Help to ignore OWA with WordPress

Aug 5, 2011 at 5:25 AM

Hello - I am in a similar situation to the poster in this item: http://iirf.codeplex.com/discussions/230215

However, unfortunately my client's OWA is in the same IIS site as WordPress, and I need to do URL Rewrites for WordPress (working OK), but I need to ignore the /exchange/ subfolder.

I've tried several variations of the RewriteCond statement, but can't seem to isolate the /exchange/ subfolder to have it ignored by IIRF.  Help!

I would like to set that /exchange/ subfolder to be Forbidden momentarily so I know it is being trapped properly, then I want to make IIRF ignore that folder.

I tried this:

  RewriteCond %{REQUEST_FILENAME} ^/(exchange|exchange/.*)$
  RewriteRule - [F]

and this: 

RewriteRule %{REQUEST_FILENAME} ^/(exchange|exchange/.*)$ [F]

and this:

RewriteCond %{PATH_INFO} ^/(exchange|exchange/.*)$

RewriteRule - [F]

and none work.  Where am I going wrong?

Thanks for IIRF and thanks for any help.

Regards,

MitchellT

 

 

Coordinator
Aug 8, 2011 at 12:28 AM
Edited Aug 8, 2011 at 12:33 AM

 The RewriteRule directive accepts 2 required arguments (a url pattern and a replacement string), followed by an optional set of modifiers.

You have provided only a single argument to RewriteRule, followed by a modifier.  Well, actually IIRF parses by position, so it will parse your RewriteRule as - for the url pattern, and [F] for the replacement string, which is not your intent, I believe.  I am assuming the [F] is intended to be a modifier, but IIRF won't detect that intention.

It's sort of dumb, because when you use the [F] modifier, the replacement string is not used. It's ignored, irrelevant.  But the syntax is a holdover from Apache, and that is the way Apache mod_rewrite does it. So even though the value of the 2nd argument, the replacement string, is irrelevant, the presence of the 2nd argument is required.  It would be clearer to just have a unique directive, "Forbid", and it accepts a single argument, a url pattern.  But... IIRF doesn't support the "Forbid" directive right now, so you're stuck with the apache-style syntax.

Also:  I think you do not want that RewriteCond.   RewriteRule uses the test pattern against the incoming URL.  In other words, RewriteRule has a built in "condition" - the rule applies only if the pattern matches the original requested URL.

So normally you would do something like this:

RewriteRule ^/exchange  notused  [F]

(no RewriteCond necessary) This says, if the URL matches, then respond with 403 Forbidden.

The pattern ^/exchange   matches all of these incoming URLs:

  • /exchange
  • /exchanger
  • /exchange/anything/else/you/like/here
  • /exchange?param1=4&param2=49
  • /exchange.those.dollars.for.euros

That's because the regex pattern doesn't insist on an ending to the string. The regex begins with ^ , which implies beginning-of-line.  In english it evaluates to "the url starts with /exchange".  The pattern doesn't stipulate that anything must follow /exchange, and maybe you don't care.  If you want to be more strict you could do something like this:

RewriteRule ^/exchange($|/) notused [F]

which stipulates that following the word "exchange" in the incoming URL must be the end-of-line, or a slash.  It matches these:

  • /exchange
  • /exchange/
  • /exchange/other/url/path/segments/here

but not these:

  • /exchanger
  • /exchange?param1=4&param2=49
  • /exchange.those.euros.for.dollars.

 

 

Aug 10, 2011 at 4:25 AM

Thanks for the guidance, Cheeso - I think I have it working.  What I found so far is that if a folder has NT authentication on it, the Forbidden directive doesn't come into play until after authentication is passed or failed. Interesting behavior...  Have you found this as well?

Coordinator
Aug 10, 2011 at 2:38 PM

That sounds right - IIRF will get involved after IIS authentication checks.