Web Development
  Home arrow Web Development arrow Module mod rewrite Tutorial (Part 2)
Affiliate Promotion  
Blog Help  
Domain Name Tips  
How To  
Newsletter Marketing  
Online Business Help  
Search Engine Tricks  
Web Development  
Web Hosting  
Website Advertising  
Website Content  
Website Marketing  
 Webmaster Tools
 
Base64 Encoding 
Browser Settings 
CSS Coder 
CSS Navigation Menu 
Datetime Converter 
DHTML Tooltip 
Dig Utility 
DNS Utility 
Dropdown Menu 
Fetch Content 
Fetch Header 
Floating Layer 
htaccess Generator 
HTML to PHP 
HTML Encoder 
HTML Entities 
IP Convert 
Meta Tags 
Password Encryption
 
Password Strength
 
Pattern Extractor 
Ping Utility 
Pop-Up Window 
Regex Extractor 
Regex Match 
Scrollbar Color 
Source Viewer 
Syntax Highlighting 
URL Encoding 
Web Safe Colors 
Whois
 
Forums Sitemap 
Mobile Linux 
APP Generation ROI 
IBM® developerWorks 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WEB DEVELOPMENT

Module mod rewrite Tutorial (Part 2)
By: Developer Shed
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 3 stars3 stars3 stars3 stars3 stars / 1
    2003-08-09

    Table of Contents:

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
    ADVERTISEMENT


    The Apache server power commander part 2
    By Dirk Brockhausen

    In this tutorial's last instalment we started off with a discussion of the basics of Module mod_rewrite. In the example reviewed there we made use of a rule
    which, put in full words, states:

    "If access to file .htaccess is attempted, return an error message stating that access is denied."

    This rule is valid globally, i.e. everyone will receive the specified error message.

    We can, however, restrict a rule by what is termed "rule conditions" - in this case, the rule will only be executed if the condition set has actually been met.

    Syntax: The condition must precede the rule!

    Let us explain this procedure with an example.
    (The lines below are entries in file ".htaccess".)

    RewriteEngine on
    Options +FollowSymlinks
    RewriteBase /
    RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon
    RewriteRule ^.*$ - [F]

    The first three lines were covered in detail in Part 1 of this tutorial. Their function is to initialize the rewriting engine.

    The last two lines will refuse access to a spider carrying UserAgent "EmailSiphon". This specific spider is an email harvester culling addresses from web pages.

    Our line:

    RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon

    is made up of the following three parts:

    Directive: RewriteCond
    TestString: %{HTTP_USER_AGENT}
    CondPattern: ^EmailSiphon

    The TestString is a server variable which
    is written in the general form of
    "%{NAME_OF_VARIABLE}".

    In our example we have defined the "HTTP_USER_AGENT"
    as "NAME_OF_VARIABLE".

    CondPattern is a regular expression. Before we continue with its specifics, let us take a
    look at regular expressions and their function in general.

    Regular expressions

    Regular expressions are a means of describing text patterns. They are used to check if a text pattern is present in any given text. Once determined, this pattern can then be manipulated.

    Regular expressions are similar to a small, compact programming language in its own right.

    E.g. the regular expression "s/abc/xyz/g" will globally replace the string "abc" in a text by "xyz".

    Here is an overview of the most important elements with some examples:

    .(dot) - text (any character)
    | - alternation (i.e. /abc|def/)
    * - quantifier (any number is allowed)
    ^ $ - line anchors
    s - operator (string1 to be replaced by string2)
    g - modifier (search parses the whole text)

    Regular expressions are construed with the help of these elements and alphanumeric characters.

    Regular expressions are not used isolated by themselves; instead, they are integrated in other tools, e.g. in languages like Perl or in text editors such as Emacs.

    In connection with Module mod_rewrite they are used in the directives RewriteRule and RewriteCond.


    "^" represents the beginning of a string. It follows that the UserAgent must begin with string "EmailSiphon" and nothing else. ("NewEmailSiphon", for example, would not work.) In this case the condition would not be met.

    But as this particular regular expression doesn't contain the character "$" (end of line anchor), the UserAgent could, for example, be "EmailSiphon2".


    The last script line

    RewriteRule ^.*$ - [F]

    defines what will happen when a spider is requesting access.

    The regular expression "^.*$" signifies:

    If access to any file is requested, the error message "forbidden" will be displayed.

    The dot "." in the regular expression is a meta symbol
    (wildcard) and signifies any random character.

    "*" signifies that the string may occur an unlimited number of times. In this case, regardless which specific page is called, an error message will be displayed.


    EmailSiphon is, of course, not the only email harvester. Another famous member of this family is "ExtractorPro".

    So let's say we want to fend off this spider as well. In this case we will require another condition to be met.

    This gives us the following entries to file ".htaccess":

    RewriteEngine on
    Options +FollowSymlinks
    RewriteBase /
    RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro
    RewriteRule ^.*$ - [F]

    The third argument ([OR]) in line:

    RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]

    is termed a "flag". In regard to conditions there
    exist two possible flags:

    NC (no case)
    OR (or next condition)

    Flag "NC" permits case insensitive testing of the condition pattern.

    Example

    RewriteCond %{HTTP_USER_AGENT} ^emailsiphon [NC]

    This line specifies that both "emailsiphon" and "EmailSiphon" shall be recognized.

    If you wish to use multiple flags, you may delimit them by commas.

    RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro

    There are no restrictions to the number of conditions. Thus, you could block 10, 100, 1000 or more established email harvesters. Defining these 1000 conditions is merely a question of server performance and of ".htaccess" transparency.

    In the above example, the string "HTTP_USER_AGENT" is being used.

    Further server variables are:

    REMOTE_HOST
    REMOTE_ADDR

    For example, if you want to block the spider comming from < www.cyveillance.com >, you will use variable "REMOTE_HOST". Thus:

    RewriteCond %{REMOTE_HOST} ^www\.cyveillance\.com$
    RewriteRule ^.*$ - [F]

    The dot "." in the domain name must be protected by "\" (backslash), otherwise it would be handled like any other meta character.

    If you want to block any given IP, the condition will read:

    RewriteCond %{REMOTE_ADDR} ^216\.32\.64\.10$
    RewriteRule ^.*$ - [F]

    In the regular expression, enter the IP in its entirety, delimited by the line anchors.

    You may even exclude a whole IP range from access:

    RewriteCond %{REMOTE_ADDR} ^216\.32\.64\.
    RewriteRule ^.*$ - [F]

    This example will cover all individual IPs from
    "216.32.64.0" through "216.32.64.255".

    Here's a little teaser quiz for you to check out your skills. (The solution will be featured in the next part of our tutorial.) Enjoy!


    RewriteCond %{REMOTE_ADDR} ^216\.32\.64
    RewriteRule ^.*$ - [F]

    Quiz question:
    --------------
    If we don't write "^216\.32\.64\." for a regular expression in the configuration above, but
    "^216\.32\.64" instead, will we get the identical effect, i.e. will this exclude the same IPs?

    Up until now we have used a simple RewriteRule which will generate an error message. In the 3rd part of our tutorial we will analyze how RewriteRule may be used to redirect visitors to specific files.

    Continue with this tutorial >>>


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More Web Development Articles
    More By Developer Shed

     

    IBM® developerWorks developerWorks - FREE Tools!


    NEW! Applying lean thinking to the governance of software development

    Effective governance for lean development isn’t about command and control. Instead, the focus is on enabling the right behaviors and practices through collaborative and supportive techniques. Hear from Scott Ambler on how it is far more effective to motivate people to do the right thing than it is to force them to do so. Learn how to form a lightweight, collaboration-based framework that reflects the realities of modern IT organizations.
    FREE! Go There Now!


    NEW! Best practices for software analysis: An introduction to the IBM Rational Software Analyzer application

    This whitepaper presents the benefits of successfully introducing static analysis into your organization using IBM Rational Software Analyzer. Additionally, it identifies some common pitfalls that can hinder the effective use of static analysis tooling as well as presents 10 simple strategies designed to help you quickly realize the value of static analysis using Rational Software Analyzer.
    FREE! Go There Now!


    NEW! Build Web services with transport-level security using Rational Application Developer V7, Part 1: Build Web services and Web services clients

    Build secure Web services with transport-level security using IBM Rational Application Developer V7 and IBM WebSphere Application Server V6.1. Follow this three-part series for step-by-step instructions about how to develop Web services and clients, configure HTTP basic authentication, and configure HTTP over SSL (HTTPS). This first part of the series walks you through building a Web service for a simple calculator application. You generate and test two different types of Web services clients: a Java Platform, Enterprise Edition (Java EE) client and a stand-alone Java client. You also handle user-defined exceptions in Web services.
    FREE! Go There Now!


    NEW! Did you say mainframe? e-kit

    Learn how you can extend modern application lifecycle management to IBM System z through the IBM Rational Software Delivery Platform (SDP). The Did you say mainframe? e-kit includes podcasts, webcasts, tutorials, white and red papers, demos, and articles designed to help ease the challenges of modernizing your enterprise. This complimentary kit for mainframe developers is a practical, how-to guide for making the most of an existing development environment, including the skills and infrastructure already in place at an established enterprise.
    FREE! Go There Now!


    NEW! Download DB2 Express-C 9.5

    Visit IBM developerWorks to download IBM DB2 Express-C 9.5, a no-charge version of DB2 Express 9 database server. DB2 Express-C offers the same core data server base features as other DB2 Express editions and provides a solid base to build and deploy applications developed using C/C++, Java, .NET, PHP, and other programming languages.
    FREE! Go There Now!


    NEW! Rational Modeling Extension for Microsoft.Net

    Rational Modeling Extension for Microsoft .NET enhances usability for code generation supporting a more intelligent refactoring. The latest enhancements enable organizations with Java and .NET systems and software development maintain architectural integrity across heterogeneous platforms.
    FREE! Go There Now!


    NEW! Successful Change and Release Management for .NET

    Join this webcast to discover the key requirements for successful change and release management. Learn how to extend your .NET environment to improve productivity and collaboration, and address core problems afflicting team development. In this webcast, we’ll review typical challenges faced by customers and how to resolve them with the IBM Rational Change and Release Management solution, including Rational ClearCase, Rational ClearQuest and Rational Build Forge. Replay is available for 9 months.
    FREE! Go There Now!


    NEW! The dirty dozen: preventing common application-level hack attacks

    As organizations have grown increasingly dependent on online software, the risk of malicious attacks has also become far more serious. Fortunately, well-governed organizations can protect their Web applications by injecting vulnerability assessments and ethical hacks into their software development and delivery processes. This paper describes 12 of the most common hacker attacks and provides basic rules that you can follow to help create more hack-resistant Web applications.
    FREE! Go There Now!


    NEW! Trial download: IBM Rational Functional Tester V7.0.1

    Get a free trial download of the latest version of IBM Rational Functional Tester V7.0.1. Rational Functional Tester is an automated functional and regression testing solution for QA teams concerned with the quality of their Java, Microsoft Visual Studio .NET, and Web-based applications.
    FREE! Go There Now!


    NEW! Webcast: Application security testing and Web compliance

    Join the IBM Watchfire team for an informative discussion on techniques and best practices to proactively manage Web application security and how to effectively build application security testing into the software development lifecycle (SDLC). In this Software Delivery Platform webcast you will learn: How to better understand potential web application security vulnerabilities, best practices and how to effectively integrate application security testing into the software development lifecycle, the importance of detecting and removing software vulnerabilities during application development.
    FREE! Go There Now!



    All FREE IBM® developerWorks Tools!

       

    WEB DEVELOPMENT ARTICLES

    - Is Your Site Secure?
    - What`s So Special About Your Site?
    - Add Games to Your Site
    - Should You Offer E-mail?
    - The Trouble with CAPTCHA
    - Add Images Responsibly
    - Is There a Science to Site Design?
    - Shortcuts for Page Design
    - Rebranding a Community
    - Firebug Firefox Extension Review
    - Is a CMS or Custom Code Better for Your Web ...
    - Tips To Increase Website Conversions
    - Forum Discussions and Getting Traffic for Yo...
    - About Drupal
    - Is Your Web Site Effective?

     
    Create the Optimal Architecture for your Critical Applications
    Warburton's the largest independently owned bakery in the UK faced a number of d....

     
    Five Best Practices for Deploying a Successful Service-Oriented Architecture
    This white paper describes the benefits you can expect with SOA, and how IBM can....

     
    Gartner Magic Quadrant for Application Delivery Controllers
    Gartner summarizes its view on Application Delivery Controllers, evaluates stren....

     
    Knowledge is Power
    What you don't know can hurt you, and is likely costing you money and increasing....

     
    Rationalizing the Multi-Tool Environment
    The rationalized multi-tool approach is flexible, scalable and cost effective. I....

     




    © 2003-2009 by Developer Shed. All rights reserved. DS Cluster 2 hosted by Hostway
    Stay green...Green IT