Mod_rewrite and PHP headers

la***********@zipmail.com wrote:

Hi,

I have verified that mod_rewrite is enabled on my Apache 2.2 instance.
However, now I'm having a problem just serving pages using .htaccess
files. Following Rik's advice, my .htaccess file is as follows

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} !^accesscontrol.php
RewriteRule ^(.*)$ accesscontrol.php?file=$1&%{QUERY_STRING} [NC,L]

Right now, my accesscontrol.php file only contains

<?php

header("HTTP/1.0 200 OK");

>>

But when I visit a php or html file in the directory with the
.htaccess file, I just get a blank browser screen and the page is not
served. I know the mod_rewrite module is working because I have
successfully used it. Any suggestions on what I'm doing wrong above?

A blank page may be served. A custom 404 document or indeed the page
requested will still have to be served, and will not automagically appear.

Try to check the header, livehttpheaders for Firfox or Fiddler for MSIE are
invaluable tools.

For instance, with you previous "HTTP/1/0 401 Unauthorised", the headers I
receive are:

HTTP/1.1 401 Unauthorized
Date: Fri, 27 Oct 2006 03:21:08 GMT
Server: Apache/2.2.2 (Win32) DAV/2 mod_ssl/2.2.2 OpenSSL/0.9.8b
mod_autoindex_color PHP/5.1.4
X-Powered-By: PHP/5.1.4
Content-Length: 24
Content-Type: text/html

But indeed, a blank page, because no error document is given.

In your accesscontrol you can either include your custom 401 document, or
serve the file after verification of the user.
--
Rik Wasmus

If data is POSTed to a PHP page (say form_response.php) and the request
is first intercepted by accesscontrol.php, if I determine that the user
is logged in and then have a line

include($requested_file) (as I believe was in your example)

will the POSTed request still be in tact for processing by
form_response.php?

Thanks for the help, - Dave

Rik wrote:

la***********@zipmail.com wrote:

Hi,

I have verified that mod_rewrite is enabled on my Apache 2.2 instance.
However, now I'm having a problem just serving pages using .htaccess
files. Following Rik's advice, my .htaccess file is as follows

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} !^accesscontrol.php
RewriteRule ^(.*)$ accesscontrol.php?file=$1&%{QUERY_STRING} [NC,L]

Right now, my accesscontrol.php file only contains

<?php

header("HTTP/1.0 200 OK");

>

But when I visit a php or html file in the directory with the
.htaccess file, I just get a blank browser screen and the page is not
served. I know the mod_rewrite module is working because I have
successfully used it. Any suggestions on what I'm doing wrong above?

A blank page may be served. A custom 404 document or indeed the page
requested will still have to be served, and will not automagically appear.

Try to check the header, livehttpheaders for Firfox or Fiddler for MSIE are
invaluable tools.

For instance, with you previous "HTTP/1/0 401 Unauthorised", the headers I
receive are:

HTTP/1.1 401 Unauthorized
Date: Fri, 27 Oct 2006 03:21:08 GMT
Server: Apache/2.2.2 (Win32) DAV/2 mod_ssl/2.2.2 OpenSSL/0.9.8b
mod_autoindex_color PHP/5.1.4
X-Powered-By: PHP/5.1.4
Content-Length: 24
Content-Type: text/html

But indeed, a blank page, because no error document is given.

In your accesscontrol you can either include your custom 401 document, or
serve the file after verification of the user.
--
Rik Wasmus

la***********@zipmail.com wrote:

If data is POSTed to a PHP page (say form_response.php) and the
request
is first intercepted by accesscontrol.php, if I determine that the
user
is logged in and then have a line

include($requested_file) (as I believe was in your example)

will the POSTed request still be in tact for processing by
form_response.php?

Well, I simple test could have told you that, but yes, it will be available
(contrary to redirects done with header('Location: etc..');, this
redirection is done internally in the webserver and will make the POST (and
COOKIE & FILES) available to the script).

Be sure though, that the file that is requested is indeed one of your
locally hosted trusted files.
--
Rik Wasmus

You have been so helpful. I must trouble you with one more question.
You had these lines in your accesscontrol.php file

$path = parse_url($_GET['file'],PHP_URL_PATH);
$file = dirname(__FILE__).'/'.$fake_url['path'];

But I'm getting the following errors ...

Notice: Use of undefined constant PHP_URL_PATH - assumed 'PHP_URL_PATH'
in /usr/local/apache2/htdocs/refillingstation/admin/accesscontrol.php
on line 14

Warning: parse_url() expects exactly 1 parameter, 2 given in
/usr/local/apache2/htdocs/refillingstation/admin/accesscontrol.php on
line 14

Notice: Undefined variable: fake_url in
/usr/local/apache2/htdocs/refillingstation/admin/accesscontrol.php on
line 15
What was the intent of what you were trying to do here?

Thanks, - Dave
Rik wrote:

la***********@zipmail.com wrote:

If data is POSTed to a PHP page (say form_response.php) and the
request
is first intercepted by accesscontrol.php, if I determine that the
user
is logged in and then have a line

include($requested_file) (as I believe was in your example)

will the POSTed request still be in tact for processing by
form_response.php?

Well, I simple test could have told you that, but yes, it will be available
(contrary to redirects done with header('Location: etc..');, this
redirection is done internally in the webserver and will make the POST (and
COOKIE & FILES) available to the script).

Be sure though, that the file that is requested is indeed one of your
locally hosted trusted files.
--
Rik Wasmus

la***********@zipmail.com wrote:

You have been so helpful. I must trouble you with one more question.
You had these lines in your accesscontrol.php file

$path = parse_url($_GET['file'],PHP_URL_PATH);
$file = dirname(__FILE__).'/'.$fake_url['path'];

Please fix you topposting.

Further:forget that, that was temporary insanity, because I expected a
query-string in $_GET['file']. That is offcourse already taken care of in
the .htaccesss, so $file = dirname(__FILE__).'/'.$_GET['file'] should
replace above lines.
--
Rik Wasmus