Forum

Hi,

I'm running the weblog software Serendipity (S9Y) on a Hiawatha webserver and I have some strange behaviour with my URL rewrite rules.
S9Y itself generates some rewrite rules for Apache depending on its configuration and I've tried to adapt those rules to the URL toolkit syntax.

Here is the generated .htaccess for Apache's mod_rewrite:

RewriteEngine On
RewriteBase /
RewriteRule ^serendipity_admin.php serendipity_admin.php [NC,L,QSA]
RewriteRule ^((archives/([0-9]+)-[0-9a-z\.\_!;,\+\-\%]+\.html)/?) index.php?/$1 [NC,L,QSA]
RewriteRule ^(authors/([0-9]+)-[0-9a-z\.\_!;,\+\-\%]+) index.php?/$1 [NC,L,QSA]
RewriteRule ^(feeds/categories/([0-9;]+)-[0-9a-z\.\_!;,\+\-\%]+\.rss) index.php?/$1 [NC,L,QSA]
RewriteRule ^(feeds/authors/([0-9]+)-[0-9a-z\.\_!;,\+\-\%]+\.rss) index.php?/$1 [NC,L,QSA]
RewriteRule ^(categories/([0-9;]+)-[0-9a-z\.\_!;,\+\-\%]+) index.php?/$1 [NC,L,QSA]
RewriteRule ^archives([/A-Za-z0-9]+)\.html index.php?url=/archives/$1.html [NC,L,QSA]
RewriteRule ^([0-9]+)[_\-][0-9a-z_\-]*\.html index.php?url=$1-article.html [L,NC,QSA]
RewriteRule ^feeds/(.*) index.php?url=/feeds/$1 [L,QSA]
RewriteRule ^unsubscribe/(.*)/([0-9]+) index.php?url=/unsubscribe/$1/$2 [L,QSA]
RewriteRule ^approve/(.*)/(.*)/([0-9]+) index.php?url=approve/$1/$2/$3 [L,QSA]
RewriteRule ^delete/(.*)/(.*)/([0-9]+) index.php?url=delete/$1/$2/$3 [L,QSA]
RewriteRule ^(admin|entries)(/.+)? index.php?url=admin/ [L,QSA]
RewriteRule ^archive/? index.php?url=/archive [L,QSA]
RewriteRule ^(index|atom[0-9]*|rss|b2rss|b2rdf).(rss|rdf|rss2|xml) rss.php?file=$1&ext=$2
RewriteRule ^(plugin|plugin)/(.*) index.php?url=$1/$2 [L,QSA]
RewriteRule ^search/(.*) index.php?url=/search/$1 [L,QSA]
RewriteRule ^comments/(.*) index.php?url=/comments/$1 [L,QSA]
RewriteRule ^(serendipity\.css|serendipity_admin\.css)$ index.php?url=/$1 [L,QSA]
RewriteRule ^index\.(html?|php.+) index.php?url=index.html [L,QSA]
RewriteRule ^htmlarea/(.*) htmlarea/$1 [L,QSA]
#RewriteCond %{REQUEST_URI} !-U
RewriteRule (.*\.html?) index.php?url=/$1 [L,QSA]

<Files *.tpl.php>
    deny from all
</Files>

<Files *.tpl>
    deny from all
</Files>

<Files *.sql>
    deny from all
</Files>

<Files *.inc.php>
    deny from all
</Files>

<Files *.db>
    deny from all
</Files>

And here is what I've come up with for URL toolkit:

UrlToolkit {
        ToolkitID = s9y
        Match ^/serendipity_admin.php Rewrite /serendipity_admin.php
        Match ^/((archives/([0-9]+)-[0-9A-Za-z\.\_!;,\+\-\%]+\.html)/?) Rewrite /index.php?/$1
        Match ^/(authors/([0-9]+)-[0-9A-Za-z\.\_!;,\+\-\%]+) Rewrite /index.php?/$1
        Match ^/(feeds/categories/([0-9;]+)-[0-9A-Za-z\.\_!;,\+\-\%]+\.rss) Rewrite /index.php?/$1
        Match ^/(feeds/authors/([0-9]+)-[0-9A-Za-z\.\_!;,\+\-\%]+\.rss) Rewrite/index.php?/$1
        Match ^/(categories/([0-9;]+)-[0-9A-Za-z\.\_!;,\+\-\%]+) Rewrite /index.php?/$1
        Match ^/archives([/A-Za-z0-9]+)\.html Rewrite /index.php?url=/archives/$1.html
        Match ^/([0-9]+)[_\-][0-9A-Za-z_\-]*\.html Rewrite /index.php?url=$1-article.html
        Match ^/feeds/(.*) Rewrite /index.php?url=/feeds/$1
        Match ^/unsubscribe/(.*)/([0-9]+) Rewrite /index.php?url=/unsubscribe/$1/$2
        Match ^/approve/(.*)/(.*)/([0-9]+) Rewrite /index.php?url=approve/$1/$2/$3
        Match ^/delete/(.*)/(.*)/([0-9]+) Rewrite /index.php?url=delete/$1/$2/$3
        Match ^/(admin|entries)(/.+)? Rewrite /index.php?url=admin/
        Match ^/archive/? Rewrite /index.php?url=/archive
        Match ^/(index|atom[0-9]*|rss|b2rss|b2rdf).(rss|rdf|rss2|xml) Rewrite /rss.php?file=$1&ext=$2
        Match ^/(plugin|plugin)/(.*) Rewrite /index.php?url=$1/$2
        Match ^/search/(.*) Rewrite /index.php?url=/search/$1
        Match ^/comments/(.*) Rewrite /index.php?url=/comments/$1
        Match ^/(serendipity\.css|serendipity_admin\.css) Rewrite /index.php?url=/$1
        Match ^/index\.(html?|php.+) Rewrite /index.php?url=index.html
        Match ^/htmlarea/(.*) Rewrite /htmlarea/$1
        Match ^/(.*\.html?) Rewrite /index.php?url=/$1

        Match .*.tpl.php DenyAccess
        Match .*.tpl    DenyAccess
        Match .*.sql    DenyAccess
        Match .*.inc.php DenyAccess
        Match .*.db     DenyAccess
}

In general this works as expected. A few exceptions are that the search doesn't work, and the archives links only seem to depend on a contained id number and the title of an article is ignored. So I don't get a 404 if the link to an article is incorrect.

And I wasn't quite sure how to translate the QSA flag, so I just ignored it... Don't know if that could be part of the problem.


Hiawatha version: 7.3
Operating System: Debian Stable

No offense, but if a website needs these rewrite rules to make it work, then there is seriously something wrong with it. The developer needs to learn how to do some proper programming or else I would suggest him to find another hobby.

I strongly advice you to start looking for another weblog engine.

No offense taken, and thanks for the reply, even though it wasn't the answer I wanted to hear.
It's not that I don't keep an eye on Banshee, but at the moment it doesn't seem to meet my requirements.

But even if those rewrite rules are some kind of crazy, did I translate them correctly or could it have been done easier maybe?
There isn't some kind of rule of thumb or best practice documentation available on how to convert mod_rewrite rules to URL toolkit, is there?

I'm not talking about Banshee. Banshee is a framework, which requires programming to use it. I already guessed that it's not what you are looking for. I'm thinking more about Wordpress. I know it has had its security issues, but at least its code is better than S9Y and a lot more people are watching its security.

About your rewrite rules: they look good. I don't think the problem lies in the rewrite rules. My guess is that S9Y has been made to work under Apache and Apache only. The programmers clearly followed Apache's rules instead of the web standards.

Wordpress... been there, done that. The security issues of Wordpress were the reason I switched to S9Y back then. I'd rather write my own weblog engine before going back to WP.

But thanks again, I'm gonna have a chat with the S9Y folks then about the use of other webservers.

Oke. Please, keep me updated. Maybe there's something easy in Hiawatha I can do to solve your problem.

Hi,
I haven't talked to the s9y people yet since there server was down the last week, but I think I've found the solution anyway.
My problems were indeed caused by my ignorance of the QSA flag. If this flag is set, a potential query string like "?var=foo" is automatically appended by Apache's mod_rewrite to the rewritten URL.

I could fix some problems by changing

Match ^/index\.(html?|php.+) Rewrite /index.php?url=index.html

to

Match ^/index\.(html?|php.+)\?(.*) Rewrite /index.php?url=index.html&$2

This made the search function work again because the search parameters are now passed correctly to index.php, which were previously omitted.

I still have to check the rewrite rules more in depth, since not all problems vanished.

Maybe you have to use two rules. One for URLs without parameters and one for URLS with parameters. So, instead of replacing the first by the second, use them both.

Match ^/index\.(html?|php.+) Rewrite /index.php?url=index.html
Match ^/index\.(html?|php.+)\?(.*) Rewrite /index.php?url=index.html&$2

Ah, you're right, thanks for the hint.

By the way, another problem I had was caused by a too small MaxRequestSize when uploading a file. This wasn't obvious first, because Firefox didn't show the 413 error page but only a disconnect error message. When trying Opera it showed the 413 page though. Ever noticed this?

I'm aware that very browser behaves differently in case of an error. The best thing you can do is to check error logfiles in case of a problem.