As part of a session security feature I am checking $ENV{REMOTE_ADDR} to make sure the users IP is the same during the whole stay on a website.
Some parts of the website show a waiting screen, if for example the rendering of a file takes some seconds, and I redirect the user to a result screen by the use of a meta tag <meta http-equiv="refresh" content="$time; URL=…">.
Unfortunately after this redirect the $ENV{REMOTE_ADDR} variable does not return the users IP but the one from the server.
Is there something I am missing to get this to work properly and/or are there alternatives I could use to redirect the user?
For various reasons htaccess or http-header redirects are not an option and I don't want to use JavaScript for this.
I am already using a 'click me' button to allow the user to manually skipping the wait.
You could try to alter between temporary/permanent type of redirect. Check in server logs, the the http code is 301 or 302?
I misread the accesslogs … it was actually a different script executed on the server, therefore having the servers IP, which caused all this.
Related
I noticed Amazon S3 Redirect rule - GET data is missing but after following the accepted answer my query params still are not being preserved.
I have a site that uses React and React Router, meaning I have several URLs that load identical HTML and JS and then the JS figures out which part of the app to load based on the URL.
For example:
/foo, /bar, /baz all should load index.html, which loads bundle.js. Then bundle.js observes the URL and routes to some React component (also in bundle.js).
However no foo, bar, or baz file exists in S3, only index.html. What I want to do is when I get a 404, redirect to /#!/{URL} (eg. /foo redirects to /#!/foo). This works fine with my redirect rule (below). However, I also want to bring query params with me (eg. /foo?ping=pong redirects to /#!/foo?ping=pong) but instead /foo?ping=pong just redirects to /#!/foo.
Here are my redirect rules:
<RoutingRules>
<RoutingRule>
<Condition>
<HttpErrorCodeReturnedEquals>404</HttpErrorCodeReturnedEquals>
</Condition>
<Redirect>
<Protocol>http</Protocol>
<HostName>www.mydomain.com</HostName>
<ReplaceKeyPrefixWith>#!/</ReplaceKeyPrefixWith>
</Redirect>
</RoutingRule>
</RoutingRules>
Any ideas on some way I can achieve this? Ideally without having to go change something in S3/CloudFront every time I add a new page?
The problem was that I had the origin set up in CloudFront not to forward Query Strings so when S3 got the request it would redirect properly without the query params. You can find this setting in CloudFront > Behaviors > Forward Query Strings.
If you want to have clear urls though you can also check out this trick. You need to setup cloudfront distribution and then alter 404 behaviour in "Error Pages" section of your distribution. That way you can again domain.com/foo/bar links :)
The menus and options in CloudFront/S3 change a lot over time.
Here is a December 2021 solution.
Step 1) Create a "Request" Policy in CloudFront that allows QueryStrings
Note: you might want to also add some Headers like Origin or Access-Control-... headers for CORS.
Step 2) Go to your Distribution > Update the Origin request policy
Step 3) Kick a new Invalidation on /*
Additional Notes for Debuging/Testing
I would recommend testing with curl in terminal rather than a browser to avoid caching and also seeing the details. I do curl -v https://example.com/cb?foo=bar1.
Keep increasing the value of the query string (bar1 in the above example, to bar2, bar3) with every test to make such there is no caching again.
I'm using the pathologic module, and currently when a node is deleted users will get a 404 error. I want to set up a Rule such that when ANY node is deleted, a redirect is put in place to send users looking for that path to the HOME page.
Do I need Rules for this, and if so, what is the best method? I haven't been able to successfully get this to work so far because of the interaction between the nid and the pathologic-created redirect. Many of my users have been sent URLs in email, etc. and I don't want them to get a 404.
Thanks in advance!
One soulition could be for you:
install https://www.drupal.org/project/hook_post_action module
write your own module in which you implement hook_node_postdelete($node) in which you set a drupal_goto()
Context: I'm developing a website for a conference happening early next year. I'm using tito.io to process registrations and Github Pages to host the website.
At the moment, users register by visiting https://tito.io/maine-civic-hack-day/maine-civic-hack-day-2013. I'd like to clean that up, and point them to http://mainecivichackday.com/register instead.
I've read about 301, 302, and masked redirects, but as far as I've seen so far, those are applicable to subdomains. For instance, I can make this work with register.mainecivichackday.com, but not with mainecivichackday.com/register.
What are my options?
TLDR: how do I point a.com/b to c.com?
You can set up a redirect on the a.com/b page to b.com/a but the user will see that they were redirected to.
If you want it to show as a clean url to the user, the webserver at tito.io will have to be configured to answer to your desired url such as http://register.mainecivichackday.com
I have requirement that once user has logged in and is authenticated URL should be changed to SSL and when he logs out url is back to HTTP.
I am aware about Properties in webpart where we can set YES/NO/INHERITS/NEVER.
I am able to set HTTPS permanently but not dynamically.
Any suggestion/help is appreciated.
I'm not aware of any functionality within Kentico to do this, but you should be able to create a webpart and place it on the masterpage. This web part would just check the current user, and if there is a user that is logged in redirect to https version and vice versa.
You could also add some logic to make sure it doesn't do this in the the edit tab in cmsdesk.
You can check the user with
CMSContext.CurrentUser
Some help with redirecting to the secure page can be found at
asp.net c# redirecting from http to https
As rocky said there is not functionality out of the box that will do this for you.
You need to create a web part like it was suggested by Lukek that checks that the user is logged in and redirects them to the https address.
The code below will redirect.
if (!Request.IsLocal && !Request.IsSecureConnection)
{
string redirectUrl = Request.Url.ToString().Replace("http:", "https:");
Response.Redirect(redirectUrl);
}
As suggested bu lukek you need to check the CMSContext.CurrentUser however I would also use the HttpContext.User property.
That will enforce the request to be https.
This is a little different than all the other Rails 3 redirect https questions out there. Let me explain.
In order to publish our site with Phusion Passenger we had to create a subdomain and use a symlink (or softlink or alias) from the www/rails folder to /home/user/app/railsapp.
In order for the HTTPS to work (because of various domains issues) we need to have a rewrite mod that actually creates this route:
https://my.site.com/rails
Notice the trailing /rails route.
This route does not exist on our app. So what I need is a way to redirect anything that comes in with that route to:
https://my.site.com/login
So I thought I'd do this, in the routes.rb file have this:
match '/rails' => 'sessions#redirect_to_login'
In sessions_controllers.rb:
def redirect_to_login
redirect_to login_path, :status => :moved_permanently
end
This results in the app complaining that it can't find /rais/login/ so it's still seeking that /rails bit.
If I add something like redirect_to "/" which in turn will send you to my.site.com/login with a redirect when you're not logged in, I'll get an error of too many redirects in the browser.
redirect_to login_url didn't do the trick either.
It gets a bit more complicated in the sense that whenever I'm using the https protocol for that site, it will append that /rails route so I need a way to remove it from all the links. For example, https://my.site.com/movies will get translated to https://my.site.com/rails/movies.
Either remove the /rails or redirect all https traffic to http except for the login page.
I'm sure there is a relatively easy fix for this, but I can't figure it out.
Help is appreciated.