POSTing via .htaccess

Is there a way to POST to a page via some mechanism in an
..htaccess file?

--
Jim Carlock

Re: POSTing via .htaccess

On Jun 20, 11:43 pm, "Jim Carlock" wrote:
> Is there a way to POST to a page via some mechanism in an
> .htaccess file?
>
> --
> Jim Carlock

huh, that's an odd question? Perhaps mod security could be configured
to conditionally edit the post_payload, but I have never looked at
that, I only know it can intercept and filter the post_payload based
on rules.

Re: POSTing via .htaccess

On Jun 20, 11:43 pm, "Jim Carlock" wrote:
> Is there a way to POST to a page via some mechanism in an
> .htaccess file?

"shimmyshack" wrote:
: huh, that's an odd question? Perhaps mod security could be
: configured to conditionally edit the post_payload, but I have never
: looked at that, I only know it can intercept and filter the post_payload
: based on rules.

Well, what I wanted to do was create a custom 404 page that gets
a POST. One of the items in the POST would be the URL, the other
would be the error number, 404.

--
Jim Carlock

Re: POSTing via .htaccess

On Jun 21, 12:40 am, "Jim Carlock" wrote:
> On Jun 20, 11:43 pm, "Jim Carlock" wrote:
>
> > Is there a way to POST to a page via some mechanism in an
> > .htaccess file?
> "shimmyshack" wrote:
>
> : huh, that's an odd question? Perhaps mod security could be
> : configured to conditionally edit the post_payload, but I have never
> : looked at that, I only know it can intercept and filter the post_payload
> : based on rules.
>
> Well, what I wanted to do was create a custom 404 page that gets
> a POST. One of the items in the POST would be the URL, the other
> would be the error number, 404.
>
> --
> Jim Carlock

it all depends on your problem!
if you are POSTing to a page that might not be there, then you could
use a rewrite
"if the page doesnt exist rewrite it to 404.php"
that page would have access to the original request_uri and to the
post payload - however you would have to set the 404 header manually
in the rewrite otherwise the server would send a 200 OK header back,
not what you want probably, and as PHP is unable to override the
header, it needs to be set at the end of the rewrite.
But is that your problem, or is it just one of "knowing what the
original url was that failed?"
that can be solved without the need to POST the data along.

Re: POSTing via .htaccess

Searching...
mod_security site:httpd.apache.org

Not much turns up.

It's time to learn how a POST works. If anyone can suggest any links
to help out with either POST or mod_security, that'd be great.

Thanks.

--
Jim Carlock

Re: POSTing via .htaccess

On Jun 21, 12:40 am, "Jim Carlock" wrote:
> Well, what I wanted to do was create a custom 404 page that gets
> a POST. One of the items in the POST would be the URL, the other
> would be the error number, 404.


"shimmyshack" wrote:
: if you are POSTing to a page that might not be there,

Huhh? You lost me there, was that a typo? I'm POSTing to a custom
404 page. But it's one of the regular pages. And I haven't quite figured
out how to get the POST data to the page, yet.


# set up and configure the custom 404 page
ErrorDocument 404 custom_404_uri_not_displayed_in_newsgroup

#
# handle mistyped domain names
# qqq. -> www.
# aquaticcreationsnc.com -> www.aquaticcreationsnc.com
#
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.aquaticcreationsnc\.com [nc]
RewriteRule ^(.*) http://www.aquaticcreationsnc.com/$1 [R=301,L]
# ...


: then you could use a rewrite "if the page doesnt exist rewrite it to 404.php"
: that page would have access to the original request_uri and to the
: post payload

Right, I want to put the information into the POST payload to the page
identified above as "custom_404_uri_not_displayed_in_newsgroup".

: - however you would have to set the 404 header manually in the rewrite
: otherwise the server would send a 200 OK header back,

Okay, here's my understanding... please correct if wrong.

Apache receives a request for a no_existing_page. It identifies that
the page does not exist and replies with a custom header which does
the following:

(1) It sends a 404 message.
(2) The browser receives a 404 header.
(3) It then sends a redirection header (?) to a new URI.
(4) The browser receives the redirection message and goes to the
new URI which in turn receives the HTTP_REFERRAL (may not
exist) and a 200 RESPONSE.

: PHP is unable to override the header, it needs to be set at the end
: of the rewrite.

Okay, that means using a RewriteCond and RewriteRule instead of
the ErrorDocument 404? Correct?

: that can be solved without the need to POST the data along.

You've got my attention. I'm interested in what you have to say.

I'm getting ready to do some more research on the POST subject.
I need to get a better understanding of how that works. I'm guessing
that the POST details come through as some sort of separate header.

Thanks.

--
Jim Carlock

Re: POSTing via .htaccess

On Jun 21, 3:25 pm, "Jim Carlock" wrote:
> On Jun 21, 12:40 am, "Jim Carlock" wrote:
>
> > Well, what I wanted to do was create a custom 404 page that gets
> > a POST. One of the items in the POST would be the URL, the other
> > would be the error number, 404.
> "shimmyshack" wrote:
>
> : if you are POSTing to a page that might not be there,
>
> Huhh? You lost me there, was that a typo? I'm POSTing to a custom
> 404 page. But it's one of the regular pages. And I haven't quite figured
> out how to get the POST data to the page, yet.
>
>
> # set up and configure the custom 404 page
> ErrorDocument 404 custom_404_uri_not_displayed_in_newsgroup
>
> #
> # handle mistyped domain names
> # qqq. -> www.
> # aquaticcreationsnc.com ->www.aquaticcreationsnc.com
> #
> RewriteEngine On
> RewriteCond %{HTTP_HOST} !^www\.aquaticcreationsnc\.com [nc]
> RewriteRule ^(.*)http://www.aquaticcreationsnc.com/$1[R=301,L]
> # ...
>
>
> : then you could use a rewrite "if the page doesnt exist rewrite it to 404.php"
> : that page would have access to the original request_uri and to the
> : post payload
>
> Right, I want to put the information into the POST payload to the page
> identified above as "custom_404_uri_not_displayed_in_newsgroup".
>
> : - however you would have to set the 404 header manually in the rewrite
> : otherwise the server would send a 200 OK header back,
>
> Okay, here's my understanding... please correct if wrong.
>
> Apache receives a request for a no_existing_page. It identifies that
> the page does not exist and replies with a custom header which does
> the following:
>
> (1) It sends a 404 message.
> (2) The browser receives a 404 header.
> (3) It then sends a redirection header (?) to a new URI.
> (4) The browser receives the redirection message and goes to the
> new URI which in turn receives the HTTP_REFERRAL (may not
> exist) and a 200 RESPONSE.
>
> : PHP is unable to override the header, it needs to be set at the end
> : of the rewrite.
>
> Okay, that means using a RewriteCond and RewriteRule instead of
> the ErrorDocument 404? Correct?
>
> : that can be solved without the need to POST the data along.
>
> You've got my attention. I'm interested in what you have to say.
>
> I'm getting ready to do some more research on the POST subject.
> I need to get a better understanding of how that works. I'm guessing
> that the POST details come through as some sort of separate header.
>
> Thanks.
>
> --
> Jim Carlock


does not work:
ErrorDocument 404 http://www.server.com/custom_404.php
works:
ErrorDocument 404 /custom_404.php

if you set the custom 404 locally then you have access to various
REDIRECT codes:
http://httpd.apache.org/docs/2.2/custom-error.html
REDIRECT_HTTP_ACCEPT
REDIRECT_HTTP_USER_AGENT
REDIRECT_PATH
REDIRECT_QUERY_STRING
REDIRECT_REMOTE_ADDR
REDIRECT_REMOTE_HOST
REDIRECT_SERVER_NAME
REDIRECT_SERVER_PORT
REDIRECT_SERVER_SOFTWARE
REDIRECT_URL
these should be available to some degree within phhp as well. I think
$_SERVER['REDIRECT_ERROR_NOTES'] might be useful to you as well in
this situation.

SOrry if I cannot understand your issue, to me it seems as if you are
stuck on "why did my user get to the 404 page" - I could well be wrong
- today is an off day!

Re: POSTing via .htaccess

"shimmyshack" wrote:
: if you are POSTing to a page that might not be there,

Ok. I figured out what you meant there. The ErrorDocument
I posted is set up correctly on the server. And I interpreted
your previous response to indicate using mod_rewrite. I'm
re-reading the mod_rewrite page.

I do not want to post a bad link to the website. The website
is a valid website.

http://www.aquaticcreationsnc.com/

Aquatic Creations sells swimming pools, spas and custom
built water features and stone features in North Carolina.

By adding an invalid page name to the link above you will see
that the page effectively (currently) gets redirected to:

http://www.aquaticcreationsnc.com/swimming/pool/builder/nc/

I started to set that page up to handle the POST processing, but
at the moment a full understanding of how the POST process works
currently lacks a presence here.

I do not want to keep the POST contents intact (that come from the
user), I just want to handle the 404 error when an unknown page gets
typed into the browser.

I am missing out on something fundamental, no? :-)

Thanks.

--
Jim Carlock
Swimming pools, custom water features, custom rock features,
custom built, commercial and residential in North Carolina
http://www.aquaticcreationsnc.com/swimming/pool/builder/nc/

Re: POSTing via .htaccess

"Jim Carlock" schreef in bericht
news:467aaf62$0$20554$4c368faf@roadrunner.com...
> By adding an invalid page name to the link above you will see
> that the page effectively (currently) gets redirected to:
>
> http://www.aquaticcreationsnc.com/swimming/pool/builder/nc/
>
It's redirected with response code 301 which is a BAD thing to do.
When a requested item is not found the server has to respond 404.
Check chapter 10 of http://www.faqs.org/rfcs/rfc2616.html

Not sending a 404 may among other things cause google to keep nagging at
your door for a file long gone.
There is even a risk the _site_ gets banded for duplicate content: the
message telling a file is missing has too many links to it ...

You should focus on this directive thereafter
http://httpd.apache.org/docs/2.2/mod/core.html#errordocument

> I do not want to keep the POST contents intact (that come from the
> user), I just want to handle the 404 error when an unknown page gets
> typed into the browser.
POST is not the default way a browser makes a request. A POSTed request
running into a file-not-found is in general a mistake by the sites
maintainer.

GET is used the fast majority of requests like GET /thispage.html or GET
/shoppingbasket.cgi?action=add&productid=12345
POST is the lesser common HTTP command next to GET and is only used on
demand at a (large) webform or by form-based uploads.
Check paragraphs 9.3 and 9.5 of http://www.faqs.org/rfcs/rfc2616.html

User supplied data is lost (for ever) during redirect of a POSTed request.
The data added to the URL of a GET-request can be maintained during
redirects.
Unsure whether errordocument processing handles this the same way.

HansH

Re: POSTing via .htaccess

On Jun 21, 10:09 pm, "HansH" wrote:
> "Jim Carlock" schreef in berichtnews:467aaf62$0$20554$4c368faf@roadrunner.com...> By adding an invalid page name to the link above you will see
> > that the page effectively (currently) gets redirected to:
>
> >http://www.aquaticcreationsnc.com/swimming/pool/builder/nc/
>
> It's redirected with response code 301 which is a BAD thing to do.
> When a requested item is not found the server has to respond 404.
> Check chapter 10 ofhttp://www.faqs.org/rfcs/rfc2616.html
>
> Not sending a 404 may among other things cause google to keep nagging at
> your door for a file long gone.
> There is even a risk the _site_ gets banded for duplicate content: the
> message telling a file is missing has too many links to it ...
>
> You should focus on this directive thereafterhttp://httpd.apache.org/docs/2.2/mod/core.html#err ordocument
>
> > I do not want to keep the POST contents intact (that come from the
> > user), I just want to handle the 404 error when an unknown page gets
> > typed into the browser.
>
> POST is not the default way a browser makes a request. A POSTed request
> running into a file-not-found is in general a mistake by the sites
> maintainer.
>
> GET is used the fast majority of requests like GET /thispage.html or GET
> /shoppingbasket.cgi?action=add&productid=12345
> POST is the lesser common HTTP command next to GET and is only used on
> demand at a (large) webform or by form-based uploads.
> Check paragraphs 9.3 and 9.5 ofhttp://www.faqs.org/rfcs/rfc2616.html
>
> User supplied data is lost (for ever) during redirect of a POSTed request.
> The data added to the URL of a GET-request can be maintained during
> redirects.
> Unsure whether errordocument processing handles this the same way.
>
> HansH

yeah this is my advice too Jim, if your custom error page handles
POSTed data and somehow acts on this, you want to change the logic so
that instead is uses parts from the $_SERVER array, all the info about
the errors are stored in that array, no need for $_POST.
I have personally never heard of [or ever tried] the method you are
wanting advice on, because there are better ways with less steps which
don't require javascript, it's just not good practise IMHO.
For instance using .htaccess files to serve error pages which trap the
error and email it on to me, just takes a few
ErrorDocument xxx /errors/sorry.php?code=xxx
lines, and then parts from the $_SERVER array, and bob's your uncle.
I wish I could understand your motivation in this, but we seem to have
our wires crossed, my advice is to google around for solutions that
others have come up with and see if any take your fancy if you can't
use the ones in the apache manual, or here in this list. good luck!

Re: POSTing via .htaccess

"shimmyshack" wrote...
: ErrorDocument xxx /errors/sorry.php?code=xxx
: lines, and then parts from the $_SERVER array, and bob's your uncle.
: I wish I could understand your motivation in this, but we seem to have
: our wires crossed, my advice is to google around for solutions that
: others have come up with and see if any take your fancy if you can't
: use the ones in the apache manual, or here in this list. good luck!

Ok, currently it's set up with:

ErrorDocument 404 http://www.aquaticcreationsnc.com/swimming/pool/builder/nc/

But according to HansH, and from what I'm reading at the link that
HansH posted...

http://httpd.apache.org/docs/2.2/mod/core.html#errordocument

I think I'm seeing that I'm getting a 401 ??? I need a tool to grab the
status codes that a server sends to the browser. I thought I read that
wget does this.

I've tried some things suggested by the Apache page above, but I'm
not getting something right.

ErrorDocument 404 /cgi-bin/bad_urls.pl


ErrorDocument 404 default


I've changed the directory to what I get from the
$_SERVER['DOCUMENT_ROOT'] variable but that does not
work.

Everything I've tried for the ErrorDocument line above, without
using a following set of tags, ends up in a server
produced error message. One of the errors was an error 500 but
the rest tended to produce a message with no error code.

I've struck out a few times in this.

So far, I only get it to redirect to another webpage when I place
http:// at the front of the URI I want it to go to.

As far as the POST/GET goes... IF I use GET, I'll have to
configure a special robots meta tag for anything with a GET
in the URI to make sure web robots do not log it as a valid
page.


or


So I wondered if Apache provided a way to do the POST thing.

Just looking for options. But I'm ending up having
a difficult time with the ErrorDocument right at the moment.
I must be doing something wrong.

--
Jim Carlock
Custom Designed Swimming Pools
http://www.aquaticcreationsnc.com/swimming/pool/builder/nc/v iewing1.php

Re: POSTing via .htaccess

And yes, wget -S http://... works and provides the following:

HTTP request sent, awaiting response...
1 HTTP/1.1 302 Found
2 Date: Mon, 25 Jun 2007 00:12:20 GMT
3 Server: Apache
4 Location: http://www.aquaticcreationsnc.com/swimming/pool/builder/nc/
5 Connection: close
6 Content-Type: text/html; charset=iso-8859-1

So I need to figure out how to get the ErrorDocument to send
the 404 response.

And the following:

ErrorDocument 404 /swimming/pool/builder/nc/

Sends the 404 response, but the redirection occurs, but the web
browser still shows the mistyped address in the address bar. So
that ends up confusing, especially to the people visiting the web-
site. They think they're visiting a valid page (and it is a valid page!
but the URI they typed into the address bar is messed up).

So if I send a 404 response and redirect to the 404 page, how
do I make sure the web-browser indicates the new URI? What's
the best way to handle this?

--
Jim Carlock
Custom Designed Swimming Pools
http://www.aquaticcreationsnc.com/swimming/pool/builder/nc/v iewing1.php

Re: POSTing via .htaccess

"HansH" wrote...
: Not sending a 404 may among other things cause google to keep nagging
: at your door for a file long gone.
:
: There is even a risk the _site_ gets banned [sic corrected ]for duplicate
: content: the message telling a file is missing has too many links to it...

Thanks, Hans. Yes, the site currently has a low page rank and is
LINK banned. Google SITE banned it a couple years ago for some
other things. The other things were corrected. It is currently LINK
banned, meaning if you type link:aquaticcreationsnc.com nothing
shows up inside of Google.

site:aquaticcreationsnc.com turns up some pages, but some things
need fixing there which is all server-side PHP processing that needs
to get configured, as well as a database of pictures.

I'm trying to get out of the LINK: ban. And the first step involves
getting this custom 404 page to work properly.

--
Jim Carlock
Custom Designed Swimming Pools
http://www.aquaticcreationsnc.com/swimming/pool/builder/nc/v iewing1.php

Re: POSTing via .htaccess

"Jim Carlock" schreef in bericht
news:467f0dbb$0$24776$4c368faf@roadrunner.com...
> "HansH" wrote...
> : Not sending a 404 may among other things cause google to keep nagging
> : at your door for a file long gone.
> :
> : There is even a risk the _site_ gets banned [sic corrected ]for
> duplicate
> : content: the message telling a file is missing has too many links to
> it...
>
> Thanks, Hans. Yes, the site currently has a low page rank and is
> LINK banned. Google SITE banned it a couple years ago for some
> other things. The other things were corrected. It is currently LINK
> banned, meaning if you type link:aquaticcreationsnc.com nothing
> shows up inside of Google.
Some OTHER site has to point to yours, show some.

HansH

Re: POSTing via .htaccess

"Jim Carlock" schreef in bericht
news:467f0ba9$0$24789$4c368faf@roadrunner.com...
> ErrorDocument 404 /swimming/pool/builder/nc/
This should point to a special page stating a problem occurred while
locating the resource for a given URI.

> Sends the 404 response, but the redirection occurs,
NO, that's no redirection, that's showing the status-related page.

Each response has a status header and optional some data to be shown.

BTW Your errordocument has to be over 512 bytes to get IE to show it!

Google in general only indexes or followes status 2xx of 3xx.
Be aware of some browsers CACHING 3xx too ...

> but the web browser still shows the mistyped address in the address
> bar. So that ends up confusing, especially to the people visiting the web-
> site.
I disagree, removing the failing link makes it harder to SEE what's up!

> They think they're visiting a valid page (and it is a valid page!
> but the URI they typed into the address bar is messed up).
Most likely a windows2linux conversion now failing on mixed cases.

> So if I send a 404 response and redirect to the 404 page, how
> do I make sure the web-browser indicates the new URI? What's
> the best way to handle this?

Try to reconstruct a messed up URI with some rewrite-voodoo.
Give some samples of messed up URIes and their working conterparts.

HansH