Home > Mobile >  .htaccess rewrite rule to external domain - client IP and HTTP referer
.htaccess rewrite rule to external domain - client IP and HTTP referer

Time:11-01

let's say i'm running a web site at www.domain1.com

in ".htaccess" i do a redirect to an external "domain2" as follows:

RewriteEngine On
RewriteBase /

RewriteRule ^mydirectory/(.*)$ http://www.domain2.com/mydirectory/$1 [NC,L]

note that in the RewriteRule i'm not passing the flags [R] or [R=301].

and now i'm opening http://www.domain1.com/mydirectory/ from a web browser.

in the logs of that external "domain2", what exactly will show up as:

  • client IP
  • HTTP referrer (referer)

will the client IP be from the actual client web browser, or from my web server running at "domain1"?
will there be any hints that it got "redirected" from my "domain1"? in the "referer" field, for example?

and will the web client will be notified about any "redirection" status code?

CodePudding user response:

will the client IP be from the actual client web browser, or from my web server running at "domain"?

The "actual client web browser". (Or, whatever IP would normally be reported when that client makes a request to domain2.com, as they could be connecting through a proxy server, VPN, etc.)

A redirect response from domain1.com is an instruction for the client to make an entirely new request to domain2.com.

will there be any hints that it got "redirected" from my "domain1"? in the "referer" field, for example?

Not if you make the redirect as soon as the user first arrives at domain1.com. Generally, the browser preserves the Referer header from the previous "non-redirected" request. The redirect itself does not generate a Referer.

So, if you make a direct request to domain1.com (ie. no Referer) then no Referer will be passed in the redirected request to domain2.com.

However, if a user followed a link from another-domain.com to domain1.com (ie. another-domain.com is the Referer) and you issue a "redirect" from domain1.com to domain2.com then the browser would pass another-domain.com as the Referer (by default).

And if you allowed the user to browse domain1.com for a while (navigating from page to page - which will naturally generate a Referer) before issuing a redirect to domain2.com then domain1.com will likely be seen as the Referer when the client makes the request to domain2.com. At least, by default, this can be overridden by setting a Referrer-Policy (in modern browsers) on the referring site.

Of course, the user may have configured their browser to suppress the Referer and the originating website (eg. another-domain.com, or domain1.com) can also suppress the Referer being sent by setting a Referrer-Policy in modern browsers. Old browsers (such as IE11) do not support this, so you are at the mercy of whatever defaults the browser uses.

and will the web client will be notified about any "redirection" status code?

Yes, that's what a redirect is.

If domain1.com redirects to domain2.com then...

  1. domain1.com sends a 3xx redirect response back to the client with a Location HTTP response header telling the client of the URL to make a request to.

  2. The client's browser then makes a new request to the URL stated in the Location header.

RewriteEngine On
RewriteBase /

RewriteRule ^mydirectory/(.*)$ http://www.domain2.com/mydirectory/$1 [NC,L]

Note that this generates a 302 (temporary) redirect, even though the status code (R or R=301) is not explicitly stated. (The RewriteBase directive is entirely superfluous here.)

Page link:https//www.codepudding.com/Mobile/174310.html

Prev:React Redirect with a parameter
Next:C#: Can you apply the ternary conditional operator (?:) to statements?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding