How to exploit Apache HTTP URL Rewrite Rules

The case when you have a published Portal, through Webcache and HTTP server (likely Apache) is common. Though, you may need also to publish other web applications, that may be called through Ajax or something.

On production environments, there are one or more Servers that hosts the web applications, one or more for the portal, and one or more for the Webcache & HTTP Server. So, the domain registered just refer, or forward to the Webcache server directly.

When the need to call web applications with Ajax rises, you can’t just call the Applications normally with its IP Address while the current page is on a different domain, context , IP address or even different port!. All browsers will give you the access denied error prohibiting some sort of fishing behavior.

Here comes the solution of publishing web applications, one web application, or only part of a web application through HTTP server and be able to send HTTP requests to it, through the same domain. The main idea behind that, is to use URL Rewrite Rule.

The URL Rewrite rule informs the HTTP server to forward any requests with a specified pattern, to be forwarded to another path, server, or even rearranging the  parameters and change the whole URL look.

URL Rewrite rules are defined in the httpd.conf file. Go to the end of the file and define your rules in this syntax :

RewriteRule   ^/AjaxContext/([^/])/(^/)$  http://xxx.xxx.xxx.xxx:xxxx/webapp/$1?param=/$2 [P,L]

The preceding example shows how to forward requests on specific context, with specified pattern, and change the URL form.

You can read more about URL Rewrite rules in Apache HTTP guide.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s