HOWTO: The URL toolkit

The URL toolkit is a set of tools to perform actions based on the URL or on the URL itself. Regular expressions are used to find a matching URL. Possible actions for matching URLs are rewriting the URL, denying access or redirecting to another URL.

The most important feature of the URL toolkit is URL rewriting. Via URL rewriting, the URL can be changed into another URL before Hiawatha handles it. The following example leaves URLs that matches an existing file or files in the images directory unchanged, denies access to files in the data directory and rewrites all other URLs to /index.php.

UrlToolkit {
    ToolkitID = rewrite
    RequestURI exists Return
    Match ^/images Return
    Match ^/data DenyAccess
    Match /(.*) Rewrite /index.php?page=$1
}

VirtualHost {
    Hostname = www.domain.com
    ...
    UseToolkit = rewrite
}

Syntax

The complete syntax of the URL toolkit in Hiawatha is:

UrlToolkit {
    ToolkitID = <toolkit_id>

    Do Ban|Call|DenyAccess|Exit|Goto|NotFound|OmitRequestLog|Return|Skip|Use
    Header <key> [!]<value> Ban|Call|DenyAccess|Exit|Goto|NotFound|OmitRequestLog|Return|Skip|Use
    Match [!]<url> Ban|Call|DenyAccess|Exit|Goto|NotFound|Redirect|Return|Rewrite|Skip|UseFastCGI
    Method [!]<request method> Call|DenyAccess|Exit|Goto|NotFound|Return|Skip|Use
    RequestURI exists|isfile|isdir Call|Return|Exit|Skip
    TotalConnections <value> Call|Goto|OmitRequestLog|Redirect|Skip
    UseTLS Call|Exit|Goto|Return|Skip
}
The format of the actions is as follows:
    Ban <seconds>
    Call <toolkit_id>
    DenyAccess
    Exit
    Goto <toolkit_id>
    OmitRequestLog
    Redirect <url>
    Return
    Rewrite <replace> [<max_loop>] [Continue|Return]
    Skip <lines>
    Use <url>
    UseFastCGI <fastcgi_server_id>

Explanation of the commands:

  • Ban: Ban the client for <seconds> seconds.
  • Call: Execute another rule and proceed with the current rule afterwards.
  • DenyAccess: Denies access to the requested file (results in a 403 error) and terminate toolkit processing.
  • Do: Perform an action, where can be one of the following: Ban, Call, DenyAccess, Exit, Goto, OmitRequestLog, Return, Skip or Use.
  • Exit: Stop URL rewriting.
  • Goto: Execute another rule and terminate toolkit processing.
  • Match: Perform the following action if <url> matches the requested URL.
  • Method: Perform an action for a certain request method.
  • NotFound: Fake a 404 Not Found error.
  • OmitRequestLog: Don't log the current request in the file specified by AccessLogfile.
  • Redirect: Redirect the browser to <url> via a 301 and terminate toolkit processing.
  • RequestURI: Check if the requested URL is a file or a directory.
  • Rewrite: Rewrite the current URL for maximum <max_loop> times (default=1) and terminate toolkit processing.
  • Return: Return from the current rewrite rule.
  • Skip: Skip the following <number> of lines (ToolkitID excluded).
  • ToolkitID: Assign a label to the current rule set.
  • Use: Replace the current URL with a new one.
  • UseFastCGI: Use FastCGI server with id <fastcgi_server_id> and terminate toolkit processing.
  • UseTLS: Perform action when client is connected via HTTPS.

Wigwam

Hiawatha comes with a tool called 'wigwam'. With this tool, you can test your URL toolkit rules before activating them. 
wigwam -t <toolkit_id>
Back
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.