Mod_Rewrite Forums

[jdornbos]

I need to redirect traffic from a particular customer's web site into a FileMaker database, keeping/using their logon information so they don't have to re-login at our site.

The .htaccess file in that directory reads:

RewriteEngine On
Options +FollowSymlinks
RewriteBase /
RewriteRule ^davison.html$ %{QUERY_STRING}@/fmi/iwp/cgi?-db=davison&-loadframes


The query string is the username and password in the form of uname:pword.

The output is *almost* perfect... the redirected url is:
/uname:pword@fmi/iwp/cgi?-db=davison&-loadframes

the problem is the leading /... I need the output to be:
uname:pword@fmi/iwp/cgi?-db=davison&-loadframes

Any pointers?

Thanks
Jim

[jdornbos]

After failing to remove the leading /, my next options seem to be "presetting" either a value for REMOTE_USER or inserting an Authorization header before doing an internal redirect to the database.

Are either of those possible using mod_rewrite on Apache 1.3.33 and if so, how?

I've tried the following code in .htaccess, which generates an error from Apache. When I comment out the rule for setting Remote User, it redirects fine.

Code: Select all

RewriteEngine On
Options +FollowSymlinks
RewriteBase /
RewriteRule ^davison.html$ - [E=REMOTE_USER:Basic c3dpbGxpczoxMjM0NQ==]
RewriteRule ^davison.html$ /fmi/iwp/cgi?-db=davison&-loadframes

If setting remote_user isn't possible, is there a way to insert an authorization header in the form of:

Code: Select all

Authorization: Basic c3dpbGxpczoxMjM0NQ==

as if it's being supplied by the user's browser?

Thanks for any help you can offer.

Jim

[Caterham]

so your initial request looked like

domain.com/davison.html?uname:pword

? And it should go to what location (domain?)

Shouldn't it be

Code: Select all

http://%{QUERY_STRING}@domain.com/fmi/iwp/cgi?-db=davison&-loadframes

____
try

Code: Select all

RequestHeader set Authorization "Basic c3dpbGxpczoxMjM0NQ=="

[jdornbos]

[quote]Shouldn't it be

Code: Select all

http://%{QUERY_STRING}@domain.com/fmi/iwp/cgi?-db=davison&-loadframes [/quote]

And that's the heart of the entire problem. I can't use an external redirect with uname:pword in it because Internet Explorer pukes on it.

I was simply using that filename, davison.html, as my easy flag to spot for redirection. Every request from our partner site would target that filename and come in the form of davison.html?uname:pword. I match on the filename then have to figure out how to sneak my way into the database.

RequestHeader gave me the following error:
.htaccess: Invalid command 'RequestHeader', perhaps mis-spelled or defined by a module not included in the server configuration.

I'll do some looking around tomorrow and see what piece I might be missing.

Thanks
Jim

[/code]

[Caterham]

take a look in httpd.conf, if mod_headers is loaded (probably not the case here)

LoadModule headers_module modules/mod_headers.so

and for apache 1.3 also

AddModule mod_headers.c

try to porxy

http://%{QUERY_STRING}@127.0.0.1/fmi/iwp/cgi?-db=davison&-loadframes [P,L]

make sure, it remains internal, otherwise you'll have traffic two times.

I was simply using that filename, davison.html, as my easy flag to spot for redirection. Every request from our partner site would target that filename and come in the form of davison.html?uname:pword. I match on the filename then have to figure out how to sneak my way into the database.

No, this is definitely impossible, because with this "information" xy:qw@domain, the browser generates the request header.

Robert