
679 what = apr_xlate_conv_byte(ap_hdrs_to_ascii, (unsigned char)what);
680 #endif /*APR_CHARSET_EBCDIC*/
682 *where++ = c2x_table[what >> 4];
683 *where++ = c2x_table[what & 0xf];
688 * Escapes a backreference in a similar way as php's urlencode does.
689 * Based on ap_os_escape_path in server/util.c
691 static char *escape_backref(apr_pool_t *p, const char *path, const char *escapeme, int noplus) {
692 char *copy = apr_palloc(p, 3 * strlen(path) + 3);
693 const unsigned char *s = (const unsigned char *)path;
694 unsigned char *d = (unsigned char *)copy;
699 if (apr_isalnum(c) || c == '_') {
702 else if (c == ' ' && !noplus) {
710 const char *esc = escapeme;
713 if (c == ' ' && !noplus) {
734 * escape absolute uri, which may or may not be path oriented.
735 * So let's handle them differently.
737 static char *escape_absolute_uri(apr_pool_t *p, char *uri, unsigned scheme)
742 * NULL should indicate elsewhere, that something's wrong
744 if (!scheme || strlen(uri) < scheme) {
750 /* scheme with authority part? */
753 while (*cp && *cp != '/') {
757 /* nothing after the hostpart. ready! */
758 if (!*cp || !*++cp) {
759 return apr_pstrdup(p, uri);
762 /* remember the hostname stuff */
765 /* special thing for ldap.
766 * The parts are separated by question marks. From RFC 2255:
767 * ldapurl = scheme "://" [hostport] ["/"
768 * [dn ["?" [attributes] ["?" [scope]
769 * ["?" [filter] ["?" extensions]]]]]]
771 if (!ap_cstr_casecmpn(uri, "ldap", 4)) {
775 token[0] = cp = apr_pstrdup(p, cp);
776 while (*cp && c < 4) {
784 return apr_pstrcat(p, apr_pstrndup(p, uri, scheme),
785 ap_escape_uri(p, token[0]),
786 (c >= 1) ? "?" : NULL,
787 (c >= 1) ? ap_escape_uri(p, token[1]) : NULL,
788 (c >= 2) ? "?" : NULL,
789 (c >= 2) ? ap_escape_uri(p, token[2]) : NULL,
790 (c >= 3) ? "?" : NULL,
791 (c >= 3) ? ap_escape_uri(p, token[3]) : NULL,
792 (c >= 4) ? "?" : NULL,
793 (c >= 4) ? ap_escape_uri(p, token[4]) : NULL,
798 /* Nothing special here. Apply normal escaping. */
799 return apr_pstrcat(p, apr_pstrndup(p, uri, scheme),
800 ap_escape_uri(p, cp), NULL);
804 * split out a QUERY_STRING part from
805 * the current URI string
807 static void splitout_queryargs(request_rec *r, int qsappend, int qsdiscard,
813 /* don't touch, unless it's a scheme for which a query string makes sense.
814 * See RFC 1738 and RFC 2368.
816 if (is_absolute_uri(r->filename, &split)
818 r->args = NULL; /* forget the query that's still flying around */
823 r->args = NULL; /* Discard query string */
824 rewritelog(r, 2, NULL, "discarding query string");
827 q = qslast ? ap_strrchr(r->filename, '?') : ap_strchr(r->filename, '?');
833 olduri = apr_pstrdup(r->pool, r->filename);
837 r->args = apr_pstrcat(r->pool, q, "&" , r->args, NULL);
841 r->args = apr_pstrdup(r->pool, q);
845 len = strlen(r->args);
850 else if (r->args[len-1] == '&') {
851 r->args[len-1] = '\0';
855 rewritelog(r, 3, NULL, "split uri=%s -> uri=%s, args=%s", olduri,
856 r->filename, r->args ? r->args : "<none>");
863 * strip 'http[s]://ourhost/' from URI
865 static void reduce_uri(request_rec *r)
870 cp = (char *)ap_http_scheme(r);
872 if ( strlen(r->filename) > l+3
873 && ap_cstr_casecmpn(r->filename, cp, l) == 0
874 && r->filename[l] == ':'
875 && r->filename[l+1] == '/'
876 && r->filename[l+2] == '/' ) {
879 char *portp, *host, *url, *scratch;
881 scratch = apr_pstrdup(r->pool, r->filename); /* our scratchpad */
883 /* cut the hostname and port out of the URI */
884 cp = host = scratch + l + 3; /* 3 == strlen("://") */
885 while (*cp && *cp != '/' && *cp != ':') {
889 if (*cp == ':') { /* additional port given */
892 while (*cp && *cp != '/') {
898 url = r->filename + (cp - scratch);
903 else if (*cp == '/') { /* default port */
906 port = ap_default_port(r);
907 url = r->filename + (cp - scratch);
910 port = ap_default_port(r);
914 /* now check whether we could reduce it to a local path... */
915 if (ap_matches_request_vhost(r, host, port)) {
916 rewrite_server_conf *conf =
917 ap_get_module_config(r->server->module_config, &rewrite_module);
918 rewritelog(r, 3, NULL, "reduce %s -> %s", r->filename, url);
919 r->filename = apr_pstrdup(r->pool, url);
921 /* remember that the uri was reduced */
922 if(!(conf->options & OPTION_LEGACY_PREFIX_DOCROOT)) {
923 apr_table_setn(r->notes, "mod_rewrite_uri_reduced", "true");
932 * add 'http[s]://ourhost[:ourport]/' to URI
933 * if URI is still not fully qualified
935 static void fully_qualify_uri(request_rec *r)
937 if (r->method_number == M_CONNECT) {
940 else if (!is_absolute_uri(r->filename, NULL)) {
941 const char *thisserver;
945 thisserver = ap_get_server_name_for_url(r);
946 port = ap_get_server_port(r);
947 thisport = ap_is_default_port(port, r)
949 : apr_psprintf(r->pool, ":%u", port);
951 r->filename = apr_psprintf(r->pool, "%s://%s%s%s%s",
952 ap_http_scheme(r), thisserver, thisport,
953 (*r->filename == '/') ? "" : "/",
961 * stat() only the first segment of a path
963 static int prefix_stat(const char *path, apr_pool_t *pool)
965 const char *curpath = path;
971 rv = apr_filepath_root(&root, &curpath, APR_FILEPATH_TRUENAME, pool);
973 if (rv != APR_SUCCESS) {
977 /* let's recognize slashes only, the mod_rewrite semantics are opaque
980 if ((slash = ap_strchr_c(curpath, '/')) != NULL) {
981 rv = apr_filepath_merge(&statpath, root,
982 apr_pstrndup(pool, curpath,
983 (apr_size_t)(slash - curpath)),
984 APR_FILEPATH_NOTABOVEROOT |
985 APR_FILEPATH_NOTRELATIVE, pool);
988 rv = apr_filepath_merge(&statpath, root, curpath,
989 APR_FILEPATH_NOTABOVEROOT |
990 APR_FILEPATH_NOTRELATIVE, pool);
993 if (rv == APR_SUCCESS) {
996 if (apr_stat(&sb, statpath, APR_FINFO_MIN, pool) == APR_SUCCESS) {
1005 * substitute the prefix path 'match' in 'input' with 'subst' (RewriteBase)
1007 static char *subst_prefix_path(request_rec *r, char *input, const char *match,
1010 apr_size_t len = strlen(match);
1012 if (len && match[len - 1] == '/') {
1016 if (!strncmp(input, match, len) && input[len++] == '/') {
1017 apr_size_t slen, outlen;
1020 rewritelog(r, 5, NULL, "strip matching prefix: %s -> %s", input,
1023 slen = strlen(subst);
1024 if (slen && subst[slen - 1] != '/') {
1028 outlen = strlen(input) + slen - len;
1029 output = apr_palloc(r->pool, outlen + 1); /* don't forget the \0 */
1031 memcpy(output, subst, slen);
1032 if (slen && !output[slen-1]) {
1033 output[slen-1] = '/';
1035 memcpy(output+slen, input+len, outlen - slen);
1036 output[outlen] = '\0';
1038 rewritelog(r, 4, NULL, "add subst prefix: %s -> %s", input+len,
1044 /* prefix didn't match */
1050 * +-------------------------------------------------------+
1054 * +-------------------------------------------------------+
1057 static void set_cache_value(const char *name, apr_time_t t, char *key,
1064 apr_thread_mutex_lock(cachep->lock);
1066 map = apr_hash_get(cachep->maps, name, APR_HASH_KEY_STRING);
1071 if (apr_pool_create(&p, cachep->pool) != APR_SUCCESS) {
1073 apr_thread_mutex_unlock(cachep->lock);
1078 map = apr_palloc(cachep->pool, sizeof(cachedmap));
1080 map->entries = apr_hash_make(map->pool);
1083 apr_hash_set(cachep->maps, name, APR_HASH_KEY_STRING, map);
1085 else if (map->mtime != t) {
1086 apr_pool_clear(map->pool);
1087 map->entries = apr_hash_make(map->pool);
1091 /* Now we should have a valid map->entries hash, where we
1092 * can store our value.
1094 * We need to copy the key and the value into OUR pool,
1095 * so that we don't leave it during the r->pool cleanup.
1097 apr_hash_set(map->entries,
1098 apr_pstrdup(map->pool, key), APR_HASH_KEY_STRING,
1099 apr_pstrdup(map->pool, val));
1102 apr_thread_mutex_unlock(cachep->lock);
1109 static char *get_cache_value(const char *name, apr_time_t t, char *key,
1117 apr_thread_mutex_lock(cachep->lock);
1119 map = apr_hash_get(cachep->maps, name, APR_HASH_KEY_STRING);
1122 /* if this map is outdated, forget it. */
1123 if (map->mtime != t) {
1124 apr_pool_clear(map->pool);
1125 map->entries = apr_hash_make(map->pool);
1129 val = apr_hash_get(map->entries, key, APR_HASH_KEY_STRING);
1131 /* copy the cached value into the supplied pool,
1132 * where it belongs (r->pool usually)
1134 val = apr_pstrdup(p, val);
1140 apr_thread_mutex_unlock(cachep->lock);
1147 static int init_cache(apr_pool_t *p)
1149 cachep = apr_palloc(p, sizeof(cache));
1150 if (apr_pool_create(&cachep->pool, p) != APR_SUCCESS) {
1151 cachep = NULL; /* turns off cache */
1155 cachep->maps = apr_hash_make(cachep->pool);
1157 (void)apr_thread_mutex_create(&(cachep->lock), APR_THREAD_MUTEX_DEFAULT, p);
1165 * +-------------------------------------------------------+
1169 * +-------------------------------------------------------+
1173 * General Note: key is already a fresh string, created (expanded) just
1174 * for the purpose to be passed in here. So one can modify key itself.
1177 static char *rewrite_mapfunc_toupper(request_rec *r, char *key)
1179 ap_str_toupper(key);
1184 static char *rewrite_mapfunc_tolower(request_rec *r, char *key)
1186 ap_str_tolower(key);
1191 static char *rewrite_mapfunc_escape(request_rec *r, char *key)
1193 return ap_escape_uri(r->pool, key);
1196 static char *rewrite_mapfunc_unescape(request_rec *r, char *key)
1198 ap_unescape_url(key);
1203 static char *select_random_value_part(request_rec *r, char *value)
1208 /* count number of distinct values */
1209 while ((p = ap_strchr(p, '|')) != NULL) {
1215 n = ap_random_pick(1, n);
1217 /* extract it from the whole string */
1218 while (--n && (value = ap_strchr(value, '|')) != NULL) {
1222 if (value) { /* should not be NULL, but ... */
1223 p = ap_strchr(value, '|');
1233 /* child process code */
1234 static void rewrite_child_errfn(apr_pool_t *p, apr_status_t err,
1237 ap_log_error(APLOG_MARK, APLOG_ERR, err, NULL, APLOGNO(00653) "%s", desc);
1240 static apr_status_t rewritemap_program_child(apr_pool_t *p,
1241 const char *progname, char **argv,
1242 const char *user, const char *group,
1247 apr_procattr_t *procattr;
1248 apr_proc_t *procnew;
1250 if ( APR_SUCCESS == (rc=apr_procattr_create(&procattr, p))
1251 && APR_SUCCESS == (rc=apr_procattr_io_set(procattr, APR_FULL_BLOCK,
1252 APR_FULL_BLOCK, APR_NO_PIPE))
1253 && APR_SUCCESS == (rc=apr_procattr_dir_set(procattr,
1254 ap_make_dirstr_parent(p, argv[0])))
1255 && (!user || APR_SUCCESS == (rc=apr_procattr_user_set(procattr, user, "")))
1256 && (!group || APR_SUCCESS == (rc=apr_procattr_group_set(procattr, group)))
1257 && APR_SUCCESS == (rc=apr_procattr_cmdtype_set(procattr, APR_PROGRAM))
1258 && APR_SUCCESS == (rc=apr_procattr_child_errfn_set(procattr,
1259 rewrite_child_errfn))
1260 && APR_SUCCESS == (rc=apr_procattr_error_check_set(procattr, 1))) {
1262 procnew = apr_pcalloc(p, sizeof(*procnew));
1263 rc = apr_proc_create(procnew, argv[0], (const char **)argv, NULL,
1266 if (rc == APR_SUCCESS) {
1267 apr_pool_note_subprocess(p, procnew, APR_KILL_AFTER_TIMEOUT);
1270 (*fpin) = procnew->in;
1274 (*fpout) = procnew->out;
1282 static apr_status_t run_rewritemap_programs(server_rec *s, apr_pool_t *p)
1284 rewrite_server_conf *conf;
1285 apr_hash_index_t *hi;
1288 conf = ap_get_module_config(s->module_config, &rewrite_module);
1290 /* If the engine isn't turned on,
1291 * don't even try to do anything.
1293 if (conf->state == ENGINE_DISABLED) {
1297 for (hi = apr_hash_first(p, conf->rewritemaps); hi; hi = apr_hash_next(hi)){
1298 apr_file_t *fpin = NULL;
1299 apr_file_t *fpout = NULL;
1300 rewritemap_entry *map;
1303 apr_hash_this(hi, NULL, NULL, &val);
1306 if (map->type != MAPTYPE_PRG) {
1309 if (!(map->argv[0]) || !*(map->argv[0]) || map->fpin || map->fpout) {
1313 rc = rewritemap_program_child(p, map->argv[0], map->argv,
1314 map->user, map->group,
1316 if (rc != APR_SUCCESS || fpin == NULL || fpout == NULL) {
1317 ap_log_error(APLOG_MARK, APLOG_ERR, rc, s, APLOGNO(00654)
1318 "mod_rewrite: could not start RewriteMap "
1319 "program %s", map->checkfile);
1331 * +-------------------------------------------------------+
1333 * | Lookup functions
1335 * +-------------------------------------------------------+
1338 static char *lookup_map_txtfile(request_rec *r, const char *file, char *key)
1340 apr_file_t *fp = NULL;
1341 char line[REWRITE_MAX_TXT_MAP_LINE + 1]; /* +1 for \0 */
1342 char *value, *keylast;
1345 if ((rv = apr_file_open(&fp, file, APR_READ|APR_BUFFERED, APR_OS_DEFAULT,
1346 r->pool)) != APR_SUCCESS)
1348 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(00655)
1349 "mod_rewrite: can't open text RewriteMap file %s", file);
1353 keylast = key + strlen(key);
1355 while (apr_file_gets(line, sizeof(line), fp) == APR_SUCCESS) {
1358 /* ignore comments and lines starting with whitespaces */
1359 if (*line == '#' || apr_isspace(*line)) {
1365 while (c < keylast && *p == *c && !apr_isspace(*p)) {
1370 /* key doesn't match - ignore. */
1371 if (c != keylast || !apr_isspace(*p)) {
1375 /* jump to the value */
1376 while (apr_isspace(*p)) {
1380 /* no value? ignore */
1385 /* extract the value and return. */
1387 while (*p && !apr_isspace(*p)) {
1390 value = apr_pstrmemdup(r->pool, c, p - c);
1398 static char *lookup_map_dbmfile(request_rec *r, const char *file,
1399 const char *dbmtype, char *key)
1401 apr_dbm_t *dbmfp = NULL;
1407 if ((rv = apr_dbm_open_ex(&dbmfp, dbmtype, file, APR_DBM_READONLY,
1408 APR_OS_DEFAULT, r->pool)) != APR_SUCCESS)
1410 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(00656)
1411 "mod_rewrite: can't open DBM RewriteMap %s", file);
1416 dbmkey.dsize = strlen(key);
1418 if (apr_dbm_fetch(dbmfp, dbmkey, &dbmval) == APR_SUCCESS && dbmval.dptr) {
1419 value = apr_pstrmemdup(r->pool, dbmval.dptr, dbmval.dsize);
1425 apr_dbm_close(dbmfp);
1429 static char *lookup_map_dbd(request_rec *r, char *key, const char *label)
1432 apr_dbd_prepared_t *stmt;
1434 apr_dbd_results_t *res = NULL;
1435 apr_dbd_row_t *row = NULL;
1438 ap_dbd_t *db = dbd_acquire(r);
1441 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02963)
1442 "rewritemap: No db handle available! "
1443 "Check your database access");
1447 stmt = apr_hash_get(db->prepared, label, APR_HASH_KEY_STRING);
1449 rv = apr_dbd_pvselect(db->driver, r->pool, db->handle, &res,
1450 stmt, 0, key, NULL);
1452 errmsg = apr_dbd_error(db->driver, db->handle, rv);
1453 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00657)
1454 "rewritemap: error %s querying for %s", errmsg, key);
1457 while ((rv = apr_dbd_get_row(db->driver, r->pool, res, &row, -1)) == 0) {
1460 ret = apr_pstrdup(r->pool,
1461 apr_dbd_get_entry(db->driver, row, 0));
1464 /* randomise crudely amongst multiple results */
1465 if ((double)rand() < (double)RAND_MAX/(double)n) {
1466 ret = apr_pstrdup(r->pool,
1467 apr_dbd_get_entry(db->driver, row, 0));
1472 errmsg = apr_dbd_error(db->driver, db->handle, rv);
1473 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00658)
1474 "rewritemap: error %s looking up %s", errmsg, key);
1482 /* what's a fair rewritelog level for this? */
1483 rewritelog(r, 3, NULL, "Multiple values found for %s", key);
1488 static char *lookup_map_program(request_rec *r, apr_file_t *fpin,
1489 apr_file_t *fpout, char *key)
1493 apr_size_t i, nbytes, combined_len = 0;
1495 const char *eol = APR_EOL_STR;
1496 apr_size_t eolc = 0;
1498 result_list *buflist = NULL, *curbuf = NULL;
1501 struct iovec iova[2];
1505 /* when `RewriteEngine off' was used in the per-server
1506 * context then the rewritemap-programs were not spawned.
1507 * In this case using such a map (usually in per-dir context)
1508 * is useless because it is not available.
1510 * newlines in the key leave bytes in the pipe and cause
1511 * bad things to happen (next map lookup will use the chars
1512 * after the \n instead of the new key etc etc - in other words,
1513 * the Rewritemap falls out of sync with the requests).
1515 if (fpin == NULL || fpout == NULL || ap_strchr(key, '\n')) {
1520 if (rewrite_mapr_lock_acquire) {
1521 rv = apr_global_mutex_lock(rewrite_mapr_lock_acquire);
1522 if (rv != APR_SUCCESS) {
1523 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(00659)
1524 "apr_global_mutex_lock(rewrite_mapr_lock_acquire) "
1526 return NULL; /* Maybe this should be fatal? */
1530 /* write out the request key */
1532 nbytes = strlen(key);
1533 /* XXX: error handling */
1534 apr_file_write_full(fpin, key, nbytes, NULL);
1536 apr_file_write_full(fpin, "\n", nbytes, NULL);
1538 iova[0].iov_base = key;
1539 iova[0].iov_len = strlen(key);
1540 iova[1].iov_base = "\n";
1541 iova[1].iov_len = 1;
1544 /* XXX: error handling */
1545 apr_file_writev_full(fpin, iova, niov, &nbytes);
1548 buf = apr_palloc(r->pool, REWRITE_PRG_MAP_BUF + 1);
1550 /* read in the response value */
1552 apr_file_read(fpout, &c, &nbytes);
1555 while (nbytes == 1 && (i < REWRITE_PRG_MAP_BUF)) {
1556 if (c == eol[eolc]) {
1558 /* remove eol from the buffer */
1561 curbuf->len -= eolc-i;
1572 /* only partial (invalid) eol sequence -> reset the counter */
1577 /* catch binary mode, e.g. on Win32 */
1578 else if (c == '\n') {
1584 apr_file_read(fpout, &c, &nbytes);
1587 /* well, if there wasn't a newline yet, we need to read further */
1588 if (buflist || (nbytes == 1 && !found_nl)) {
1590 curbuf = buflist = apr_palloc(r->pool, sizeof(*buflist));
1593 curbuf->next = apr_palloc(r->pool, sizeof(*buflist));
1594 curbuf = curbuf->next;
1597 curbuf->next = NULL;
1600 curbuf->string = buf;
1603 buf = apr_palloc(r->pool, REWRITE_PRG_MAP_BUF);
1606 if (nbytes == 1 && !found_nl) {
1614 /* concat the stuff */
1618 p = buf = apr_palloc(r->pool, combined_len + 1); /* \0 */
1621 memcpy(p, buflist->string, buflist->len);
1624 buflist = buflist->next;
1633 /* give the lock back */
1634 if (rewrite_mapr_lock_acquire) {
1635 rv = apr_global_mutex_unlock(rewrite_mapr_lock_acquire);
1636 if (rv != APR_SUCCESS) {
1637 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(00660)
1638 "apr_global_mutex_unlock(rewrite_mapr_lock_acquire) "
1640 return NULL; /* Maybe this should be fatal? */
1644 /* catch the "failed" case */
1645 if (i == 4 && !strcasecmp(buf, "NULL")) {
1653 * generic map lookup
1655 static char *lookup_map(request_rec *r, char *name, char *key)
1657 rewrite_server_conf *conf;
1658 rewritemap_entry *s;
1663 /* get map configuration */
1664 conf = ap_get_module_config(r->server->module_config, &rewrite_module);
1665 s = apr_hash_get(conf->rewritemaps, name, APR_HASH_KEY_STRING);
1667 /* map doesn't exist */
1674 * Text file map (perhaps random)
1678 rv = apr_stat(&st, s->checkfile, APR_FINFO_MIN, r->pool);
1679 if (rv != APR_SUCCESS) {
1680 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(00661)
1681 "mod_rewrite: can't access text RewriteMap file %s",
1686 value = get_cache_value(s->cachename, st.mtime, key, r->pool);
1688 rewritelog(r, 6, NULL,
1689 "cache lookup FAILED, forcing new map lookup");
1691 value = lookup_map_txtfile(r, s->datafile, key);
1693 rewritelog(r, 5, NULL, "map lookup FAILED: map=%s[txt] key=%s",
1695 set_cache_value(s->cachename, st.mtime, key, "");
1699 rewritelog(r, 5, NULL, "map lookup OK: map=%s[txt] key=%s -> val=%s",
1701 set_cache_value(s->cachename, st.mtime, key, value);
1704 rewritelog(r, 5, NULL, "cache lookup OK: map=%s[txt] key=%s -> val=%s",
1708 if (s->type == MAPTYPE_RND && *value) {
1709 value = select_random_value_part(r, value);
1710 rewritelog(r, 5, NULL, "randomly chosen the subvalue `%s'",value);
1713 return *value ? value : NULL;
1719 rv = apr_stat(&st, s->checkfile, APR_FINFO_MIN, r->pool);
1720 if (rv != APR_SUCCESS) {
1721 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(00662)
1722 "mod_rewrite: can't access DBM RewriteMap file %s",
1725 else if(s->checkfile2 != NULL) {
1728 rv = apr_stat(&st2, s->checkfile2, APR_FINFO_MIN, r->pool);
1729 if (rv != APR_SUCCESS) {
1730 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(00663)
1731 "mod_rewrite: can't access DBM RewriteMap "
1732 "file %s", s->checkfile2);
1734 else if(st2.mtime > st.mtime) {
1735 st.mtime = st2.mtime;
1738 if(rv != APR_SUCCESS) {
1742 value = get_cache_value(s->cachename, st.mtime, key, r->pool);
1744 rewritelog(r, 6, NULL,
1745 "cache lookup FAILED, forcing new map lookup");
1747 value = lookup_map_dbmfile(r, s->datafile, s->dbmtype, key);
1749 rewritelog(r, 5, NULL, "map lookup FAILED: map=%s[dbm] key=%s",
1751 set_cache_value(s->cachename, st.mtime, key, "");
1755 rewritelog(r, 5, NULL, "map lookup OK: map=%s[dbm] key=%s -> "
1756 "val=%s", name, key, value);
1758 set_cache_value(s->cachename, st.mtime, key, value);
1762 rewritelog(r, 5, NULL, "cache lookup OK: map=%s[dbm] key=%s -> val=%s",
1764 return *value ? value : NULL;
1767 * SQL map without cache
1770 value = lookup_map_dbd(r, key, s->dbdq);
1772 rewritelog(r, 5, NULL, "SQL map lookup FAILED: map %s key=%s",
1777 rewritelog(r, 5, NULL, "SQL map lookup OK: map %s key=%s, val=%s",
1783 * SQL map with cache
1785 case MAPTYPE_DBD_CACHE:
1786 value = get_cache_value(s->cachename, 0, key, r->pool);
1788 rewritelog(r, 6, NULL,
1789 "cache lookup FAILED, forcing new map lookup");
1791 value = lookup_map_dbd(r, key, s->dbdq);
1793 rewritelog(r, 5, NULL, "SQL map lookup FAILED: map %s key=%s",
1795 set_cache_value(s->cachename, 0, key, "");
1799 rewritelog(r, 5, NULL, "SQL map lookup OK: map %s key=%s, val=%s",
1802 set_cache_value(s->cachename, 0, key, value);
1806 rewritelog(r, 5, NULL, "cache lookup OK: map=%s[SQL] key=%s, val=%s",
1808 return *value ? value : NULL;
1814 value = lookup_map_program(r, s->fpin, s->fpout, key);
1816 rewritelog(r, 5, NULL, "map lookup FAILED: map=%s key=%s", name,
1821 rewritelog(r, 5, NULL, "map lookup OK: map=%s key=%s -> val=%s",
1829 value = s->func(r, key);
1831 rewritelog(r, 5, NULL, "map lookup FAILED: map=%s key=%s", name,
1836 rewritelog(r, 5, NULL, "map lookup OK: map=%s key=%s -> val=%s",
1845 * lookup a HTTP header and set VARY note
1847 static const char *lookup_header(const char *name, rewrite_ctx *ctx)
1849 const char *val = apr_table_get(ctx->r->headers_in, name);
1851 /* Skip the 'Vary: Host' header combination
1852 * as indicated in rfc7231 section-7.1.4
1854 if (val && strcasecmp(name, "Host") != 0) {
1855 ctx->vary_this = ctx->vary_this
1856 ? apr_pstrcat(ctx->r->pool, ctx->vary_this, ", ",
1858 : apr_pstrdup(ctx->r->pool, name);
1865 * lookahead helper function
1866 * Determine the correct URI path in perdir context
1868 static APR_INLINE const char *la_u(rewrite_ctx *ctx)
1870 rewrite_perdir_conf *conf;
1872 if (*ctx->uri == '/') {
1876 conf = ap_get_module_config(ctx->r->per_dir_config, &rewrite_module);
1878 return apr_pstrcat(ctx->r->pool, conf->baseurl
1879 ? conf->baseurl : conf->directory,
1884 * generic variable lookup
1886 static char *lookup_variable(char *var, rewrite_ctx *ctx)
1889 request_rec *r = ctx->r;
1890 apr_size_t varlen = strlen(var);
1899 /* fast tests for variable length variables (sic) first */
1900 if (var[3] == ':') {
1901 if (var[4] && !strncasecmp(var, "ENV", 3)) {
1903 result = apr_table_get(r->notes, var);
1906 result = apr_table_get(r->subprocess_env, var);
1909 result = getenv(var);
1912 else if (var[4] && !strncasecmp(var, "SSL", 3) && rewrite_ssl_lookup) {
1913 result = rewrite_ssl_lookup(r->pool, r->server, r->connection, r,
1917 else if (var[4] == ':') {
1922 if (!strncasecmp(var, "HTTP", 4)) {
1923 result = lookup_header(var+5, ctx);
1925 else if (!strncasecmp(var, "LA-U", 4)) {
1926 if (ctx->uri && subreq_ok(r)) {
1927 path = ctx->perdir ? la_u(ctx) : ctx->uri;
1928 rr = ap_sub_req_lookup_uri(path, r, NULL);
1930 result = apr_pstrdup(r->pool, lookup_variable(var+5, ctx));
1932 ap_destroy_sub_req(rr);
1934 rewritelog(r, 5, ctx->perdir, "lookahead: path=%s var=%s "
1935 "-> val=%s", path, var+5, result);
1937 return (char *)result;
1940 else if (!strncasecmp(var, "LA-F", 4)) {
1941 if (ctx->uri && subreq_ok(r)) {
1943 if (ctx->perdir && *path == '/') {
1944 /* sigh, the user wants a file based subrequest, but
1945 * we can't do one, since we don't know what the file
1946 * path is! In this case behave like LA-U.
1948 rr = ap_sub_req_lookup_uri(path, r, NULL);
1952 rewrite_perdir_conf *conf;
1954 conf = ap_get_module_config(r->per_dir_config,
1957 path = apr_pstrcat(r->pool, conf->directory, path,
1961 rr = ap_sub_req_lookup_file(path, r, NULL);
1965 result = apr_pstrdup(r->pool, lookup_variable(var+5, ctx));
1967 ap_destroy_sub_req(rr);
1969 rewritelog(r, 5, ctx->perdir, "lookahead: path=%s var=%s "
1970 "-> val=%s", path, var+5, result);
1972 return (char *)result;
1978 /* well, do it the hard way */
1982 /* can't do this above, because of the getenv call */
1983 ap_str_toupper(var);
1987 if (!strcmp(var, "TIME")) {
1988 apr_time_exp_lt(&tm, apr_time_now());
1989 result = apr_psprintf(r->pool, "%04d%02d%02d%02d%02d%02d",
1990 tm.tm_year+1900, tm.tm_mon+1, tm.tm_mday,
1991 tm.tm_hour, tm.tm_min, tm.tm_sec);
1992 rewritelog(r, 1, ctx->perdir, "RESULT='%s'", result);
1993 return (char *)result;
1995 else if (!strcmp(var, "IPV6")) {
1998 apr_sockaddr_t *addr = r->useragent_addr;
1999 flag = (addr->family == AF_INET6 &&
2000 !IN6_IS_ADDR_V4MAPPED((struct in6_addr *)addr->ipaddr_ptr));
2001 rewritelog(r, 1, ctx->perdir, "IPV6='%s'", flag ? "on" : "off");
2003 rewritelog(r, 1, ctx->perdir, "IPV6='off' (IPv6 is not enabled)");
2005 result = (flag ? "on" : "off");
2010 if (!strcmp(var, "HTTPS")) {
2011 int flag = rewrite_is_https && rewrite_is_https(r->connection);
2012 return apr_pstrdup(r->pool, flag ? "on" : "off");
2019 if (!strcmp(var, "TIME_DAY")) {
2020 apr_time_exp_lt(&tm, apr_time_now());
2021 return apr_psprintf(r->pool, "%02d", tm.tm_mday);
2026 if (!strcmp(var, "TIME_SEC")) {
2027 apr_time_exp_lt(&tm, apr_time_now());
2028 return apr_psprintf(r->pool, "%02d", tm.tm_sec);
2033 if (!strcmp(var, "TIME_MIN")) {
2034 apr_time_exp_lt(&tm, apr_time_now());
2035 return apr_psprintf(r->pool, "%02d", tm.tm_min);
2040 if (!strcmp(var, "TIME_MON")) {
2041 apr_time_exp_lt(&tm, apr_time_now());
2042 return apr_psprintf(r->pool, "%02d", tm.tm_mon+1);
2051 if (var[8] == 'Y' && !strcmp(var, "TIME_WDAY")) {
2052 apr_time_exp_lt(&tm, apr_time_now());
2053 return apr_psprintf(r->pool, "%d", tm.tm_wday);
2055 else if (!strcmp(var, "TIME_YEAR")) {
2056 apr_time_exp_lt(&tm, apr_time_now());
2057 return apr_psprintf(r->pool, "%04d", tm.tm_year+1900);
2062 if (!strcmp(var, "IS_SUBREQ")) {
2063 result = (r->main ? "true" : "false");
2068 if (!strcmp(var, "PATH_INFO")) {
2069 result = r->path_info;
2074 if (!strcmp(var, "AUTH_TYPE")) {
2075 result = r->ap_auth_type;
2080 if (!strcmp(var, "HTTP_HOST")) {
2081 result = lookup_header("Host", ctx);
2086 if (!strcmp(var, "TIME_HOUR")) {
2087 apr_time_exp_lt(&tm, apr_time_now());
2088 return apr_psprintf(r->pool, "%02d", tm.tm_hour);
2097 if (!strcmp(var, "SERVER_NAME")) {
2098 result = ap_get_server_name_for_url(r);
2103 if (*var == 'R' && !strcmp(var, "REMOTE_ADDR")) {
2104 result = r->useragent_ip;
2106 else if (!strcmp(var, "SERVER_ADDR")) {
2107 result = r->connection->local_ip;
2112 if (*var == 'H' && !strcmp(var, "HTTP_ACCEPT")) {
2113 result = lookup_header("Accept", ctx);
2115 else if (!strcmp(var, "THE_REQUEST")) {
2116 result = r->the_request;
2121 if (!strcmp(var, "API_VERSION")) {
2122 return apr_psprintf(r->pool, "%d:%d",
2123 MODULE_MAGIC_NUMBER_MAJOR,
2124 MODULE_MAGIC_NUMBER_MINOR);
2129 if (!strcmp(var, "HTTP_COOKIE")) {
2130 result = lookup_header("Cookie", ctx);
2135 if (*var == 'S' && !strcmp(var, "SERVER_PORT")) {
2136 return apr_psprintf(r->pool, "%u", ap_get_server_port(r));
2138 else if (var[7] == 'H' && !strcmp(var, "REMOTE_HOST")) {
2139 result = ap_get_useragent_host(r, REMOTE_NAME, NULL);
2141 else if (!strcmp(var, "REMOTE_PORT")) {
2142 return apr_itoa(r->pool, r->useragent_addr->port);
2147 if (*var == 'R' && !strcmp(var, "REMOTE_USER")) {
2150 else if (!strcmp(var, "SCRIPT_USER")) {
2151 result = "<unknown>";
2152 if (r->finfo.valid & APR_FINFO_USER) {
2153 apr_uid_name_get((char **)&result, r->finfo.user,
2160 if (!strcmp(var, "REQUEST_URI")) {
2170 if (!strcmp(var, "SCRIPT_GROUP")) {
2171 result = "<unknown>";
2172 if (r->finfo.valid & APR_FINFO_GROUP) {
2173 apr_gid_name_get((char **)&result, r->finfo.group,
2180 if (!strcmp(var, "REMOTE_IDENT")) {
2181 result = ap_get_remote_logname(r);
2186 if (!strcmp(var, "HTTP_REFERER")) {
2187 result = lookup_header("Referer", ctx);
2192 if (!strcmp(var, "QUERY_STRING")) {
2198 if (!strcmp(var, "SERVER_ADMIN")) {
2199 result = r->server->server_admin;
2206 if (!strcmp(var, "DOCUMENT_ROOT")) {
2207 result = ap_document_root(r);
2212 if (*var == 'H' && !strcmp(var, "HTTP_FORWARDED")) {
2213 result = lookup_header("Forwarded", ctx);
2215 else if (*var == 'C' && !strcmp(var, "CONTEXT_PREFIX")) {
2216 result = ap_context_prefix(r);
2218 else if (var[8] == 'M' && !strcmp(var, "REQUEST_METHOD")) {
2221 else if (!strcmp(var, "REQUEST_SCHEME")) {
2222 result = ap_http_scheme(r);
2229 if (!strcmp(var, "HTTP_USER_AGENT")) {
2230 result = lookup_header("User-Agent", ctx);
2235 if (!strcmp(var, "SCRIPT_FILENAME")) {
2236 result = r->filename; /* same as request_filename (16) */
2241 if (!strcmp(var, "SERVER_PROTOCOL")) {
2242 result = r->protocol;
2247 if (!strcmp(var, "SERVER_SOFTWARE")) {
2248 result = ap_get_server_banner();
2255 if (*var == 'C' && !strcmp(var, "CONN_REMOTE_ADDR")) {
2256 result = r->connection->client_ip;
2258 else if (!strcmp(var, "REQUEST_FILENAME")) {
2259 result = r->filename; /* same as script_filename (15) */
2264 if (!strcmp(var, "HTTP_PROXY_CONNECTION")) {
2265 result = lookup_header("Proxy-Connection", ctx);
2267 else if (!strcmp(var, "CONTEXT_DOCUMENT_ROOT")) {
2268 result = ap_context_document_root(r);
2274 return apr_pstrdup(r->pool, result ? result : "");
2279 * +-------------------------------------------------------+
2281 * | Expansion functions
2283 * +-------------------------------------------------------+
2287 * Bracketed expression handling
2288 * s points after the opening bracket
2290 static APR_INLINE char *find_closing_curly(char *s)
2294 for (depth = 1; *s; ++s) {
2295 if (*s == RIGHT_CURLY && --depth == 0) {
2298 else if (*s == LEFT_CURLY) {
2306 static APR_INLINE char *find_char_in_curlies(char *s, int c)
2310 for (depth = 1; *s; ++s) {
2311 if (*s == c && depth == 1) {
2314 else if (*s == RIGHT_CURLY && --depth == 0) {
2317 else if (*s == LEFT_CURLY) {
2325 /* perform all the expansions on the input string
2326 * putting the result into a new string
2328 * for security reasons this expansion must be performed in a
2329 * single pass, otherwise an attacker can arrange for the result
2330 * of an earlier expansion to include expansion specifiers that
2331 * are interpreted by a later expansion, producing results that
2332 * were not intended by the administrator.
2334 static char *do_expand(char *input, rewrite_ctx *ctx, rewriterule_entry *entry, apr_pool_t *pool)
2336 result_list *result, *current;
2337 result_list sresult[SMALL_EXPANSION];
2339 apr_size_t span, inputlen, outlen;
2342 span = strcspn(input, "\\$%");
2343 inputlen = strlen(input);
2346 if (inputlen == span) {
2347 return apr_pstrmemdup(pool, input, inputlen);
2350 /* well, actually something to do */
2351 result = current = &(sresult[spc++]);
2354 current->next = NULL;
2355 current->string = input;
2356 current->len = span;
2359 /* loop for specials */
2361 /* prepare next entry */
2363 current->next = (spc < SMALL_EXPANSION)
2365 : (result_list *)apr_palloc(pool,
2366 sizeof(result_list));
2367 current = current->next;
2368 current->next = NULL;
2372 /* escaped character */
2377 current->string = p;
2381 current->string = ++p;
2386 /* variable or map lookup */
2387 else if (p[1] == '{') {
2390 endp = find_closing_curly(p+2);
2393 current->string = p;
2398 /* variable lookup */
2399 else if (*p == '%') {
2400 p = lookup_variable(apr_pstrmemdup(pool, p+2, endp-p-2), ctx);
2403 current->len = span;
2404 current->string = p;
2410 else { /* *p == '$' */
2414 * To make rewrite maps useful, the lookup key and
2415 * default values must be expanded, so we make
2416 * recursive calls to do the work. For security
2417 * reasons we must never expand a string that includes
2418 * verbatim data from the network. The recursion here
2419 * isn't a problem because the result of expansion is
2420 * only passed to lookup_map() so it cannot be
2421 * re-expanded, only re-looked-up. Another way of
2422 * looking at it is that the recursion is entirely
2423 * driven by the syntax of the nested curly brackets.
2426 key = find_char_in_curlies(p+2, ':');
2429 current->string = p;
2436 map = apr_pstrmemdup(pool, p+2, endp-p-2);
2437 key = map + (key-p-2);
2439 dflt = find_char_in_curlies(key, '|');
2444 /* reuse of key variable as result */
2445 key = lookup_map(ctx->r, map, do_expand(key, ctx, entry, pool));
2447 if (!key && dflt && *dflt) {
2448 key = do_expand(dflt, ctx, entry, pool);
2453 current->len = span;
2454 current->string = key;
2464 else if (apr_isdigit(p[1])) {
2466 backrefinfo *bri = (*p == '$') ? &ctx->briRR : &ctx->briRC;
2468 /* see ap_pregsub() in server/util.c */
2469 if (bri->source && n < AP_MAX_REG_MATCH
2470 && bri->regmatch[n].rm_eo > bri->regmatch[n].rm_so) {
2471 span = bri->regmatch[n].rm_eo - bri->regmatch[n].rm_so;
2472 if (entry && (entry->flags & RULEFLAG_ESCAPEBACKREF)) {
2473 /* escape the backreference */
2475 tmp = apr_pstrmemdup(pool, bri->source + bri->regmatch[n].rm_so, span);
2476 tmp2 = escape_backref(pool, tmp, entry->escapes, entry->flags & RULEFLAG_ESCAPENOPLUS);
2477 rewritelog(ctx->r, 5, ctx->perdir, "escaping backreference '%s' to '%s'",
2480 current->len = span = strlen(tmp2);
2481 current->string = tmp2;
2483 current->len = span;
2484 current->string = bri->source + bri->regmatch[n].rm_so;
2493 /* not for us, just copy it */
2496 current->string = p++;
2500 /* check the remainder */
2501 if (*p && (span = strcspn(p, "\\$%")) > 0) {
2503 current->next = (spc < SMALL_EXPANSION)
2505 : (result_list *)apr_palloc(pool,
2506 sizeof(result_list));
2507 current = current->next;
2508 current->next = NULL;
2511 current->len = span;
2512 current->string = p;
2517 } while (p < input+inputlen);
2519 /* assemble result */
2520 c = p = apr_palloc(pool, outlen + 1); /* don't forget the \0 */
2523 ap_assert(c+result->len <= p+outlen); /* XXX: can be removed after
2524 * extensive testing and
2527 memcpy(c, result->string, result->len);
2530 result = result->next;
2539 * perform all the expansions on the environment variables
2541 static void do_expand_env(data_item *env, rewrite_ctx *ctx)
2546 name = do_expand(env->data, ctx, NULL, ctx->r->pool);
2549 apr_table_unset(ctx->r->subprocess_env, name);
2550 rewritelog(ctx->r, 5, NULL, "unsetting env variable '%s'", name);
2553 if ((val = ap_strchr(name, ':')) != NULL) {
2559 apr_table_set(ctx->r->subprocess_env, name, val);
2560 rewritelog(ctx->r, 5, NULL, "setting env variable '%s' to '%s'",
2571 * perform all the expansions on the cookies
2573 * TODO: use cached time similar to how logging does it
2575 static void add_cookie(request_rec *r, char *s)
2587 /* long-standing default, but can't use ':' in a cookie */
2588 const char *sep = ":";
2590 /* opt-in to ; separator if first character is a ; */
2591 if (s && *s == ';') {
2596 var = apr_strtok(s, sep, &tok_cntx);
2597 val = apr_strtok(NULL, sep, &tok_cntx);
2598 domain = apr_strtok(NULL, sep, &tok_cntx);
2600 if (var && val && domain) {
2601 request_rec *rmain = r;
2605 while (rmain->main) {
2606 rmain = rmain->main;
2609 notename = apr_pstrcat(rmain->pool, var, "_rewrite", NULL);
2610 apr_pool_userdata_get(&data, notename, rmain->pool);
2612 char *exp_time = NULL;
2614 expires = apr_strtok(NULL, sep, &tok_cntx);
2615 path = expires ? apr_strtok(NULL, sep, &tok_cntx) : NULL;
2616 secure = path ? apr_strtok(NULL, sep, &tok_cntx) : NULL;
2617 httponly = secure ? apr_strtok(NULL, sep, &tok_cntx) : NULL;
2623 exp_min = atol(expires);
2625 apr_time_exp_gmt(&tms, r->request_time
2626 + apr_time_from_sec((60 * exp_min)));
2627 exp_time = apr_psprintf(r->pool, "%s, %.2d-%s-%.4d "
2628 "%.2d:%.2d:%.2d GMT",
2629 apr_day_snames[tms.tm_wday],
2631 apr_month_snames[tms.tm_mon],
2633 tms.tm_hour, tms.tm_min, tms.tm_sec);
2637 cookie = apr_pstrcat(rmain->pool,
2639 "; path=", path ? path : "/",
2640 "; domain=", domain,
2641 expires ? (exp_time ? "; expires=" : "")
2643 expires ? (exp_time ? exp_time : "")
2645 (secure && (!ap_cstr_casecmp(secure, "true")
2646 || !strcmp(secure, "1")
2647 || !ap_cstr_casecmp(secure,
2650 (httponly && (!ap_cstr_casecmp(httponly, "true")
2651 || !strcmp(httponly, "1")
2652 || !ap_cstr_casecmp(httponly,
2654 "; HttpOnly" : NULL,
2657 apr_table_addn(rmain->err_headers_out, "Set-Cookie", cookie);
2658 apr_pool_userdata_set("set", notename, NULL, rmain->pool);
2659 rewritelog(rmain, 5, NULL, "setting cookie '%s'", cookie);
2662 rewritelog(rmain, 5, NULL, "skipping already set cookie '%s'",
2670 static void do_expand_cookie(data_item *cookie, rewrite_ctx *ctx)
2673 add_cookie(ctx->r, do_expand(cookie->data, ctx, NULL, ctx->r->pool));
2674 cookie = cookie->next;
2682 * Expand tilde-paths (/~user) through Unix /etc/passwd
2683 * database information (or other OS-specific database)
2685 static char *expand_tildepaths(request_rec *r, char *uri)
2687 if (uri && *uri == '/' && uri[1] == '~') {
2691 while (*p && *p != '/') {
2698 user = apr_pstrmemdup(r->pool, user, p-user);
2699 if (apr_uid_homepath_get(&homedir, user, r->pool) == APR_SUCCESS) {
2701 /* reuse of user variable */
2702 user = homedir + strlen(homedir) - 1;
2703 if (user >= homedir && *user == '/') {
2707 return apr_pstrcat(r->pool, homedir, p, NULL);
2718 #endif /* if APR_HAS_USER */
2722 * +-------------------------------------------------------+
2724 * | rewriting lockfile support
2726 * +-------------------------------------------------------+
2729 static apr_status_t rewritelock_create(server_rec *s, apr_pool_t *p)
2733 /* create the lockfile */
2734 rc = ap_global_mutex_create(&rewrite_mapr_lock_acquire, NULL,
2735 rewritemap_mutex_type, NULL, s, p, 0);
2736 if (rc != APR_SUCCESS) {
2743 static apr_status_t rewritelock_remove(void *data)
2745 /* destroy the rewritelock */
2746 if (rewrite_mapr_lock_acquire) {
2747 apr_global_mutex_destroy(rewrite_mapr_lock_acquire);
2748 rewrite_mapr_lock_acquire = NULL;
2755 * +-------------------------------------------------------+
2757 * | configuration directive handling
2759 * +-------------------------------------------------------+
2763 * own command line parser for RewriteRule and RewriteCond,
2764 * which doesn't have the '\\' problem.
2765 * (returns true on error)
2767 * XXX: what an inclined parser. Seems we have to leave it so
2768 * for backwards compat. *sigh*
2770 static char *parseargline(apr_pool_t *p, char *str, char **a1, char **a2, char **a3)
2774 while (apr_isspace(*str)) {
2779 * determine first argument
2781 quote = (*str == '"' || *str == '\'') ? *str++ : '\0';
2784 for (; *str; ++str) {
2785 if ((apr_isspace(*str) && !quote) || (*str == quote)) {
2788 if (*str == '\\' && apr_isspace(str[1])) {
2795 return "bad argument line: at least two arguments required";
2799 while (apr_isspace(*str)) {
2804 * determine second argument
2806 quote = (*str == '"' || *str == '\'') ? *str++ : '\0';
2809 for (; *str; ++str) {
2810 if ((apr_isspace(*str) && !quote) || (*str == quote)) {
2813 if (*str == '\\' && apr_isspace(str[1])) {
2820 *a3 = NULL; /* 3rd argument is optional */
2825 while (apr_isspace(*str)) {
2830 *a3 = NULL; /* 3rd argument is still optional */
2835 * determine third argument
2837 quote = (*str == '"' || *str == '\'') ? *str++ : '\0';
2839 for (; *str; ++str) {
2840 if ((apr_isspace(*str) && !quote) || (*str == quote)) {
2843 if (*str == '\\' && apr_isspace(str[1])) {
2851 return apr_psprintf(p, "bad flag delimiters: third argument must begin "
2852 "with '[' but found '%c' - too many arguments or rogue "
2853 "whitespace?", **a3);
2855 else if ((*a3)[strlen(*a3)-1] != ']') {
2856 return apr_psprintf(p, "bad flag delimiters: third argument must end "
2857 "with ']' but found '%c' - unintended whitespace within the "
2858 "flags definition?", (*a3)[strlen(*a3)-1]);
2863 static void *config_server_create(apr_pool_t *p, server_rec *s)
2865 rewrite_server_conf *a;
2867 a = (rewrite_server_conf *)apr_pcalloc(p, sizeof(rewrite_server_conf));
2869 a->state = ENGINE_DISABLED;
2870 a->options = OPTION_NONE;
2871 a->rewritemaps = apr_hash_make(p);
2872 a->rewriteconds = apr_array_make(p, 2, sizeof(rewritecond_entry));
2873 a->rewriterules = apr_array_make(p, 2, sizeof(rewriterule_entry));
2879 static void *config_server_merge(apr_pool_t *p, void *basev, void *overridesv)
2881 rewrite_server_conf *a, *base, *overrides;
2883 a = (rewrite_server_conf *)apr_pcalloc(p,
2884 sizeof(rewrite_server_conf));
2885 base = (rewrite_server_conf *)basev;
2886 overrides = (rewrite_server_conf *)overridesv;
2888 a->state = (overrides->state_set == 0) ? base->state : overrides->state;
2889 a->state_set = overrides->state_set || base->state_set;
2890 a->options = (overrides->options_set == 0) ? base->options : overrides->options;
2891 a->options_set = overrides->options_set || base->options_set;
2893 a->server = overrides->server;
2895 if (a->options & OPTION_INHERIT ||
2896 (base->options & OPTION_INHERIT_DOWN &&
2897 !(a->options & OPTION_IGNORE_INHERIT))) {
2899 * local directives override
2900 * and anything else is inherited
2902 a->rewritemaps = apr_hash_overlay(p, overrides->rewritemaps,
2904 a->rewriteconds = apr_array_append(p, overrides->rewriteconds,
2905 base->rewriteconds);
2906 a->rewriterules = apr_array_append(p, overrides->rewriterules,
2907 base->rewriterules);
2909 else if (a->options & OPTION_INHERIT_BEFORE ||
2910 (base->options & OPTION_INHERIT_DOWN_BEFORE &&
2911 !(a->options & OPTION_IGNORE_INHERIT))) {
2913 * local directives override
2914 * and anything else is inherited (preserving order)
2916 a->rewritemaps = apr_hash_overlay(p, base->rewritemaps,
2917 overrides->rewritemaps);
2918 a->rewriteconds = apr_array_append(p, base->rewriteconds,
2919 overrides->rewriteconds);
2920 a->rewriterules = apr_array_append(p, base->rewriterules,
2921 overrides->rewriterules);
2925 * local directives override
2926 * and anything else gets defaults
2928 a->rewritemaps = overrides->rewritemaps;
2929 a->rewriteconds = overrides->rewriteconds;
2930 a->rewriterules = overrides->rewriterules;
2936 static void *config_perdir_create(apr_pool_t *p, char *path)
2938 rewrite_perdir_conf *a;
2940 a = (rewrite_perdir_conf *)apr_pcalloc(p, sizeof(rewrite_perdir_conf));
2942 a->state = ENGINE_DISABLED;
2943 a->options = OPTION_NONE;
2945 a->rewriteconds = apr_array_make(p, 2, sizeof(rewritecond_entry));
2946 a->rewriterules = apr_array_make(p, 2, sizeof(rewriterule_entry));
2949 a->directory = NULL;
2952 /* make sure it has a trailing slash */
2953 if (path[strlen(path)-1] == '/') {
2954 a->directory = apr_pstrdup(p, path);
2957 a->directory = apr_pstrcat(p, path, "/", NULL);
2964 static void *config_perdir_merge(apr_pool_t *p, void *basev, void *overridesv)
2966 rewrite_perdir_conf *a, *base, *overrides;
2968 a = (rewrite_perdir_conf *)apr_pcalloc(p,
2969 sizeof(rewrite_perdir_conf));
2970 base = (rewrite_perdir_conf *)basev;
2971 overrides = (rewrite_perdir_conf *)overridesv;
2973 a->state = (overrides->state_set == 0) ? base->state : overrides->state;
2974 a->state_set = overrides->state_set || base->state_set;
2975 a->options = (overrides->options_set == 0) ? base->options : overrides->options;
2976 a->options_set = overrides->options_set || base->options_set;
2978 if (a->options & OPTION_MERGEBASE) {
2979 a->baseurl = (overrides->baseurl_set == 0) ? base->baseurl : overrides->baseurl;
2980 a->baseurl_set = overrides->baseurl_set || base->baseurl_set;
2983 a->baseurl = overrides->baseurl;
2986 a->directory = overrides->directory;
2988 if (a->options & OPTION_INHERIT ||
2989 (base->options & OPTION_INHERIT_DOWN &&
2990 !(a->options & OPTION_IGNORE_INHERIT))) {
2991 a->rewriteconds = apr_array_append(p, overrides->rewriteconds,
2992 base->rewriteconds);
2993 a->rewriterules = apr_array_append(p, overrides->rewriterules,
2994 base->rewriterules);
2996 else if (a->options & OPTION_INHERIT_BEFORE ||
2997 (base->options & OPTION_INHERIT_DOWN_BEFORE &&
2998 !(a->options & OPTION_IGNORE_INHERIT))) {
2999 a->rewriteconds = apr_array_append(p, base->rewriteconds,
3000 overrides->rewriteconds);
3001 a->rewriterules = apr_array_append(p, base->rewriterules,
3002 overrides->rewriterules);
3005 a->rewriteconds = overrides->rewriteconds;
3006 a->rewriterules = overrides->rewriterules;
3012 static const char *cmd_rewriteengine(cmd_parms *cmd,
3013 void *in_dconf, int flag)
3015 rewrite_perdir_conf *dconf = in_dconf;
3016 rewrite_server_conf *sconf;
3018 sconf = ap_get_module_config(cmd->server->module_config, &rewrite_module);
3020 /* server command? set both global scope and base directory scope */
3021 if (cmd->path == NULL) {
3022 sconf->state = (flag ? ENGINE_ENABLED : ENGINE_DISABLED);
3023 sconf->state_set = 1;
3024 dconf->state = sconf->state;
3025 dconf->state_set = 1;
3027 /* directory command? set directory scope only */
3029 dconf->state = (flag ? ENGINE_ENABLED : ENGINE_DISABLED);
3030 dconf->state_set = 1;
3036 static const char *cmd_rewriteoptions(cmd_parms *cmd,
3037 void *in_dconf, const char *option)
3042 char *w = ap_getword_conf(cmd->temp_pool, &option);
3044 if (!strcasecmp(w, "inherit")) {
3045 options |= OPTION_INHERIT;
3047 else if (!strcasecmp(w, "inheritbefore")) {
3048 options |= OPTION_INHERIT_BEFORE;
3050 else if (!strcasecmp(w, "inheritdown")) {
3051 options |= OPTION_INHERIT_DOWN;
3053 else if(!strcasecmp(w, "inheritdownbefore")) {
3054 options |= OPTION_INHERIT_DOWN_BEFORE;
3056 else if (!strcasecmp(w, "ignoreinherit")) {
3057 options |= OPTION_IGNORE_INHERIT;
3059 else if (!strcasecmp(w, "allownoslash")) {
3060 options |= OPTION_NOSLASH;
3062 else if (!strncasecmp(w, "MaxRedirects=", 13)) {
3063 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server, APLOGNO(00664)
3064 "RewriteOptions: MaxRedirects option has been "
3065 "removed in favor of the global "
3066 "LimitInternalRecursion directive and will be "
3069 else if (!strcasecmp(w, "allowanyuri")) {
3070 options |= OPTION_ANYURI;
3072 else if (!strcasecmp(w, "mergebase")) {
3073 options |= OPTION_MERGEBASE;
3075 else if (!strcasecmp(w, "ignorecontextinfo")) {
3076 options |= OPTION_IGNORE_CONTEXT_INFO;
3078 else if (!strcasecmp(w, "legacyprefixdocroot")) {
3079 options |= OPTION_LEGACY_PREFIX_DOCROOT;
3081 else if (!strcasecmp(w, "LongURLOptimization")) {
3082 options |= OPTION_LONGOPT;
3085 return apr_pstrcat(cmd->pool, "RewriteOptions: unknown option '",
3090 /* server command? set both global scope and base directory scope */
3091 if (cmd->path == NULL) { /* is server command */
3092 rewrite_perdir_conf *dconf = in_dconf;
3093 rewrite_server_conf *sconf =
3094 ap_get_module_config(cmd->server->module_config,
3097 sconf->options |= options;
3098 sconf->options_set = 1;
3099 dconf->options |= options;
3100 dconf->options_set = 1;
3102 /* directory command? set directory scope only */
3103 else { /* is per-directory command */
3104 rewrite_perdir_conf *dconf = in_dconf;
3106 dconf->options |= options;
3107 dconf->options_set = 1;
3113 static const char *cmd_rewritemap(cmd_parms *cmd, void *dconf, const char *a1,
3114 const char *a2, const char *a3)
3116 rewrite_server_conf *sconf;
3117 rewritemap_entry *newmap;
3121 sconf = ap_get_module_config(cmd->server->module_config, &rewrite_module);
3123 newmap = apr_pcalloc(cmd->pool, sizeof(rewritemap_entry));
3125 if (strncasecmp(a2, "txt:", 4) == 0) {
3126 if ((fname = ap_server_root_relative(cmd->pool, a2+4)) == NULL) {
3127 return apr_pstrcat(cmd->pool, "RewriteMap: bad path to txt map: ",
3131 newmap->type = MAPTYPE_TXT;
3132 newmap->datafile = fname;
3133 newmap->checkfile = fname;
3134 newmap->cachename = apr_psprintf(cmd->pool, "%pp:%s",
3135 (void *)cmd->server, a1);
3137 else if (strncasecmp(a2, "rnd:", 4) == 0) {
3138 if ((fname = ap_server_root_relative(cmd->pool, a2+4)) == NULL) {
3139 return apr_pstrcat(cmd->pool, "RewriteMap: bad path to rnd map: ",
3143 newmap->type = MAPTYPE_RND;
3144 newmap->datafile = fname;
3145 newmap->checkfile = fname;
3146 newmap->cachename = apr_psprintf(cmd->pool, "%pp:%s",
3147 (void *)cmd->server, a1);
3149 else if (strncasecmp(a2, "dbm", 3) == 0) {
3152 newmap->type = MAPTYPE_DBM;
3154 newmap->cachename = apr_psprintf(cmd->pool, "%pp:%s",
3155 (void *)cmd->server, a1);
3158 newmap->dbmtype = "default";
3161 else if (a2[3] == '=') {
3162 const char *colon = ap_strchr_c(a2 + 4, ':');
3165 newmap->dbmtype = apr_pstrndup(cmd->pool, a2 + 4,
3166 colon - (a2 + 3) - 1);
3172 return apr_pstrcat(cmd->pool, "RewriteMap: bad map:",
3176 if ((newmap->datafile = ap_server_root_relative(cmd->pool,
3178 return apr_pstrcat(cmd->pool, "RewriteMap: bad path to dbm map: ",
3182 rv = apr_dbm_get_usednames_ex(cmd->pool, newmap->dbmtype,
3183 newmap->datafile, &newmap->checkfile,
3184 &newmap->checkfile2);
3185 if (rv != APR_SUCCESS) {
3186 return apr_pstrcat(cmd->pool, "RewriteMap: dbm type ",
3187 newmap->dbmtype, " is invalid", NULL);
3190 else if ((strncasecmp(a2, "dbd:", 4) == 0)
3191 || (strncasecmp(a2, "fastdbd:", 8) == 0)) {
3192 if (dbd_prepare == NULL) {
3193 return "RewriteMap types dbd and fastdbd require mod_dbd!";
3195 if ((a2[0] == 'd') || (a2[0] == 'D')) {
3196 newmap->type = MAPTYPE_DBD;
3200 newmap->type = MAPTYPE_DBD_CACHE;
3202 newmap->cachename = apr_psprintf(cmd->pool, "%pp:%s",
3203 (void *)cmd->server, a1);
3206 dbd_prepare(cmd->server, fname, newmap->dbdq);
3208 else if (strncasecmp(a2, "prg:", 4) == 0) {
3209 apr_tokenize_to_argv(a2 + 4, &newmap->argv, cmd->pool);
3211 fname = newmap->argv[0];
3212 if ((newmap->argv[0] = ap_server_root_relative(cmd->pool,
3214 return apr_pstrcat(cmd->pool, "RewriteMap: bad path to prg map: ",
3218 newmap->type = MAPTYPE_PRG;
3219 newmap->checkfile = newmap->argv[0];
3220 rewrite_lock_needed = 1;
3224 newmap->user = apr_strtok(apr_pstrdup(cmd->pool, a3), ":", &tok_cntx);
3225 newmap->group = apr_strtok(NULL, ":", &tok_cntx);
3228 else if (strncasecmp(a2, "int:", 4) == 0) {
3229 newmap->type = MAPTYPE_INT;
3230 newmap->func = (char *(*)(request_rec *,char *))
3231 apr_hash_get(mapfunc_hash, a2+4, strlen(a2+4));
3232 if (newmap->func == NULL) {
3233 return apr_pstrcat(cmd->pool, "RewriteMap: internal map not found:",
3238 if ((fname = ap_server_root_relative(cmd->pool, a2)) == NULL) {
3239 return apr_pstrcat(cmd->pool, "RewriteMap: bad path to txt map: ",
3243 newmap->type = MAPTYPE_TXT;
3244 newmap->datafile = fname;
3245 newmap->checkfile = fname;
3246 newmap->cachename = apr_psprintf(cmd->pool, "%pp:%s",
3247 (void *)cmd->server, a1);
3250 if (newmap->checkfile
3251 && (apr_stat(&st, newmap->checkfile, APR_FINFO_MIN,
3252 cmd->pool) != APR_SUCCESS)) {
3253 return apr_pstrcat(cmd->pool,
3254 "RewriteMap: file for map ", a1,
3255 " not found:", newmap->checkfile, NULL);
3258 apr_hash_set(sconf->rewritemaps, a1, APR_HASH_KEY_STRING, newmap);
3263 static const char *cmd_rewritebase(cmd_parms *cmd, void *in_dconf,
3266 rewrite_perdir_conf *dconf = in_dconf;
3268 if (cmd->path == NULL || dconf == NULL) {
3269 return "RewriteBase: only valid in per-directory config files";
3271 if (a1[0] == '\0') {
3272 return "RewriteBase: empty URL not allowed";
3275 return "RewriteBase: argument is not a valid URL";
3278 dconf->baseurl = a1;
3279 dconf->baseurl_set = 1;
3285 * generic lexer for RewriteRule and RewriteCond flags.
3286 * The parser will be passed in as a function pointer
3287 * and called if a flag was found
3289 static const char *cmd_parseflagfield(apr_pool_t *p, void *cfg, char *key,
3290 const char *(*parse)(apr_pool_t *,
3294 char *val, *nextp, *endp;
3297 endp = key + strlen(key) - 1;
3298 /* This should have been checked before, but just in case... */
3299 if (*key != '[' || *endp != ']') {
3300 return "bad flag delimiters";
3303 *endp = ','; /* for simpler parsing */
3307 /* skip leading spaces */
3308 while (apr_isspace(*key)) {
3312 if (!*key || (nextp = ap_strchr(key, ',')) == NULL) { /* NULL should not
3318 /* strip trailing spaces */
3320 while (apr_isspace(*endp)) {
3325 /* split key and val */
3326 val = ap_strchr(key, '=');
3334 err = parse(p, cfg, key, val);
3345 static const char *cmd_rewritecond_setflag(apr_pool_t *p, void *_cfg,
3346 char *key, char *val)
3348 rewritecond_entry *cfg = _cfg;
3350 if ( strcasecmp(key, "nocase") == 0
3351 || strcasecmp(key, "NC") == 0 ) {
3352 cfg->flags |= CONDFLAG_NOCASE;
3354 else if ( strcasecmp(key, "ornext") == 0
3355 || strcasecmp(key, "OR") == 0 ) {
3356 cfg->flags |= CONDFLAG_ORNEXT;
3358 else if ( strcasecmp(key, "novary") == 0
3359 || strcasecmp(key, "NV") == 0 ) {
3360 cfg->flags |= CONDFLAG_NOVARY;
3363 return apr_pstrcat(p, "unknown flag '", key, "'", NULL);
3368 static const char *cmd_rewritecond(cmd_parms *cmd, void *in_dconf,
3371 rewrite_perdir_conf *dconf = in_dconf;
3372 char *str = apr_pstrdup(cmd->pool, in_str);
3373 rewrite_server_conf *sconf;
3374 rewritecond_entry *newcond;
3376 char *a1 = NULL, *a2 = NULL, *a3 = NULL;
3379 sconf = ap_get_module_config(cmd->server->module_config, &rewrite_module);
3381 /* make a new entry in the internal temporary rewrite rule list */
3382 if (cmd->path == NULL) { /* is server command */
3383 newcond = apr_array_push(sconf->rewriteconds);
3385 else { /* is per-directory command */
3386 newcond = apr_array_push(dconf->rewriteconds);
3389 /* parse the argument line ourself
3390 * a1 .. a3 are substrings of str, which is a fresh copy
3391 * of the argument line. So we can use a1 .. a3 without
3392 * copying them again.
3394 if ((err = parseargline(cmd->pool, str, &a1, &a2, &a3))) {
3395 return apr_psprintf(cmd->pool, "RewriteCond: %s "
3396 "(TestString=%s, CondPattern=%s, flags=%s)",
3400 /* arg1: the input string */
3401 newcond->input = a1;
3403 /* arg3: optional flags field
3404 * (this has to be parsed first, because we need to
3405 * know if the regex should be compiled with ICASE!)
3407 newcond->flags = CONDFLAG_NONE;
3409 if ((err = cmd_parseflagfield(cmd->pool, newcond, a3,
3410 cmd_rewritecond_setflag)) != NULL) {
3411 return apr_pstrcat(cmd->pool, "RewriteCond: ", err, NULL);
3415 /* arg2: the pattern */
3416 newcond->pattern = a2;
3418 newcond->flags |= CONDFLAG_NOTMATCH;
3422 /* determine the pattern type */
3423 newcond->ptype = CONDPAT_REGEX;
3424 if (strcasecmp(a1, "expr") == 0) {
3425 newcond->ptype = CONDPAT_AP_EXPR;
3427 else if (*a2 && a2[1]) {
3431 case 'f': newcond->ptype = CONDPAT_FILE_EXISTS; break;
3432 case 's': newcond->ptype = CONDPAT_FILE_SIZE; break;
3433 case 'd': newcond->ptype = CONDPAT_FILE_DIR; break;
3434 case 'x': newcond->ptype = CONDPAT_FILE_XBIT; break;
3435 case 'h': newcond->ptype = CONDPAT_FILE_LINK; break;
3436 case 'L': newcond->ptype = CONDPAT_FILE_LINK; break;
3437 case 'l': newcond->ptype = CONDPAT_FILE_LINK; break;
3438 case 'U': newcond->ptype = CONDPAT_LU_URL; break;
3439 case 'F': newcond->ptype = CONDPAT_LU_FILE; break;
3447 newcond->ptype = CONDPAT_INT_LT;
3449 else if (a2[2] == 'e') {
3451 newcond->ptype = CONDPAT_INT_LE;
3458 newcond->ptype = CONDPAT_INT_GT;
3460 else if (a2[2] == 'e') {
3462 newcond->ptype = CONDPAT_INT_GE;
3469 newcond->ptype = CONDPAT_INT_EQ;
3475 /* Inversion, ensure !-ne == -eq */
3477 newcond->ptype = CONDPAT_INT_EQ;
3478 newcond->flags ^= CONDFLAG_NOTMATCH;
3486 case '>': if (*++a2 == '=')
3487 ++a2, newcond->ptype = CONDPAT_STR_GE;
3489 newcond->ptype = CONDPAT_STR_GT;
3492 case '<': if (*++a2 == '=')
3493 ++a2, newcond->ptype = CONDPAT_STR_LE;
3495 newcond->ptype = CONDPAT_STR_LT;
3498 case '=': newcond->ptype = CONDPAT_STR_EQ;
3499 /* "" represents an empty string */
3500 if (*++a2 == '"' && a2[1] == '"' && !a2[2])
3507 if ((newcond->ptype != CONDPAT_REGEX) &&
3508 (newcond->ptype < CONDPAT_STR_LT || newcond->ptype > CONDPAT_STR_GE) &&
3509 (newcond->flags & CONDFLAG_NOCASE)) {
3510 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server, APLOGNO(00665)
3511 "RewriteCond: NoCase option for non-regex pattern '%s' "
3512 "is not supported and will be ignored. (%s:%d)", a2,
3513 cmd->directive->filename, cmd->directive->line_num);
3514 newcond->flags &= ~CONDFLAG_NOCASE;
3517 newcond->pskip = a2 - newcond->pattern;
3518 newcond->pattern += newcond->pskip;
3520 if (newcond->ptype == CONDPAT_REGEX) {
3521 regexp = ap_pregcomp(cmd->pool, a2,
3522 AP_REG_EXTENDED | ((newcond->flags & CONDFLAG_NOCASE)
3523 ? AP_REG_ICASE : 0));
3525 return apr_pstrcat(cmd->pool, "RewriteCond: cannot compile regular "
3526 "expression '", a2, "'", NULL);
3529 newcond->regexp = regexp;
3531 else if (newcond->ptype == CONDPAT_AP_EXPR) {
3532 unsigned int flags = newcond->flags & CONDFLAG_NOVARY ?
3533 AP_EXPR_FLAG_DONT_VARY : 0;
3534 newcond->expr = ap_expr_parse_cmd(cmd, a2, flags, &err, NULL);
3536 return apr_psprintf(cmd->pool, "RewriteCond: cannot compile "
3537 "expression \"%s\": %s", a2, err);
3543 static const char *cmd_rewriterule_setflag(apr_pool_t *p, void *_cfg,
3544 char *key, char *val)
3546 rewriterule_entry *cfg = _cfg;
3552 if (!*key || !strcasecmp(key, "ackrefescaping")) {
3553 cfg->flags |= RULEFLAG_ESCAPEBACKREF;
3558 else if (!strcasecmp(key, "NP") || !strcasecmp(key, "ackrefernoplus")) {
3559 cfg->flags |= RULEFLAG_ESCAPENOPLUS;
3567 if (!*key || !strcasecmp(key, "hain")) { /* chain */
3568 cfg->flags |= RULEFLAG_CHAIN;
3570 else if (((*key == 'O' || *key == 'o') && !key[1])
3571 || !strcasecmp(key, "ookie")) { /* cookie */
3572 data_item *cp = cfg->cookie;
3575 cp = cfg->cookie = apr_palloc(p, sizeof(*cp));
3581 cp->next = apr_palloc(p, sizeof(*cp));
3594 if (!*key || !strcasecmp(key, "PI") || !strcasecmp(key,"iscardpath")) {
3595 cfg->flags |= (RULEFLAG_DISCARDPATHINFO);
3600 if (!*key || !strcasecmp(key, "nv")) { /* env */
3601 data_item *cp = cfg->env;
3604 cp = cfg->env = apr_palloc(p, sizeof(*cp));
3610 cp->next = apr_palloc(p, sizeof(*cp));
3617 else if (!strcasecmp(key, "nd")) { /* end */
3618 cfg->flags |= RULEFLAG_END;
3627 if (!*key || !strcasecmp(key, "orbidden")) { /* forbidden */
3628 cfg->flags |= (RULEFLAG_STATUS | RULEFLAG_NOSUB);
3629 cfg->forced_responsecode = HTTP_FORBIDDEN;
3638 if (!*key || !strcasecmp(key, "one")) { /* gone */
3639 cfg->flags |= (RULEFLAG_STATUS | RULEFLAG_NOSUB);
3640 cfg->forced_responsecode = HTTP_GONE;
3649 if (!*key || !strcasecmp(key, "andler")) { /* handler */
3650 cfg->forced_handler = val;
3658 if (!*key || !strcasecmp(key, "ast")) { /* last */
3659 cfg->flags |= RULEFLAG_LASTRULE;
3668 if (((*key == 'E' || *key == 'e') && !key[1])
3669 || !strcasecmp(key, "oescape")) { /* noescape */
3670 cfg->flags |= RULEFLAG_NOESCAPE;
3672 else if (!*key || !strcasecmp(key, "ext")) { /* next */
3673 cfg->flags |= RULEFLAG_NEWROUND;
3675 cfg->maxrounds = atoi(val);
3679 else if (((*key == 'S' || *key == 's') && !key[1])
3680 || !strcasecmp(key, "osubreq")) { /* nosubreq */
3681 cfg->flags |= RULEFLAG_IGNOREONSUBREQ;
3683 else if (((*key == 'C' || *key == 'c') && !key[1])
3684 || !strcasecmp(key, "ocase")) { /* nocase */
3685 cfg->flags |= RULEFLAG_NOCASE;
3694 if (!*key || !strcasecmp(key, "roxy")) { /* proxy */
3695 cfg->flags |= RULEFLAG_PROXY;
3697 else if (((*key == 'T' || *key == 't') && !key[1])
3698 || !strcasecmp(key, "assthrough")) { /* passthrough */
3699 cfg->flags |= RULEFLAG_PASSTHROUGH;
3708 if ( !strcasecmp(key, "SA")
3709 || !strcasecmp(key, "sappend")) { /* qsappend */
3710 cfg->flags |= RULEFLAG_QSAPPEND;
3711 } else if ( !strcasecmp(key, "SD")
3712 || !strcasecmp(key, "sdiscard") ) { /* qsdiscard */
3713 cfg->flags |= RULEFLAG_QSDISCARD;
3714 } else if ( !strcasecmp(key, "SL")
3715 || !strcasecmp(key, "slast") ) { /* qslast */
3716 cfg->flags |= RULEFLAG_QSLAST;
3725 if (!*key || !strcasecmp(key, "edirect")) { /* redirect */
3728 cfg->flags |= RULEFLAG_FORCEREDIRECT;
3730 if (strcasecmp(val, "permanent") == 0) {
3731 status = HTTP_MOVED_PERMANENTLY;
3733 else if (strcasecmp(val, "temp") == 0) {
3734 status = HTTP_MOVED_TEMPORARILY;
3736 else if (strcasecmp(val, "seeother") == 0) {
3737 status = HTTP_SEE_OTHER;
3739 else if (apr_isdigit(*val)) {
3741 if (status != HTTP_INTERNAL_SERVER_ERROR) {
3743 ap_index_of_response(HTTP_INTERNAL_SERVER_ERROR);
3745 if (ap_index_of_response(status) == idx) {
3746 return apr_psprintf(p, "invalid HTTP "
3747 "response code '%s' for "
3752 if (!ap_is_HTTP_REDIRECT(status)) {
3753 cfg->flags |= (RULEFLAG_STATUS | RULEFLAG_NOSUB);
3756 cfg->forced_responsecode = status;
3766 if (!*key || !strcasecmp(key, "kip")) { /* skip */
3767 cfg->skip = atoi(val);
3776 if (!*key || !strcasecmp(key, "ype")) { /* type */
3777 cfg->forced_mimetype = val;
3789 return apr_pstrcat(p, "unknown flag '", --key, "'", NULL);
3795 static const char *cmd_rewriterule(cmd_parms *cmd, void *in_dconf,
3798 rewrite_perdir_conf *dconf = in_dconf;
3799 char *str = apr_pstrdup(cmd->pool, in_str);
3800 rewrite_server_conf *sconf;
3801 rewriterule_entry *newrule;
3803 char *a1 = NULL, *a2 = NULL, *a3 = NULL;
3806 sconf = ap_get_module_config(cmd->server->module_config, &rewrite_module);
3808 /* make a new entry in the internal rewrite rule list */
3809 if (cmd->path == NULL) { /* is server command */
3810 newrule = apr_array_push(sconf->rewriterules);
3812 else { /* is per-directory command */
3813 newrule = apr_array_push(dconf->rewriterules);
3816 /* parse the argument line ourself */
3817 if ((err = parseargline(cmd->pool, str, &a1, &a2, &a3))) {
3818 return apr_psprintf(cmd->pool, "RewriteRule: %s "
3819 "(pattern='%s', substitution='%s', flags='%s')",
3823 /* arg3: optional flags field */
3824 newrule->forced_mimetype = NULL;
3825 newrule->forced_handler = NULL;
3826 newrule->forced_responsecode = HTTP_MOVED_TEMPORARILY;
3827 newrule->flags = RULEFLAG_NONE;
3828 newrule->env = NULL;
3829 newrule->cookie = NULL;
3831 newrule->maxrounds = REWRITE_MAX_ROUNDS;
3833 if ((err = cmd_parseflagfield(cmd->pool, newrule, a3,
3834 cmd_rewriterule_setflag)) != NULL) {
3835 return apr_pstrcat(cmd->pool, "RewriteRule: ", err, NULL);
3839 /* arg1: the pattern
3840 * try to compile the regexp to test if is ok
3843 newrule->flags |= RULEFLAG_NOTMATCH;
3847 regexp = ap_pregcomp(cmd->pool, a1, AP_REG_EXTENDED |
3848 ((newrule->flags & RULEFLAG_NOCASE)
3849 ? AP_REG_ICASE : 0));
3851 return apr_pstrcat(cmd->pool,
3852 "RewriteRule: cannot compile regular expression '",
3856 newrule->pattern = a1;
3857 newrule->regexp = regexp;
3859 /* arg2: the output string */
3860 newrule->output = a2;
3861 if (*a2 == '-' && !a2[1]) {
3862 newrule->flags |= RULEFLAG_NOSUB;
3865 /* now, if the server or per-dir config holds an
3866 * array of RewriteCond entries, we take it for us
3867 * and clear the array
3869 if (cmd->path == NULL) { /* is server command */
3870 newrule->rewriteconds = sconf->rewriteconds;
3871 sconf->rewriteconds = apr_array_make(cmd->pool, 2,
3872 sizeof(rewritecond_entry));
3874 else { /* is per-directory command */
3875 newrule->rewriteconds = dconf->rewriteconds;
3876 dconf->rewriteconds = apr_array_make(cmd->pool, 2,
3877 sizeof(rewritecond_entry));
3885 * +-------------------------------------------------------+
3887 * | the rewriting engine
3889 * +-------------------------------------------------------+
3892 /* Lexicographic Compare */
3893 static APR_INLINE int compare_lexicography(char *a, char *b)
3895 apr_size_t i, lena, lenb;
3901 for (i = 0; i < lena; ++i) {
3903 return ((unsigned char)a[i] > (unsigned char)b[i]) ? 1 : -1;
3910 return ((lena > lenb) ? 1 : -1);
3914 * Apply a single rewriteCond
3916 static int apply_rewrite_cond(rewritecond_entry *p, rewrite_ctx *ctx, apr_pool_t *pool)
3920 request_rec *rsub, *r = ctx->r;
3921 ap_regmatch_t regmatch[AP_MAX_REG_MATCH];
3925 if (p->ptype != CONDPAT_AP_EXPR)
3926 input = do_expand(p->input, ctx, NULL, pool);
3929 case CONDPAT_FILE_EXISTS:
3930 if ( apr_stat(&sb, input, APR_FINFO_MIN, r->pool) == APR_SUCCESS
3931 && sb.filetype == APR_REG) {
3936 case CONDPAT_FILE_SIZE:
3937 if ( apr_stat(&sb, input, APR_FINFO_MIN, r->pool) == APR_SUCCESS
3938 && sb.filetype == APR_REG && sb.size > 0) {
3943 case CONDPAT_FILE_LINK:
3945 if ( apr_stat(&sb, input, APR_FINFO_MIN | APR_FINFO_LINK,
3946 r->pool) == APR_SUCCESS
3947 && sb.filetype == APR_LNK) {
3953 case CONDPAT_FILE_DIR:
3954 if ( apr_stat(&sb, input, APR_FINFO_MIN, r->pool) == APR_SUCCESS
3955 && sb.filetype == APR_DIR) {
3960 case CONDPAT_FILE_XBIT:
3961 if ( apr_stat(&sb, input, APR_FINFO_PROT, r->pool) == APR_SUCCESS
3962 && (sb.protection & (APR_UEXECUTE | APR_GEXECUTE | APR_WEXECUTE))) {
3967 case CONDPAT_LU_URL:
3968 if (*input && subreq_ok(r)) {
3969 rsub = ap_sub_req_lookup_uri(input, r, NULL);
3970 if (rsub->status < 400) {
3973 rewritelog(r, 5, NULL, "RewriteCond URI (-U check: "
3974 "path=%s -> status=%d", input, rsub->status);
3975 ap_destroy_sub_req(rsub);
3979 case CONDPAT_LU_FILE:
3980 if (*input && subreq_ok(r)) {
3981 rsub = ap_sub_req_lookup_file(input, r, NULL);
3982 if (rsub->status < 300 &&
3983 /* double-check that file exists since default result is 200 */
3984 apr_stat(&sb, rsub->filename, APR_FINFO_MIN,
3985 r->pool) == APR_SUCCESS) {
3988 rewritelog(r, 5, NULL, "RewriteCond file (-F check: path=%s "
3989 "-> file=%s status=%d", input, rsub->filename,
3991 ap_destroy_sub_req(rsub);
3995 case CONDPAT_STR_GE:
3998 case CONDPAT_STR_GT:
4001 if (p->flags & CONDFLAG_NOCASE) {
4002 rc = (strcasecmp(input, p->pattern) >= basis) ? 1 : 0;
4005 rc = (compare_lexicography(input, p->pattern) >= basis) ? 1 : 0;
4009 case CONDPAT_STR_LE:
4012 case CONDPAT_STR_LT:
4015 if (p->flags & CONDFLAG_NOCASE) {
4016 rc = (strcasecmp(input, p->pattern) <= basis) ? 1 : 0;
4019 rc = (compare_lexicography(input, p->pattern) <= basis) ? 1 : 0;
4023 case CONDPAT_STR_EQ:
4024 /* Note: the only type where the operator is dropped from p->pattern */
4025 if (p->flags & CONDFLAG_NOCASE) {
4026 rc = !strcasecmp(input, p->pattern);
4029 rc = !strcmp(input, p->pattern);
4033 case CONDPAT_INT_GE: rc = (atoi(input) >= atoi(p->pattern)); break;
4034 case CONDPAT_INT_GT: rc = (atoi(input) > atoi(p->pattern)); break;
4036 case CONDPAT_INT_LE: rc = (atoi(input) <= atoi(p->pattern)); break;
4037 case CONDPAT_INT_LT: rc = (atoi(input) < atoi(p->pattern)); break;
4039 case CONDPAT_INT_EQ: rc = (atoi(input) == atoi(p->pattern)); break;
4041 case CONDPAT_AP_EXPR:
4043 const char *err, *source;
4044 rc = ap_expr_exec_re(r, p->expr, AP_MAX_REG_MATCH, regmatch,
4046 if (rc < 0 || err) {
4047 rewritelog(r, 1, ctx->perdir,
4048 "RewriteCond: expr='%s' evaluation failed: %s",
4049 p->pattern - p->pskip, err);
4052 /* update briRC backref info */
4053 if (rc && !(p->flags & CONDFLAG_NOTMATCH)) {
4054 ctx->briRC.source = source;
4055 memcpy(ctx->briRC.regmatch, regmatch, sizeof(regmatch));
4060 /* it is really a regexp pattern, so apply it */
4061 rc = !ap_regexec(p->regexp, input, AP_MAX_REG_MATCH, regmatch, 0);
4063 /* update briRC backref info */
4064 if (rc && !(p->flags & CONDFLAG_NOTMATCH)) {
4065 ctx->briRC.source = input;
4066 memcpy(ctx->briRC.regmatch, regmatch, sizeof(regmatch));
4071 if (p->flags & CONDFLAG_NOTMATCH) {
4075 rewritelog(r, 4, ctx->perdir, "RewriteCond: input='%s' pattern='%s'%s "
4076 "=> %s", input, p->pattern - p->pskip,
4077 (p->flags & CONDFLAG_NOCASE) ? " [NC]" : "",
4078 rc ? "matched" : "not-matched");
4083 /* check for forced type and handler */
4084 static APR_INLINE void force_type_handler(rewriterule_entry *p,
4089 if (p->forced_mimetype) {
4090 expanded = do_expand(p->forced_mimetype, ctx, p, ctx->r->pool);
4093 ap_str_tolower(expanded);
4095 rewritelog(ctx->r, 2, ctx->perdir, "remember %s to have MIME-type "
4096 "'%s'", ctx->r->filename, expanded);
4098 apr_table_setn(ctx->r->notes, REWRITE_FORCED_MIMETYPE_NOTEVAR,
4103 if (p->forced_handler) {
4104 expanded = do_expand(p->forced_handler, ctx, p, ctx->r->pool);
4107 ap_str_tolower(expanded);
4109 rewritelog(ctx->r, 2, ctx->perdir, "remember %s to have "
4110 "Content-handler '%s'", ctx->r->filename, expanded);
4112 apr_table_setn(ctx->r->notes, REWRITE_FORCED_HANDLER_NOTEVAR,
4119 * Apply a single RewriteRule
4121 static int apply_rewrite_rule(rewriterule_entry *p, rewrite_ctx *ctx)
4123 ap_regmatch_t regmatch[AP_MAX_REG_MATCH];
4124 apr_array_header_t *rewriteconds;
4125 rewritecond_entry *conds;
4127 char *newuri = NULL;
4128 request_rec *r = ctx->r;
4129 int is_proxyreq = 0;
4131 ctx->uri = r->filename;
4134 apr_size_t dirlen = strlen(ctx->perdir);
4139 is_proxyreq = ( r->proxyreq && r->filename
4140 && !strncmp(r->filename, "proxy:", 6));
4142 /* Since we want to match against the (so called) full URL, we have
4143 * to re-add the PATH_INFO postfix
4145 if (r->path_info && *r->path_info) {
4146 rewritelog(r, 3, ctx->perdir, "add path info postfix: %s -> %s%s",
4147 ctx->uri, ctx->uri, r->path_info);
4148 ctx->uri = apr_pstrcat(r->pool, ctx->uri, r->path_info, NULL);
4151 /* Additionally we strip the physical path from the url to match
4152 * it independent from the underlaying filesystem.
4154 if (!is_proxyreq && strlen(ctx->uri) >= dirlen &&
4155 !strncmp(ctx->uri, ctx->perdir, dirlen)) {
4157 rewritelog(r, 3, ctx->perdir, "strip per-dir prefix: %s -> %s",
4158 ctx->uri, ctx->uri + dirlen);
4159 ctx->uri = ctx->uri + dirlen;
4163 /* Try to match the URI against the RewriteRule pattern
4164 * and exit immediately if it didn't apply.
4166 rewritelog(r, 3, ctx->perdir, "applying pattern '%s' to uri '%s'",
4167 p->pattern, ctx->uri);
4169 rc = !ap_regexec(p->regexp, ctx->uri, AP_MAX_REG_MATCH, regmatch, 0);
4170 if (! (( rc && !(p->flags & RULEFLAG_NOTMATCH)) ||
4171 (!rc && (p->flags & RULEFLAG_NOTMATCH)) ) ) {
4175 /* It matched, wow! Now it's time to prepare the context structure for
4176 * further processing
4178 ctx->vary_this = NULL;
4179 ctx->briRC.source = NULL;
4181 if (p->flags & RULEFLAG_NOTMATCH) {
4182 ctx->briRR.source = NULL;
4185 ctx->briRR.source = apr_pstrdup(r->pool, ctx->uri);
4186 memcpy(ctx->briRR.regmatch, regmatch, sizeof(regmatch));
4189 /* Ok, we already know the pattern has matched, but we now
4190 * additionally have to check for all existing preconditions
4191 * (RewriteCond) which have to be also true. We do this at
4192 * this very late stage to avoid unnecessary checks which
4193 * would slow down the rewriting engine.
4195 rewriteconds = p->rewriteconds;
4196 conds = (rewritecond_entry *)rewriteconds->elts;
4198 for (i = 0; i < rewriteconds->nelts; ++i) {
4199 rewritecond_entry *c = &conds[i];
4201 rc = apply_rewrite_cond(c, ctx, ctx->temp_pool ? ctx->temp_pool : r->pool);
4203 * Reset vary_this if the novary flag is set for this condition.
4205 if (c->flags & CONDFLAG_NOVARY) {
4206 ctx->vary_this = NULL;
4208 if (c->flags & CONDFLAG_ORNEXT) {
4210 /* One condition is false, but another can be still true. */
4211 ctx->vary_this = NULL;
4215 /* skip the rest of the chained OR conditions */
4216 while ( i < rewriteconds->nelts
4217 && c->flags & CONDFLAG_ORNEXT) {
4223 if (ctx->temp_pool) {
4224 apr_pool_clear(ctx->temp_pool);
4229 /* If some HTTP header was involved in the condition, remember it
4232 if (ctx->vary_this) {
4233 ctx->vary = ctx->vary
4234 ? apr_pstrcat(r->pool, ctx->vary, ", ", ctx->vary_this,
4237 ctx->vary_this = NULL;
4241 /* expand the result */
4242 if (!(p->flags & RULEFLAG_NOSUB)) {
4243 newuri = do_expand(p->output, ctx, p, ctx->r->pool);
4244 rewritelog(r, 2, ctx->perdir, "rewrite '%s' -> '%s'", ctx->uri,
4248 /* expand [E=var:val] and [CO=<cookie>] */
4249 do_expand_env(p->env, ctx);
4250 do_expand_cookie(p->cookie, ctx);
4252 /* non-substitution rules ('RewriteRule <pat> -') end here. */
4253 if (p->flags & RULEFLAG_NOSUB) {
4254 force_type_handler(p, ctx);
4256 if (p->flags & RULEFLAG_STATUS) {
4257 rewritelog(r, 2, ctx->perdir, "forcing responsecode %d for %s",
4258 p->forced_responsecode, r->filename);
4260 r->status = p->forced_responsecode;
4266 /* Now adjust API's knowledge about r->filename and r->args */
4267 r->filename = newuri;
4269 if (ctx->perdir && (p->flags & RULEFLAG_DISCARDPATHINFO)) {
4270 r->path_info = NULL;
4273 splitout_queryargs(r, p->flags & RULEFLAG_QSAPPEND,
4274 p->flags & RULEFLAG_QSDISCARD,
4275 p->flags & RULEFLAG_QSLAST);
4277 /* Add the previously stripped per-directory location prefix, unless
4278 * (1) it's an absolute URL path and
4279 * (2) it's a full qualified URL
4281 if ( ctx->perdir && !is_proxyreq && *r->filename != '/'
4282 && !is_absolute_uri(r->filename, NULL)) {
4283 rewritelog(r, 3, ctx->perdir, "add per-dir prefix: %s -> %s%s",
4284 r->filename, ctx->perdir, r->filename);
4286 r->filename = apr_pstrcat(r->pool, ctx->perdir, r->filename, NULL);
4289 /* If this rule is forced for proxy throughput
4290 * (`RewriteRule ... ... [P]') then emulate mod_proxy's
4291 * URL-to-filename handler to be sure mod_proxy is triggered
4292 * for this URL later in the Apache API. But make sure it is
4293 * a fully-qualified URL. (If not it is qualified with
4296 if (p->flags & RULEFLAG_PROXY) {
4297 /* For rules evaluated in server context, the mod_proxy fixup
4298 * hook can be relied upon to escape the URI as and when
4299 * necessary, since it occurs later. If in directory context,
4300 * the ordering of the fixup hooks is forced such that
4301 * mod_proxy comes first, so the URI must be escaped here
4302 * instead. See PR 39746, 46428, and other headaches. */
4303 if (ctx->perdir && (p->flags & RULEFLAG_NOESCAPE) == 0) {
4304 char *old_filename = r->filename;
4306 r->filename = ap_escape_uri(r->pool, r->filename);
4307 rewritelog(r, 2, ctx->perdir, "escaped URI in per-dir context "
4308 "for proxy, %s -> %s", old_filename, r->filename);
4311 fully_qualify_uri(r);
4313 rewritelog(r, 2, ctx->perdir, "forcing proxy-throughput with %s",
4316 r->filename = apr_pstrcat(r->pool, "proxy:", r->filename, NULL);
4320 /* If this rule is explicitly forced for HTTP redirection
4321 * (`RewriteRule .. .. [R]') then force an external HTTP
4322 * redirect. But make sure it is a fully-qualified URL. (If
4323 * not it is qualified with ourself).
4325 if (p->flags & RULEFLAG_FORCEREDIRECT) {
4326 fully_qualify_uri(r);
4328 rewritelog(r, 2, ctx->perdir, "explicitly forcing redirect with %s",
4331 r->status = p->forced_responsecode;
4335 /* Special Rewriting Feature: Self-Reduction
4336 * We reduce the URL by stripping a possible
4337 * http[s]://<ourhost>[:<port>] prefix, i.e. a prefix which
4338 * corresponds to ourself. This is to simplify rewrite maps
4339 * and to avoid recursion, etc. When this prefix is not a
4340 * coincidence then the user has to use [R] explicitly (see
4345 /* If this rule is still implicitly forced for HTTP
4346 * redirection (`RewriteRule .. <scheme>://...') then
4347 * directly force an external HTTP redirect.
4349 if (is_absolute_uri(r->filename, NULL)) {
4350 rewritelog(r, 2, ctx->perdir, "implicitly forcing redirect (rc=%d "
4351 "with %s", p->forced_responsecode, r->filename);
4353 r->status = p->forced_responsecode;
4357 /* Finally remember the forced mime-type */
4358 force_type_handler(p, ctx);
4360 /* Puuhhhhhhhh... WHAT COMPLICATED STUFF ;_)
4361 * But now we're done for this particular rule.
4367 * Apply a complete rule set,
4368 * i.e. a list of rewrite rules
4370 static int apply_rewrite_list(request_rec *r, apr_array_header_t *rewriterules,
4373 rewriterule_entry *entries;
4374 rewriterule_entry *p;
4381 rewrite_perdir_conf *dconf = (rewrite_perdir_conf *)
4382 ap_get_module_config(r->per_dir_config,
4385 ctx = apr_palloc(r->pool, sizeof(*ctx));
4386 ctx->perdir = perdir;
4389 if (dconf->options & OPTION_LONGOPT) {
4390 apr_pool_create(&(ctx->temp_pool), r->pool);
4393 ctx->temp_pool = NULL;
4397 * Iterate over all existing rules
4399 entries = (rewriterule_entry *)rewriterules->elts;
4402 for (i = 0; i < rewriterules->nelts; i++) {
4406 * Ignore this rule on subrequests if we are explicitly
4407 * asked to do so or this is a proxy-throughput or a
4408 * forced redirect rule.
4410 if (r->main != NULL &&
4411 (p->flags & RULEFLAG_IGNOREONSUBREQ ||
4412 p->flags & RULEFLAG_FORCEREDIRECT )) {
4417 * Apply the current rule.
4420 rc = apply_rewrite_rule(p, ctx);
4424 /* Catch looping rules with pathinfo growing unbounded */
4425 if ( strlen( r->filename ) > 2*r->server->limit_req_line ) {
4426 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
4427 "RewriteRule '%s' and URI '%s' "
4428 "exceeded maximum length (%d)",
4429 p->pattern, r->uri, 2*r->server->limit_req_line );
4430 r->status = HTTP_INTERNAL_SERVER_ERROR;
4431 return ACTION_STATUS;
4434 /* Regardless of what we do next, we've found a match. Check to see
4435 * if any of the request header fields were involved, and add them
4436 * to the Vary field of the response.
4439 apr_table_merge(r->headers_out, "Vary", ctx->vary);
4443 * The rule sets the response code (implies match-only)
4445 if (p->flags & RULEFLAG_STATUS) {
4446 return ACTION_STATUS;
4450 * Indicate a change if this was not a match-only rule.
4453 changed = ((p->flags & RULEFLAG_NOESCAPE)
4454 ? ACTION_NOESCAPE : ACTION_NORMAL);
4458 * Pass-Through Feature (`RewriteRule .. .. [PT]'):
4459 * Because the Apache 1.x API is very limited we
4460 * need this hack to pass the rewritten URL to other
4461 * modules like mod_alias, mod_userdir, etc.
4463 if (p->flags & RULEFLAG_PASSTHROUGH) {
4464 rewritelog(r, 2, perdir, "forcing '%s' to get passed through "
4465 "to next API URI-to-filename handler", r->filename);
4466 r->filename = apr_pstrcat(r->pool, "passthrough:",
4468 changed = ACTION_NORMAL;
4472 if (p->flags & RULEFLAG_END) {
4473 rewritelog(r, 8, perdir, "Rule has END flag, no further rewriting for this request");
4474 apr_pool_userdata_set("1", really_last_key, apr_pool_cleanup_null, r->pool);
4478 * Stop processing also on proxy pass-through and
4479 * last-rule and new-round flags.
4481 if (p->flags & (RULEFLAG_PROXY | RULEFLAG_LASTRULE)) {
4486 * On "new-round" flag we just start from the top of
4487 * the rewriting ruleset again.
4489 if (p->flags & RULEFLAG_NEWROUND) {
4490 if (++round >= p->maxrounds) {
4491 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02596)
4492 "RewriteRule '%s' and URI '%s' exceeded "
4493 "maximum number of rounds (%d) via the [N] flag",
4494 p->pattern, r->uri, p->maxrounds);
4496 r->status = HTTP_INTERNAL_SERVER_ERROR;
4497 return ACTION_STATUS;
4503 * If we are forced to skip N next rules, do it now.
4507 while ( i < rewriterules->nelts
4516 * If current rule is chained with next rule(s),
4517 * skip all this next rule(s)
4519 while ( i < rewriterules->nelts
4520 && p->flags & RULEFLAG_CHAIN) {
4531 * +-------------------------------------------------------+
4533 * | Module Initialization Hooks
4535 * +-------------------------------------------------------+
4538 static int pre_config(apr_pool_t *pconf,
4542 APR_OPTIONAL_FN_TYPE(ap_register_rewrite_mapfunc) *map_pfn_register;
4544 rewrite_lock_needed = 0;
4545 ap_mutex_register(pconf, rewritemap_mutex_type, NULL, APR_LOCK_DEFAULT, 0);
4547 /* register int: rewritemap handlers */
4548 map_pfn_register = APR_RETRIEVE_OPTIONAL_FN(ap_register_rewrite_mapfunc);
4549 if (map_pfn_register) {
4550 map_pfn_register("tolower", rewrite_mapfunc_tolower);
4551 map_pfn_register("toupper", rewrite_mapfunc_toupper);
4552 map_pfn_register("escape", rewrite_mapfunc_escape);
4553 map_pfn_register("unescape", rewrite_mapfunc_unescape);
4555 dbd_acquire = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_acquire);
4556 dbd_prepare = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_prepare);
4560 static int post_config(apr_pool_t *p,
4567 /* check if proxy module is available */
4568 proxy_available = (ap_find_linked_module("mod_proxy.c") != NULL);
4570 if (rewrite_lock_needed) {
4571 rv = rewritelock_create(s, p);
4572 if (rv != APR_SUCCESS) {
4573 return HTTP_INTERNAL_SERVER_ERROR;
4576 apr_pool_cleanup_register(p, (void *)s, rewritelock_remove,
4577 apr_pool_cleanup_null);
4580 /* if we are not doing the initial config, step through the servers and
4581 * open the RewriteMap prg:xxx programs,
4583 if (ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_CREATE_CONFIG) {
4584 for (; s; s = s->next) {
4585 if (run_rewritemap_programs(s, p) != APR_SUCCESS) {
4586 return HTTP_INTERNAL_SERVER_ERROR;
4591 rewrite_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
4592 rewrite_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
4597 static void init_child(apr_pool_t *p, server_rec *s)
4599 apr_status_t rv = 0; /* get a rid of gcc warning (REWRITELOG_DISABLED) */
4601 if (rewrite_mapr_lock_acquire) {
4602 rv = apr_global_mutex_child_init(&rewrite_mapr_lock_acquire,
4603 apr_global_mutex_lockfile(rewrite_mapr_lock_acquire), p);
4604 if (rv != APR_SUCCESS) {
4605 ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s, APLOGNO(00666)
4606 "mod_rewrite: could not init rewrite_mapr_lock_acquire"
4611 /* create the lookup cache */
4612 if (!init_cache(p)) {
4613 ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s, APLOGNO(00667)
4614 "mod_rewrite: could not init map cache in child");
4620 * +-------------------------------------------------------+
4624 * +-------------------------------------------------------+
4628 * URI-to-filename hook
4629 * [deals with RewriteRules in server context]
4631 static int hook_uri2file(request_rec *r)
4633 rewrite_perdir_conf *dconf;
4634 rewrite_server_conf *conf;
4635 const char *saved_rulestatus;
4637 const char *thisserver;
4639 const char *thisurl;
4646 * retrieve the config structures
4648 conf = ap_get_module_config(r->server->module_config, &rewrite_module);
4650 dconf = (rewrite_perdir_conf *)ap_get_module_config(r->per_dir_config,
4654 * only do something under runtime if the engine is really enabled,
4655 * else return immediately!
4657 if (!dconf || dconf->state == ENGINE_DISABLED) {
4662 * check for the ugly API case of a virtual host section where no
4663 * mod_rewrite directives exists. In this situation we became no chance
4664 * by the API to setup our default per-server config so we have to
4665 * on-the-fly assume we have the default config. But because the default
4666 * config has a disabled rewriting engine we are lucky because can
4667 * just stop operating now.
4669 if (conf->server != r->server) {
4673 /* END flag was used as a RewriteRule flag on this request */
4674 apr_pool_userdata_get(&skipdata, really_last_key, r->pool);
4675 if (skipdata != NULL) {
4676 rewritelog(r, 8, NULL, "Declining, no further rewriting due to END flag");
4680 /* Unless the anyuri option is set, ensure that the input to the
4681 * first rule really is a URL-path, avoiding security issues with
4682 * poorly configured rules. See CVE-2011-3368, CVE-2011-4317. */
4683 if ((dconf->options & OPTION_ANYURI) == 0
4684 && ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0')
4685 || !r->uri || r->uri[0] != '/')) {
4686 rewritelog(r, 8, NULL, "Declining, request-URI '%s' is not a URL-path. "
4687 "Consult the manual entry for the RewriteOptions directive "
4688 "for options and caveats about matching other strings.",
4694 * remember the original query string for later check, since we don't
4695 * want to apply URL-escaping when no substitution has changed it.
4700 * add the SCRIPT_URL variable to the env. this is a bit complicated
4701 * due to the fact that apache uses subrequests and internal redirects
4704 if (r->main == NULL) {
4705 var = apr_table_get(r->subprocess_env, REDIRECT_ENVVAR_SCRIPT_URL);
4707 apr_table_setn(r->subprocess_env, ENVVAR_SCRIPT_URL, r->uri);
4710 apr_table_setn(r->subprocess_env, ENVVAR_SCRIPT_URL, var);
4714 var = apr_table_get(r->main->subprocess_env, ENVVAR_SCRIPT_URL);
4715 apr_table_setn(r->subprocess_env, ENVVAR_SCRIPT_URL, var);
4719 * create the SCRIPT_URI variable for the env
4722 /* add the canonical URI of this URL */
4723 thisserver = ap_get_server_name_for_url(r);
4724 port = ap_get_server_port(r);
4725 if (ap_is_default_port(port, r)) {
4729 thisport = apr_psprintf(r->pool, ":%u", port);
4731 thisurl = apr_table_get(r->subprocess_env, ENVVAR_SCRIPT_URL);
4733 /* set the variable */
4734 var = apr_pstrcat(r->pool, ap_http_scheme(r), "://", thisserver, thisport,
4736 apr_table_setn(r->subprocess_env, ENVVAR_SCRIPT_URI, var);
4738 if (!(saved_rulestatus = apr_table_get(r->notes,"mod_rewrite_rewritten"))) {
4739 /* if filename was not initially set,
4740 * we start with the requested URI
4742 if (r->filename == NULL) {
4743 r->filename = apr_pstrdup(r->pool, r->uri);
4744 rewritelog(r, 2, NULL, "init rewrite engine with requested uri %s",
4748 rewritelog(r, 2, NULL, "init rewrite engine with passed filename "
4749 "%s. Original uri = %s", r->filename, r->uri);
4753 * now apply the rules ...
4755 rulestatus = apply_rewrite_list(r, conf->rewriterules, NULL);
4756 apr_table_setn(r->notes, "mod_rewrite_rewritten",
4757 apr_psprintf(r->pool,"%d",rulestatus));
4760 rewritelog(r, 2, NULL, "uri already rewritten. Status %s, Uri %s, "
4761 "r->filename %s", saved_rulestatus, r->uri, r->filename);
4763 rulestatus = atoi(saved_rulestatus);
4770 if (ACTION_STATUS == rulestatus) {
4773 r->status = HTTP_OK;
4777 flen = r->filename ? strlen(r->filename) : 0;
4778 if (flen > 6 && strncmp(r->filename, "proxy:", 6) == 0) {
4779 /* it should be go on as an internal proxy request */
4781 /* check if the proxy module is enabled, so
4782 * we can actually use it!
4784 if (!proxy_available) {
4785 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00669)
4786 "attempt to make remote request from mod_rewrite "
4787 "without proxy enabled: %s", r->filename);
4788 return HTTP_FORBIDDEN;
4791 if (rulestatus == ACTION_NOESCAPE) {
4792 apr_table_setn(r->notes, "proxy-nocanon", "1");
4795 /* make sure the QUERY_STRING and
4796 * PATH_INFO parts get incorporated
4798 if (r->path_info != NULL) {
4799 r->filename = apr_pstrcat(r->pool, r->filename,
4800 r->path_info, NULL);
4802 if ((r->args != NULL)
4803 && ((r->proxyreq == PROXYREQ_PROXY)
4804 || (rulestatus == ACTION_NOESCAPE))) {
4805 /* see proxy_http:proxy_http_canon() */
4806 r->filename = apr_pstrcat(r->pool, r->filename,
4807 "?", r->args, NULL);
4810 /* now make sure the request gets handled by the proxy handler */
4811 if (PROXYREQ_NONE == r->proxyreq) {
4812 r->proxyreq = PROXYREQ_REVERSE;
4814 r->handler = "proxy-server";
4816 rewritelog(r, 1, NULL, "go-ahead with proxy request %s [OK]",
4820 else if ((skip = is_absolute_uri(r->filename, NULL)) > 0) {
4823 /* it was finally rewritten to a remote URL */
4825 if (rulestatus != ACTION_NOESCAPE) {
4826 rewritelog(r, 1, NULL, "escaping %s for redirect",
4828 r->filename = escape_absolute_uri(r->pool, r->filename, skip);
4831 /* append the QUERY_STRING part */
4833 char *escaped_args = NULL;
4834 int noescape = (rulestatus == ACTION_NOESCAPE ||
4835 (oargs && !strcmp(r->args, oargs)));
4837 r->filename = apr_pstrcat(r->pool, r->filename, "?",
4841 ap_escape_uri(r->pool, r->args)),
4844 rewritelog(r, 1, NULL, "%s %s to query string for redirect %s",
4845 noescape ? "copying" : "escaping",
4847 noescape ? "" : escaped_args);
4850 /* determine HTTP redirect response code */
4851 if (ap_is_HTTP_REDIRECT(r->status)) {
4853 r->status = HTTP_OK; /* make Apache kernel happy */
4856 n = HTTP_MOVED_TEMPORARILY;
4859 /* now do the redirection */
4860 apr_table_setn(r->headers_out, "Location", r->filename);
4861 rewritelog(r, 1, NULL, "redirect to %s [REDIRECT/%d]", r->filename,
4866 else if (flen > 12 && strncmp(r->filename, "passthrough:", 12) == 0) {
4868 * Hack because of underpowered API: passing the current
4869 * rewritten filename through to other URL-to-filename handlers
4870 * just as it were the requested URL. This is to enable
4871 * post-processing by mod_alias, etc. which always act on
4872 * r->uri! The difference here is: We do not try to
4873 * add the document root
4875 r->uri = apr_pstrdup(r->pool, r->filename+12);
4879 /* it was finally rewritten to a local path */
4880 const char *uri_reduced = NULL;
4882 /* expand "/~user" prefix */
4884 r->filename = expand_tildepaths(r, r->filename);
4886 rewritelog(r, 2, NULL, "local path result: %s", r->filename);
4888 /* the filename must be either an absolute local path or an
4889 * absolute local URL.
4891 if ( *r->filename != '/'
4892 && !ap_os_is_path_absolute(r->pool, r->filename)) {
4893 return HTTP_BAD_REQUEST;
4896 /* if there is no valid prefix, we call
4897 * the translator from the core and
4898 * prefix the filename with document_root
4901 * We cannot leave out the prefix_stat because
4902 * - when we always prefix with document_root
4903 * then no absolute path can be created, e.g. via
4904 * emulating a ScriptAlias directive, etc.
4905 * - when we always NOT prefix with document_root
4906 * then the files under document_root have to
4907 * be references directly and document_root
4908 * gets never used and will be a dummy parameter -
4912 * Under real Unix systems this is no problem,
4913 * because we only do stat() on the first directory
4914 * and this gets cached by the kernel for along time!
4917 if(!(conf->options & OPTION_LEGACY_PREFIX_DOCROOT)) {
4918 uri_reduced = apr_table_get(r->notes, "mod_rewrite_uri_reduced");
4921 if (!prefix_stat(r->filename, r->pool) || uri_reduced != NULL) {
4925 r->uri = r->filename;
4926 res = ap_core_translate(r);
4930 rewritelog(r, 1, NULL, "prefixing with document_root of %s"
4931 " FAILED", r->filename);
4936 rewritelog(r, 2, NULL, "prefixed with document_root to %s",
4940 rewritelog(r, 1, NULL, "go-ahead with %s [OK]", r->filename);
4945 rewritelog(r, 1, NULL, "pass through %s", r->filename);
4952 * [RewriteRules in directory context]
4954 static int hook_fixup(request_rec *r)
4956 rewrite_perdir_conf *dconf;
4963 char *ofilename, *oargs;
4967 dconf = (rewrite_perdir_conf *)ap_get_module_config(r->per_dir_config,
4970 /* if there is no per-dir config we return immediately */
4971 if (dconf == NULL) {
4976 * only do something under runtime if the engine is really enabled,
4977 * for this directory, else return immediately!
4979 if (dconf->state == ENGINE_DISABLED) {
4983 /* if there are no real (i.e. no RewriteRule directives!)
4984 per-dir config of us, we return also immediately */
4985 if (dconf->directory == NULL) {
4992 is_proxyreq = ( r->proxyreq && r->filename
4993 && !strncmp(r->filename, "proxy:", 6));
4996 * .htaccess file is called before really entering the directory, i.e.:
4997 * URL: http://localhost/foo and .htaccess is located in foo directory
4998 * Ignore such attempts, allowing mod_dir to direct the client to the
4999 * canonical URL. This can be controlled with the AllowNoSlash option.
5001 if (!is_proxyreq && !(dconf->options & OPTION_NOSLASH)) {
5002 l = strlen(dconf->directory) - 1;
5003 if (r->filename && strlen(r->filename) == l &&
5004 (dconf->directory)[l] == '/' &&
5005 !strncmp(r->filename, dconf->directory, l)) {
5010 /* END flag was used as a RewriteRule flag on this request */
5011 apr_pool_userdata_get(&skipdata, really_last_key, r->pool);
5012 if (skipdata != NULL) {
5013 rewritelog(r, 8, dconf->directory, "Declining, no further rewriting due to END flag");
5018 * Do the Options check after engine check, so
5019 * the user is able to explicitly turn RewriteEngine Off.
5021 if (!(ap_allow_options(r) & (OPT_SYM_LINKS | OPT_SYM_OWNER))) {
5022 /* FollowSymLinks is mandatory! */
5023 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00670)
5024 "Options FollowSymLinks and SymLinksIfOwnerMatch are both off, "
5025 "so the RewriteRule directive is also forbidden "
5026 "due to its similar ability to circumvent directory restrictions : "
5028 return HTTP_FORBIDDEN;
5032 * remember the current filename before rewriting for later check
5033 * to prevent deadlooping because of internal redirects
5034 * on final URL/filename which can be equal to the initial one.
5035 * also, we'll restore original r->filename if we decline this
5038 ofilename = r->filename;
5041 if (r->filename == NULL) {
5042 r->filename = apr_pstrdup(r->pool, r->uri);
5043 rewritelog(r, 2, dconf->directory, "init rewrite engine with"
5044 " requested uri %s", r->filename);
5048 * now apply the rules ...
5050 rulestatus = apply_rewrite_list(r, dconf->rewriterules, dconf->directory);
5054 if (ACTION_STATUS == rulestatus) {
5057 r->status = HTTP_OK;
5061 l = strlen(r->filename);
5062 if (l > 6 && strncmp(r->filename, "proxy:", 6) == 0) {
5063 /* it should go on as an internal proxy request */
5065 /* check if the proxy module is enabled, so
5066 * we can actually use it!
5068 if (!proxy_available) {
5069 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10160)
5070 "attempt to make remote request from mod_rewrite "
5071 "without proxy enabled: %s", r->filename);
5072 return HTTP_FORBIDDEN;
5075 /* make sure the QUERY_STRING and
5076 * PATH_INFO parts get incorporated
5077 * (r->path_info was already appended by the
5078 * rewriting engine because of the per-dir context!)
5080 if (r->args != NULL) {
5081 /* see proxy_http:proxy_http_canon() */
5082 r->filename = apr_pstrcat(r->pool, r->filename,
5083 "?", r->args, NULL);
5086 /* now make sure the request gets handled by the proxy handler */
5087 if (PROXYREQ_NONE == r->proxyreq) {
5088 r->proxyreq = PROXYREQ_REVERSE;
5090 r->handler = "proxy-server";
5092 rewritelog(r, 1, dconf->directory, "go-ahead with proxy request "
5093 "%s [OK]", r->filename);
5096 else if ((skip = is_absolute_uri(r->filename, NULL)) > 0) {
5097 /* it was finally rewritten to a remote URL */
5099 /* because we are in a per-dir context
5100 * first try to replace the directory with its base-URL
5101 * if there is a base-URL available
5103 if (dconf->baseurl != NULL) {
5104 /* skip 'scheme://' */
5105 cp = r->filename + skip;
5107 if ((cp = ap_strchr(cp, '/')) != NULL && *(++cp)) {
5108 rewritelog(r, 2, dconf->directory,
5109 "trying to replace prefix %s with %s",
5110 dconf->directory, dconf->baseurl);
5112 /* I think, that hack needs an explanation:
5114 * mod_rewrite was written for unix systems, were
5115 * absolute file-system paths start with a slash.
5116 * URL-paths _also_ start with slashes, so they
5117 * can be easily compared with system paths.
5119 * the following assumes, that the actual url-path
5120 * may be prefixed by the current directory path and
5121 * tries to replace the system path with the RewriteBase
5123 * That assumption is true if we use a RewriteRule like
5125 * RewriteRule ^foo bar [R]
5127 * (see apply_rewrite_rule function)
5128 * However on systems that don't have a / as system
5129 * root this will never match, so we skip the / after the
5130 * hostname and compare/substitute only the stuff after it.
5132 * (note that cp was already increased to the right value)
5134 cp2 = subst_prefix_path(r, cp, (*dconf->directory == '/')
5135 ? dconf->directory + 1
5137 dconf->baseurl + 1);
5138 if (strcmp(cp2, cp) != 0) {
5140 r->filename = apr_pstrcat(r->pool, r->filename,
5146 /* now prepare the redirect... */
5147 if (rulestatus != ACTION_NOESCAPE) {
5148 rewritelog(r, 1, dconf->directory, "escaping %s for redirect",
5150 r->filename = escape_absolute_uri(r->pool, r->filename, skip);
5153 /* append the QUERY_STRING part */
5155 char *escaped_args = NULL;
5156 int noescape = (rulestatus == ACTION_NOESCAPE ||
5157 (oargs && !strcmp(r->args, oargs)));
5159 r->filename = apr_pstrcat(r->pool, r->filename, "?",
5162 : (escaped_args = ap_escape_uri(r->pool, r->args)),
5165 rewritelog(r, 1, dconf->directory, "%s %s to query string for redirect %s",
5166 noescape ? "copying" : "escaping",
5168 noescape ? "" : escaped_args);
5171 /* determine HTTP redirect response code */
5172 if (ap_is_HTTP_REDIRECT(r->status)) {
5174 r->status = HTTP_OK; /* make Apache kernel happy */
5177 n = HTTP_MOVED_TEMPORARILY;
5180 /* now do the redirection */
5181 apr_table_setn(r->headers_out, "Location", r->filename);
5182 rewritelog(r, 1, dconf->directory, "redirect to %s [REDIRECT/%d]",
5187 const char *tmpfilename = NULL;
5188 /* it was finally rewritten to a local path */
5190 /* if someone used the PASSTHROUGH flag in per-dir
5191 * context we just ignore it. It is only useful
5192 * in per-server context
5194 if (l > 12 && strncmp(r->filename, "passthrough:", 12) == 0) {
5195 r->filename = apr_pstrdup(r->pool, r->filename+12);
5198 rewritelog(r, 2, NULL, "local path result: %s", r->filename);
5200 /* the filename must be either an absolute local path or an
5201 * absolute local URL.
5203 if ( *r->filename != '/'
5204 && !ap_os_is_path_absolute(r->pool, r->filename)) {
5205 return HTTP_BAD_REQUEST;
5208 /* Check for deadlooping:
5209 * At this point we KNOW that at least one rewriting
5210 * rule was applied, but when the resulting URL is
5211 * the same as the initial URL, we are not allowed to
5212 * use the following internal redirection stuff because
5213 * this would lead to a deadloop.
5215 if (ofilename != NULL && strcmp(r->filename, ofilename) == 0) {
5216 rewritelog(r, 1, dconf->directory, "initial URL equal rewritten"
5217 " URL: %s [IGNORING REWRITE]", r->filename);
5221 tmpfilename = r->filename;
5223 /* if there is a valid base-URL then substitute
5224 * the per-dir prefix with this base-URL if the
5225 * current filename still is inside this per-dir
5226 * context. If not then treat the result as a
5229 if (dconf->baseurl != NULL) {
5230 rewritelog(r, 2, dconf->directory, "trying to replace prefix "
5231 "%s with %s", dconf->directory, dconf->baseurl);
5233 r->filename = subst_prefix_path(r, r->filename,
5238 /* if no explicit base-URL exists we assume
5239 * that the directory prefix is also a valid URL
5240 * for this webserver and only try to remove the
5241 * document_root if it is prefix
5243 if ((ccp = ap_document_root(r)) != NULL) {
5244 /* strip trailing slash */
5246 if (ccp[l-1] == '/') {
5249 if (!strncmp(r->filename, ccp, l) &&
5250 r->filename[l] == '/') {
5251 rewritelog(r, 2,dconf->directory, "strip document_root"
5252 " prefix: %s -> %s", r->filename,
5255 r->filename = apr_pstrdup(r->pool, r->filename+l);
5260 /* No base URL, or r->filename wasn't still under dconf->directory
5261 * or, r->filename wasn't still under the document root.
5262 * If there's a context document root AND a context prefix, and
5263 * the context document root is a prefix of r->filename, replace.
5264 * This allows a relative substitution on a path found by mod_userdir
5265 * or mod_alias without baking in a RewriteBase.
5267 if (tmpfilename == r->filename &&
5268 !(dconf->options & OPTION_IGNORE_CONTEXT_INFO)) {
5269 if ((ccp = ap_context_document_root(r)) != NULL) {
5270 const char *prefix = ap_context_prefix(r);
5271 if (prefix != NULL) {
5272 rewritelog(r, 2, dconf->directory, "trying to replace "
5273 "context docroot %s with context prefix %s",
5275 r->filename = subst_prefix_path(r, r->filename,
5281 apr_table_setn(r->notes, "redirect-keeps-vary", "");
5283 /* now initiate the internal redirect */
5284 rewritelog(r, 1, dconf->directory, "internal redirect with %s "
5285 "[INTERNAL REDIRECT]", r->filename);
5286 r->filename = apr_pstrcat(r->pool, "redirect:", r->filename, NULL);
5287 r->handler = REWRITE_REDIRECT_HANDLER_NAME;
5292 rewritelog(r, 1, dconf->directory, "pass through %s", r->filename);
5293 r->filename = ofilename;
5300 * [T=...,H=...] execution
5302 static int hook_mimetype(request_rec *r)
5307 t = apr_table_get(r->notes, REWRITE_FORCED_MIMETYPE_NOTEVAR);
5309 rewritelog(r, 1, NULL, "force filename %s to have MIME-type '%s'",
5312 ap_set_content_type(r, t);
5316 t = apr_table_get(r->notes, REWRITE_FORCED_HANDLER_NOTEVAR);
5318 rewritelog(r, 1, NULL, "force filename %s to have the "
5319 "Content-handler '%s'", r->filename, t);
5329 * "content" handler for internal redirects
5331 static int handler_redirect(request_rec *r)
5333 if (strcmp(r->handler, REWRITE_REDIRECT_HANDLER_NAME)) {
5337 /* just make sure that we are really meant! */
5338 if (strncmp(r->filename, "redirect:", 9) != 0) {
5342 /* now do the internal redirect */
5343 ap_internal_redirect(apr_pstrcat(r->pool, r->filename+9,
5344 r->args ? "?" : NULL, r->args, NULL), r);
5346 /* and return gracefully */
5352 * +-------------------------------------------------------+
5354 * | Module paraphernalia
5356 * +-------------------------------------------------------+
5359 static const command_rec command_table[] = {
5360 AP_INIT_FLAG( "RewriteEngine", cmd_rewriteengine, NULL, OR_FILEINFO,
5361 "On or Off to enable or disable (default) the whole "
5362 "rewriting engine"),
5363 AP_INIT_ITERATE( "RewriteOptions", cmd_rewriteoptions, NULL, OR_FILEINFO,
5364 "List of option strings to set"),
5365 AP_INIT_TAKE1( "RewriteBase", cmd_rewritebase, NULL, OR_FILEINFO,
5366 "the base URL of the per-directory context"),
5367 AP_INIT_RAW_ARGS("RewriteCond", cmd_rewritecond, NULL, OR_FILEINFO,
5368 "an input string and a to be applied regexp-pattern"),
5369 AP_INIT_RAW_ARGS("RewriteRule", cmd_rewriterule, NULL, OR_FILEINFO,
5370 "an URL-applied regexp-pattern and a substitution URL"),
5371 AP_INIT_TAKE23( "RewriteMap", cmd_rewritemap, NULL, RSRC_CONF,
5372 "a mapname and a filename and options"),
5376 static void ap_register_rewrite_mapfunc(char *name, rewrite_mapfunc_t *func)
5378 apr_hash_set(mapfunc_hash, name, strlen(name), (const void *)func);
5381 static void register_hooks(apr_pool_t *p)
5383 /* fixup after mod_proxy, so that the proxied url will not
5384 * escaped accidentally by mod_proxy's fixup.
5386 static const char * const aszPre[]={ "mod_proxy.c", NULL };
5388 /* make the hashtable before registering the function, so that
5389 * other modules are prevented from accessing uninitialized memory.
5391 mapfunc_hash = apr_hash_make(p);
5392 APR_REGISTER_OPTIONAL_FN(ap_register_rewrite_mapfunc);
5394 ap_hook_handler(handler_redirect, NULL, NULL, APR_HOOK_MIDDLE);
5395 ap_hook_pre_config(pre_config, NULL, NULL, APR_HOOK_MIDDLE);
5396 ap_hook_post_config(post_config, NULL, NULL, APR_HOOK_MIDDLE);
5397 ap_hook_child_init(init_child, NULL, NULL, APR_HOOK_MIDDLE);
5399 ap_hook_fixups(hook_fixup, aszPre, NULL, APR_HOOK_FIRST);
5400 ap_hook_fixups(hook_mimetype, NULL, NULL, APR_HOOK_LAST);
5401 ap_hook_translate_name(hook_uri2file, NULL, NULL, APR_HOOK_FIRST);
5404 /* the main config structure */
5405 AP_DECLARE_MODULE(rewrite) = {
5406 STANDARD20_MODULE_STUFF,
5407 config_perdir_create, /* create per-dir config structures */
5408 config_perdir_merge, /* merge per-dir config structures */
5409 config_server_create, /* create per-server config structures */
5410 config_server_merge, /* merge per-server config structures */
5411 command_table, /* table of config file commands */
5412 register_hooks /* register hooks */