Rewrite instead of redirect with Azure Web App/Linux

Question

I'm trying to configure rewrite rules with .htaccess on an Azure Web App with Linux+Apache(+PHP), however I can only get redirects to work (but no rewrites).

The source is structured as following:

./.htaccess
./updates/
./updates/.htaccess
./updates/check/
./updates/check/api.php
./updates/certificates/
./updates/certificates/api.php
./... # other files - must not be downloadable

My ./.htaccess is:

order deny,allow
deny from all
RewriteEngine on
RewriteRule "^updates/([A-Za-z]+)" "/updates/$1/api.php" [L,QSA]

EDIT: The problem also persists with

RewriteRule "^updates/([A-Za-z]+)$" "/updates/$1/api.php" [L,QSA]

My ./updates/.htaccess is:

order allow,deny
allow from all

What I need, is to have an internal rewrite, that rewrites /updates/check?foo=bar to /updates/check/api.php?foo=bar and /updates/certificates?a=b&c=d to /updates/certificates/api.php?a=b&c=d.

What I get is a HTTP 301 Redirect to http://$server/updates/check/?foo=bar. When I add R=301 (or R=302) to the rule flags, I get an 301 (or 302) redirect to http://$server/updates/check/api.php?foo=bar. Note the http in both cases (I make an request to https with curl) and the entirely wrong rewrite in the first case.

I'm not sure if the client can handle redirects. This is why I'm trying to do an internal rewrite.

What do I have to do to get that rewrite working?

Answer 1

What I get is a HTTP 301 Redirect to http://$server/updates/check/?foo=bar

Yes, because check is a physical subdirectory so mod_dir will (by default) "fix" the URL by appending a trailing slash to the URL-path via a 301 external redirect. This is necessary for mod_dir to be able to serve the DirectoryIndex (if you have one).

If you changed your URLs to include the trailing slash then you wouldn't have this problem.

You can avoid this redirect by disabling the DirectorySlash. If you do this you must ensure that directory indexes (mod_autoindex) are disabled to prevent accidental discloser of your filesystem.

For example, at the top of your root .htaccess file:

Options -Indexes
DirectorySlash Off

This also means that any other directories are not going to be directly accessible without manually appending the trailing slash with an internal rewrite (or external redirect) - although that may or may not be an issue for you.

Reference:

• https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryslash

---

UPDATE: Because of this "restriction" I would be inclined to change the file (or URL) structure to avoid such conflicts, rather than disabling DirectorySlash.

For example:

/updates/check-api.php
/updates/certificates-api.php

And rewrite accordingly:

RewriteRule ^updates/([A-Za-z]+)$ /updates/$1-api.php [L]

---

Aside:

order deny,allow
deny from all

Note that these are Apache 2.2 directives and are formerly deprecated on Apache 2.4. You should be using Require all denied and Require all granted instead. However, you should avoid mixing both old/new auth directives since you can get unexpected results (one does not necessarily override the other).