Understanding RedirectRule

Mar 1, 2011 at 4:14 PM

First off, thanks for this terrific tool!  It is helping us to solve an SSO project we are working on.  I have a basic question about whether or not rewritten headers are maintained after the RedirectRule fires.  Here's my iirf.ini:

# IIRF ini file
# version 2.1
# Monday, Feb. 28, 2011
#
# ============================================

RewriteLogLevel 4
RewriteLog \iirf
RewriteEngine ON
StatusInquiry ON

RewriteHeader USERID: ^$ %{QUERY_STRING} [L]
RedirectRule ^/Success.html http://web00:82/mychart/inside.asp

The remote server is supposed to perform an SSO auto-login when there is a header HTTP_USERID = SomeValidAccount.   (FYI, I've tried both HTTP_USERID and just USER_ID as the vendor suggested.)

Here's the log file:

Tue Mar 01 12:12:02 -  9728 - IsIniFileUpdated: D:\inetpub\wwwroot\PatientPortal\Iirf.ini NO
Tue Mar 01 12:12:02 -  9728 - GetVdirConfig: Obtain  vdir '/LM/W3SVC/811009713/Root' (era=24) (rc=1) (Expired=0) (ptr=0x01236778)...
Tue Mar 01 12:12:02 -  9728 - HttpFilterProc: SF_NOTIFY_URL_MAP
Tue Mar 01 12:12:02 -  9728 - HttpFilterProc: cfg= 0x01236778
Tue Mar 01 12:12:02 -  9728 - IsIniFileUpdated: D:\inetpub\wwwroot\PatientPortal\Iirf.ini NO
Tue Mar 01 12:12:02 -  9728 - GetVdirConfig: Obtain  vdir '/LM/W3SVC/811009713/Root' (era=24) (rc=2) (Expired=0) (ptr=0x01236778)...
Tue Mar 01 12:12:02 -  9728 - HttpFilterProc: SF_NOTIFY_URL_MAP
Tue Mar 01 12:12:02 -  9728 - HttpFilterProc: cfg= 0x01236778
Tue Mar 01 12:12:02 -  9728 - HttpFilterProc: SF_NOTIFY_AUTH_COMPLETE
Tue Mar 01 12:12:02 -  9728 - DoRewrites
Tue Mar 01 12:12:02 -  9728 - GetHeader_AutoFree: 'url' = '/test.html?KevinM4Test'
Tue Mar 01 12:12:02 -  9728 - GetHeader_AutoFree: 'method' = 'GET'
Tue Mar 01 12:12:02 -  9728 - DoRewrites: New Url, before decoding: '/test.html?KevinM4Test'
Tue Mar 01 12:12:02 -  9728 - DoRewrites: Url (no decoding): '/test.html?KevinM4Test'
Tue Mar 01 12:12:02 -  9728 - EvaluateRules: depth=0
Tue Mar 01 12:12:02 -  9728 - GetHeader_AutoFree: 'USERID:' = ''
Tue Mar 01 12:12:02 -  9728 - EvaluateRules: subject is Header USERID:
Tue Mar 01 12:12:02 -  9728 - EvaluateRules: Rule 1: pattern: ^$  subject:
Tue Mar 01 12:12:02 -  9728 - EvaluateRules: Rule 1: 1 match
Tue Mar 01 12:12:02 -  9728 - ReplaceServerVariables: alloc 12 bytes
Tue Mar 01 12:12:02 -  9728 - ReplaceServerVariables: in='%{QUERY_STRING}' out='KevinM4Test'
Tue Mar 01 12:12:02 -  9728 - GenerateReplacementString: alloc 13 bytes
Tue Mar 01 12:12:02 -  9728 - GenerateReplacementString: result 'KevinM4Test'
Tue Mar 01 12:12:02 -  9728 - EvaluateRules: Setting Header: 'USERID:' = 'KevinM4Test'
Tue Mar 01 12:12:02 -  9728 - EvaluateRules: Last Rule
Tue Mar 01 12:12:02 -  9728 - EvaluateRules: returning 0
Tue Mar 01 12:12:02 -  9728 - DoRewrites: No Rewrite
Tue Mar 01 12:12:02 -  9728 - HttpFilterProc: SF_NOTIFY_AUTH_COMPLETE
Tue Mar 01 12:12:02 -  9728 - DoRewrites
Tue Mar 01 12:12:02 -  9728 - GetHeader_AutoFree: 'url' = '/test.html?KevinM4Test'
Tue Mar 01 12:12:02 -  9728 - GetHeader_AutoFree: 'method' = 'GET'
Tue Mar 01 12:12:02 -  9728 - DoRewrites: New Url, before decoding: '/test.html?KevinM4Test'
Tue Mar 01 12:12:02 -  9728 - DoRewrites: Url (no decoding): '/test.html?KevinM4Test'
Tue Mar 01 12:12:02 -  9728 - EvaluateRules: depth=0
Tue Mar 01 12:12:02 -  9728 - GetHeader_AutoFree: 'USERID:' = 'KevinM4Test'
Tue Mar 01 12:12:02 -  9728 - EvaluateRules: subject is Header USERID:
Tue Mar 01 12:12:02 -  9728 - EvaluateRules: Rule 1: pattern: ^$  subject: KevinM4Test
Tue Mar 01 12:12:02 -  9728 - EvaluateRules: Rule 1: -1 (No match)
Tue Mar 01 12:12:02 -  9728 - EvaluateRules: returning 0
Tue Mar 01 12:12:02 -  9728 - DoRewrites: No Rewrite
Tue Mar 01 12:12:02 -  9728 - ReleaseOrExpireVdirConfig: vdir '/LM/W3SVC/811009713/Root' (era=24) (rc=1) (Expired=0) (ptr=0x01236778)...
Tue Mar 01 12:12:02 -  9728 - ReleaseOrExpireVdirConfig: vdir '/LM/W3SVC/811009713/Root' (era=24) (rc=0) (Expired=0) (ptr=0x01236778)...

Seems like the header is getting correctly populated, and the redirect is definitely working, but the vendor app is claming a failed login, and this leads me to believe the custom header is lost when the RedirectRule fires.  Can you confirm this, and perhps offer a work-around?

Thanks,

John McConnell

Coordinator
Mar 2, 2011 at 10:36 PM

Yes, John, your observation is correct.

Headers are not preserved across Redirects.  A redirect is a message that tells the client (eg, the browser) to send its request again, but to a different address.  The redirect can only tell the client the new address. It cannot tell the client which headers to use when it sends the new request.   It may be that you want a proxy action, which is different than a redirect.  in a proxy, the server sends the message to the 3rd party, acting as a proxy on behalf of the client.

 You can read about these options in the IIRF documentation.

good luck!

 

Mar 3, 2011 at 12:57 AM

Yup, that's what I thought.  I ended up using ProxyPass and ProxyReversePass and it worked beautifully.  Thanks again for the tool...it saved my neck!

 

J

Coordinator
Mar 8, 2011 at 2:08 PM

Glad it worked for you, JR