Month: May 2013

Configuring Apache to Redirect All Traffic to One Local URL

GOAL

You want to redirect all requests to your web server to a single page on the server.

PROBLEM

Note that redirection to an entirely different server is trivial with RedirectMatch. You can redirect all traffic to http://my-server.org to http://other-server.org by adding this rule to the Apache config files for http://my-server.org

#  Redirecting to another server - WRONG!  Not our goal.
RedirectMatch ^.*$ http://other-server.org/

However, we want to redirect all traffic to one local URL, you might try this

#  Redirecting to this server - WRONG!  Creates infinite redirection.
RedirectMatch ^.*$  http://my-server.org/new.html

This will causes an infinite redirection loop, because every redirection to http://my-server.org/new.html will trigger the RedirectMatch rule.

SOLUTION

Use a negative lookahead in the regular expression. The following configuration will work

#  Redirecting to this server - CORRECT!
RedirectMatch ^(?!/new.html)$  http://my-server.org/new.html

The negative lookahead requires that the requested URL not match /new.html. This prevents the infinite redirection.

Crontab Sudo Shenanigans

OK, here is a situation I haven’t seen in a while and it tripped me.  There I admitted it!

We have an application that requires a restart of Apache everyday (that is a different discussion).  Regardless I gave them sudo access so they could script the job to run with their process.  Obviously I thought nothing more of it, problem solved, more pressing things to do.  It worked like a charm until they put their script into cron.  They received the error:

sudo: sorry, you must have a tty to run sudo

I didn’t want to throw the baby out with the bathwater and enable tty for all of cron-dom, and I like command-line solutions over config files (less to maintain/remember).  So I tried this variation:

su --session-command="/usr/bin/sudo /sbin/service httpd restart" user_name

Slick huh?  Well of course it didn’t work because sudo is in control, pesky security controls keep me on the straight and narrow. This led me to one option, enable tty for the user (not everyone).  The solution for that is:

Defaults    requiretty
Defaults:%group_name !requiretty
Defaults:user_name !requiretty

In case that isn’t clear enough.  The first line requires TTY for all users and groups not expressly excluded from that requirement.  The second line exempts the group from the requirement and the the third line specifically exempts the user from the requirement.  The inclusion of the User_name and Group_name is redundant however this saves me revisiting the configuration file if we expand the group.

This ends the brain dump…