I'm using a produkt from Oracle called Application Express. This product uses the same URL structure for every call to the server.
I have two different applications installed on the same server and I have defined them as two virtual hosts in the Apache configuration file looking something like this:
- Code: Select all
<VirtualHost *:80>
ServerAdmin webmaster@domain1.no
DocumentRoot C:/oracle/product/10.2.0/htp/Apache/Apache/htdocs/domain1.no
ServerName www.domain1.no
ErrorLog C:/oracle/product/10.2.0/htp/Apache/Apache/logs/domain1.no-error_log
RewriteEngine On
RewriteRule ^/$ /pls/apex/f\?p\=100:100 [R=302,L,NE]
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@domain2.no
DocumentRoot C:/oracle/product/10.2.0/htp/Apache/Apache/htdocs/domain2.no
ServerName www.domain2.no
ErrorLog C:/oracle/product/10.2.0/htp/Apache/Apache/logs/domain2.no-error_log
RewriteEngine On
RewriteRule ^/$ /pls/apex/f\?p\=103:100 [R=302,L,NE]
</VirtualHost>
When someone calls www.domain1.no Apache rewrites the URL to www.domain1.no/pls/apex/f?p=100:100
The same goes for calls to www.domain2.no. These calls are rewritten to www.domain2.no/pls/apex/f?p=103:100
The first value in the 'p' parameter (shown in red) tells Application Express which application to access.
The problem I'm having is that the user can change this application value in the URL and then get access to the other domain. For example if the user enters www.domain1.no in the browser. Apache rewrites this to www.domain1.no/pls/apex/f?p=100:100. Then the user changes the url to www.domain1.no/pls/apex/f?p=103:100. Then the user suddenly accesses the application for www.domain2.no with the wrong domain name.
Is it possible to check this application value in all calls to that given domain and rewrite this value back to the default if it has been tampered with?
Best Regards
Trond