6

I know I can inspect GET query string parameters in rewritecond as follows:

RewriteCond %{REQUEST_URI} ^/somepath/somepath
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} try=3
RewriteCond %{QUERY_STRING} name=([^&]*)
RewriteRule ^/somepath/somepath(.*) /otherpath/otherpath?name=%1 [R]

How do I inspect POST parameters that are in the request body? I hear mod_security can do it, but I'm not finding any examples of how I'd use mod_security in conjunction with mod_rewrite like the above example.

I intend to use something like this to handle POSTs:

RewriteCond %{REQUEST_URI} ^/somepath/somepath
RewriteCond %{REQUEST_METHOD} POST
RewriteRule ^/somepath/somepath(.*) /otherpath/otherpath [PT]

...except that I need a RewriteCond that inspects the POST parameters to see if "try=3".

Can modsecurity inspect the request body and load the result of that inspection in an environment variable? that would work...

Jaffadog
  • 664
  • 8
  • 16
  • 1
    I don't suppose you ever got this figured out, did you? I am facing a very similar situation. – Dustin Simpson Mar 20 '14 at 16:54
  • No solution using Apache HTTP server. In my case, Apache is a reverse proxy to a back end weblogic server. I ended up writing a java servlet hosted in weblogic to handle redirects for POSTs. – Jaffadog Jul 20 '14 at 22:11
  • Thank you. I ended up needing to do a similar thing. Built a little node.js app as my reverse proxy. Not as clean as I would have liked it, but it works. – Dustin Simpson Jul 23 '14 at 17:22

1 Answers1

5

You can't inspect the request body using mod_rewrite.

You may have to rewrite POST requests to a script if that's something that you can do. Browser's aren't always going to resend POST data if you redirect them.

Jon Lin
  • 142,182
  • 29
  • 220
  • 220
  • Thanks Jon. I've updated my question showing how I intend to handle POSTs - using PT rather than R. – Jaffadog Dec 03 '13 at 19:50