brepo/ngx_http_apache_rewrite_module
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added mod_rewrite for nginx module

Browse Source
This commit is contained in:
alexey
2026-03-23 01:15:59 +03:00
commit 0d2c6277e1
124 changed files with 11079 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
cms/drupal/.htaccess Normal file
View File

@@ -0,0 +1,19 @@
RewriteEngine on
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule "/\.|^\.(?!well-known/)" - [F]
RewriteCond %{REQUEST_URI} ^(.*)?/(install\.php) [OR]
RewriteCond %{REQUEST_URI} ^(.*)?/(rebuild\.php)
RewriteCond %{REQUEST_URI} !core
RewriteRule ^ %1/core/%2 [L,QSA,R=301]
RewriteRule ^core/install\.php core/install.php?rewrite=ok [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?\.php
RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics\.php$
RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]

1
cms/drupal/.htpasswd Normal file
View File

@@ -0,0 +1 @@
# This is a test .htpasswd hidden file - should be blocked by RewriteRule "/\.|^\.(?!well-known/)" - [F]

6
cms/drupal/.well-known/robots.txt Normal file
View File

@@ -0,0 +1,6 @@
# This is a robots.txt file for Drupal site testing
# Should be allowed by RewriteRule "/\.|^\.(?!well-known/)" - [F] exception
User-agent: *
Disallow: /admin/
Allow: /

162
cms/drupal/README.md Normal file
View File

@@ -0,0 +1,162 @@
# Drupal .htaccess Test Structure
## Directory Layout Overview
```
/test1/cms/drupal/
├── core/ - Drupal core directory tests
│ ├── install.php - Install script (protected by RewriteRule ^core/install\.php)
│ ├── rebuild.php - Rebuild script (protected by RewriteRule ^core/rebuild\.php)
│ └── modules/system/tests/ - Tests directory with https/http.php files
│ ├── https.php - Test HTTPS test file (excluded from routing)
│ └── http.php - Test HTTP test file (excluded from routing)
├── favicon.ico - Existing favicon for !-f condition test
├── index.php - Drupal entry point (routes non-existing files)
│ - Returns: "Drupal Content Route" page
├── .htaccess - Hidden .htaccess file (blocked by hidden files rule)
├── .htpasswd - Hidden .htpasswd file (blocked by hidden files rule)
├── .well-known/ - Well-known directory (allowed exception)
│ └── robots.txt - Allowed file via exception (?!well-known)
├── somedir/ - Directory for testing !-d condition (200 OK)
├── test-drupal-rewriterules.sh - Bash script to test all rules using curl
└── README.md - This documentation file
```
## Apache Rules Explained - Drupal
### 1. RewriteEngine Activation
```apache
RewriteEngine on
```
**Что делает:** Включает модуль mod_rewrite для этого каталога
**Зачем нужно:** Без этого все правила rewrite не работают
### 2. Protocol Variables (HTTP/HTTPS Detection)
```apache
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
```
**Что делает:** Устанавливает переменную окружения `protossl` = "https" или "http" в зависимости от HTTPS status
**Зачем нужно:** Drupal использует это для генерации правильных ссылок (http vs https)
- Если HTTPS off → protossl = "" (пусто, http)
- Если HTTPS on → protossl = "s"
### 3. HTTP Authorization Header Passing
```apache
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
```
**Что делает:** Копирует Authorization header в переменную HTTP_AUTHORIZATION для PHP
**Зачем нужно:** Drupal REST API требует эту переменную для аутентификации
### 4. Hidden Files/Patterns Protection Rule
```apache
RewriteRule "/\.|^\.(?!well-known/)" - [F]
```
**Что делает:** Блокирует (403 Forbidden) файлы начинающиеся с точки, кроме .well-known/
- `/\.` - блокирует /filename.хотя бы одна точка в path
- `^\.(?!well-known/)` - блокирует /隐藏文件, но исключает /well-known/
**Зачем нужно:** Защита от доступа к скрытым файлам (.htaccess, .htpasswd, .git)
**Исключение:** .well-known/robots.txt разрешён (для SEO и security)
### 5. Core install/rebuild.php Protection Rules
```apache
RewriteCond %{REQUEST_URI} ^(.*)?/(install\.php) [OR]
RewriteCond %{REQUEST_URI} ^(.*)?/(rebuild\.php)
RewriteCond %{REQUEST_URI} !core
RewriteRule ^ %1/core/%2 [L,QSA,R=301]
```
**Что делает:** Редирект 301 с /install.php → /core/install.php, /rebuild.php → /core/rebuild.php
**Зачем нужно:** Перемещает install/rebuild скрипты в core directory для безопасности
### 6. Core install.php Rewrite
```apache
RewriteRule ^core/install\.php core/install.php?rewrite=ok [QSA,L]
```
**Что делает:** Переписывает запрос на core/install.php с добавлением параметра rewrite=ok
**Зачем нужно:** Drupal internal handling для процесса установки
### 7. Main Drupal Routing Rules (!-f, !-d)
```apache
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
```
**Что делает:** Маршрутизирует через index.php все запросы на несуществующие файлы И директории, кроме favicon.ico
**Зачем нужно:** "Чистые URL" Drupal (похоже на WordPress), routing через index.php
### 8. Core Modules Tests Files Exceptions
```apache
RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?\.php
```
**Что делает:** Исключает из routing core/*.php и tests/https.php/http.php файлы
**Зачем нужно:** Эти файлы должны обрабатываться напрямую, не через main index.php
## Test Script Features
The script includes test functions:
1. **test_rule()** - checks HTTP status code only
2. **test_rule_content()** - checks both status AND response body content
## Multisite-Specific Testing Scenarios
### Hidden Files Protection
| URL | Правило | Ожидаемый результат |
|-----|---------|---------------------|
| `http://test.my.brp/.htaccess` | hidden files rule `/\.|^\.(?!well-known/)` | 403 Forbidden ✓ |
| `http://test.my.brp/.htpasswd` | hidden files rule | 403 Forbidden ✓ |
| `http://test.my.brp/.well-known/robots.txt` | well-known exception | 200 OK (allowed) ✓ |
### Core install/rebuild.php Protection
| URL | Правило | Ожидаемый результат |
|-----|---------|---------------------|
| `http://test.my.brp/install.php` | RewriteRule ^(.*)?/(install\.php) + core exclusion | 301 → /core/install.php ✓ |
| `http://test.my.brp/rebuild.php` | RewriteRule ^(.*)?/(rebuild\.php) + core exclusion | 301 → /core/rebuild.php ✓ |
### Core Files Routing Exceptions
| URL | Правило | Ожидаемый результат |
|-----|---------|---------------------|
| `http://test.my.brp/core/install.php` | RewriteRule ^core/install\.php ... rewrite=ok parameter | 200 OK ✓ |
| `http://test.my.brp/core/modules/system/tests/https.php` | tests exception !-https?\.php condition | 200 OK ✓ |
| `http://test.my.brp/core/modules/system/tests/http.php` | tests exception !-https?\.php condition (s matches empty) | 200 OK ✓ |
## Run Tests
Execute the test script to verify all rules:
```bash
cd /home/alexey/projects/workspace-zed/test1/cms/drupal
./test-drupal-rewriterules.sh
```
Expected results for Drupal tests (all should be **PASS ✓**):
- Basic page routing via index.php: HTTP 200 + "Drupal Content Route" ✓
- Hidden files (.htaccess, .htpasswd) blocked: HTTP 403 ✓
- .well-known/robots.txt allowed: HTTP 200 ✓
- install.php redirect to core: HTTP 301 ✓
- rebuild.php redirect to core: HTTP 301 ✓
- favicon.ico direct access (!-f): HTTP 200 ✓
- Non-existing page routing to index.php: HTTP 200 ✓
- Directory access (!-d): HTTP 200 ✓
- Tests files https.php/http.php excluded from routing: HTTP 200 ✓

1
cms/drupal/core/install.php Normal file
View File

@@ -0,0 +1 @@
# This is a test Drupal core/install.php file - should be protected by RewriteRule ^core/install\.php core/install.php?rewrite=ok [QSA,L]

1
cms/drupal/core/modules/system/tests/http.php Normal file
View File

@@ -0,0 +1 @@
# This is a test Drupal http.php in tests directory - should be excluded from index.php routing by RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?\.php

1
cms/drupal/core/modules/system/tests/https.php Normal file
View File

@@ -0,0 +1 @@
# This is a test Drupal https.php in tests directory - should be excluded from index.php routing by RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?\.php

1
cms/drupal/core/rebuild.php Normal file
View File

@@ -0,0 +1 @@
# This is a test Drupal core/rebuild.php file - should be protected by RewriteRule ^core/rebuild\.php core/rebuild.php?rewrite=ok [QSA,L]

2
cms/drupal/favicon.ico Normal file
View File

@@ -0,0 +1,2 @@
# This is a placeholder for Drupal test favicon.ico
# Real favicon would be an image file, but we use text for testing

15
cms/drupal/index.php Normal file
View File

@@ -0,0 +1,15 @@
<?php
/**
* Drupal - index.php (Test version)
* This file handles routing for non-existing files/directories
*/
// Simulated Drupal response
echo "<html><head><title>Drupal Test Site</title></head><body>";
echo "<h1>Drupal Content Route</h1>";
echo "<p>This page is served by index.php via RewriteRule.</p>";
echo "<div class='drupal-config'>Drupal Configuration Loaded</div>";
echo "</body></html>";
// Exit
exit;

159
cms/drupal/nginx.conf Normal file
View File

@@ -0,0 +1,159 @@
load_module modules/ngx_http_apache_rewrite_module.so;
worker_processes 1;
error_log logs/error.log debug;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 8081;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 8081;
server_name example1.com;
root /sites/site1;
HtaccessEnable on;
RewriteEngine On;
location / {
RewriteEngine On;
}
}
server {
listen 8081;
server_name example2.com;
root /sites/site2;
HtaccessEnable on;
RewriteEngine On;
index index.php;
location / {
RewriteEngine On;
autoindex on;
}
location ~* \.php$ {
RewriteEngine On;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
server {
listen 8081;
server_name example3.com;
root /sites/site3;
HtaccessEnable on;
RewriteEngine On;
index index.php;
location / {
RewriteEngine On;
autoindex on;
}
location ~* \.php$ {
RewriteEngine On;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/www.sock; # подключаем сокет php-fpm
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
server {
listen 8081;
server_name example4.com;
root /sites/site4;
HtaccessEnable on;
RewriteEngine On;
index index.php;
location / {
RewriteEngine On;
autoindex on;
}
location ~* \.php$ {
RewriteEngine On;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/www.sock; # подключаем сокет php-fpm
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
server {
listen 8081;
server_name example5.com;
root /sites/site5;
HtaccessEnable on;
RewriteEngine On;
index index.php;
location / {
RewriteEngine On;
autoindex on;
}
location ~* \.php$ {
RewriteEngine On;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/www.sock; # подключаем сокет php-fpm
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
}

20
cms/drupal/site5.conf Normal file
View File

@@ -0,0 +1,20 @@
<VirtualHost *:80>
DocumentRoot "/sites/site5"
ServerName example5.com
ErrorLog logs/site5.log
DirectoryIndex index.php
<Directory /sites/site5>
Options +Indexes +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<FilesMatch "^\.htaccess$">
Require all granted
</FilesMatch>
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>
</VirtualHost>

0
cms/drupal/sites/all/default/settings.php.dummy/.gitkeep Normal file
View File

0
cms/drupal/somedir/.gitkeep Normal file
View File

3
cms/drupal/somedir/index.php Normal file
View File

@@ -0,0 +1,3 @@
<?php
echo "Ok";

182
cms/drupal/test-drupal-rewriterules.sh Executable file
View File

@@ -0,0 +1,182 @@
#!/bin/bash
# ============================================
# Drupal .htaccess Rules Test Script
# ============================================
# This script tests each rule from cms/drupal/.htaccess
# Assumption: Site root is mapped to /home/alexey/projects/workspace-zed/test1/cms/drupal
# Domain: test.my.brp
# ============================================
BASE_URL="http://test.my.brp"
echo "=============================================="
echo "Drupal .htaccess Rules Test Suite"
echo "=============================================="
echo ""
# Function to test a rule and report result (status only)
test_rule() {
local description="$1"
local url="$2"
local expected_status="$3" # e.g., 403, 404, 200, 301
echo "--- Test: $description ---"
response=$(curl -s -o /dev/null -w "%{http_code}" "$url")
if [ "$response" = "$expected_status" ]; then
echo "✓ PASS (HTTP $response)"
else
echo "✗ FAIL (Expected: HTTP $expected_status, Got: HTTP $response)"
fi
echo ""
}
# Function to test a rule and verify content contains expected string
test_rule_content() {
local description="$1"
local url="$2"
local headers="$3" # Optional: additional curl -H header flags (can be empty)
local expected_status="$4" # e.g., 403, 404, 200, 301
local expected_content="$5" # Expected substring in response body
echo "--- Test: $description ---"
if [ -n "$headers" ]; then
response=$(curl -s -H "$headers" "$url")
http_code=$(curl -s -H "$headers" -o /dev/null -w "%{http_code}" "$url")
else
response=$(curl -s "$url")
http_code=$(curl -s -o /dev/null -w "%{http_code}" "$url")
fi
# Check status code
if [ "$http_code" != "$expected_status" ]; then
echo "✗ FAIL (Status: HTTP $http_code, Expected: HTTP $expected_status)"
return 1
fi
# Check content contains expected substring
if [[ "$response" == *"$expected_content"* ]]; then
echo "✓ PASS (HTTP $http_code, Content matches '$expected_content')"
else
echo "✗ FAIL (Content missing: '$expected_content') - Response:"
echo "$response" | head -5
fi
echo ""
}
echo "=============================================="
echo "1. RewriteEngine Activation"
echo "=============================================="
# Test basic routing through index.php (proves RewriteEngine is active)
test_rule_content "Basic page routing via index.php" \
"$BASE_URL/normal-page/" \
"" \
"200" \
"Drupal Content Route"
echo ""
echo "=============================================="
echo "2. Protocol Variables (protossl)"
echo "============================================}"
# Test HTTPS protocol detection - since we use http://, HTTPS should be off
test_rule_content "HTTP request without HTTPS (protocol detection)" \
"$BASE_URL/normal-page/" \
"" \
"200" \
"Drupal Content Route"
echo ""
echo "=============================================="
echo "3. HTTP Authorization Header Passing"
echo "=============================================="
# Test that Authorization header is properly handled by Drupal REST API
test_rule_content "Drupal handles Authorization header (API request)" \
"$BASE_URL/rest/api/v1" \
"Authorization: Bearer token_abc123" \
"200" \
"Drupal Content Route"
echo ""
echo "=============================================="
echo "4. Hidden Files/Patterns Protection Rule"
echo "=============================================="
# Test hidden files blocked by RewriteRule "/\.|^\.(?!well-known/)" - [F]
test_rule "Block .htaccess hidden file (pattern \.)" \
"$BASE_URL/.htaccess" \
"403"
test_rule "Block .htpasswd hidden file (pattern \.)" \
"$BASE_URL/.htpasswd" \
"403"
test_rule_content "Allow .well-known/robots.txt (exception for well-known)" \
"$BASE_URL/.well-known/robots.txt" \
"" \
"200" \
"User-agent:"
echo ""
echo "=============================================="
echo "5. Core install/rebuild.php Protection Rules"
echo "============================================}"
# Test install.php protection - should route to core/install.php with rewrite=ok parameter
test_rule "Core install.php protected routing" \
"$BASE_URL/install.php" \
"301"
# Test rebuild.php protection - similar redirect pattern
test_rule "Core rebuild.php protected routing" \
"$BASE_URL/rebuild.php" \
"301"
echo ""
echo "=============================================="
echo "6. Drupal Core Files Routing Rules"
echo "============================================}"
# Test existing file access (!-f condition passes) - should return 200 OK without routing to index.php
test_rule_content "Existing favicon.ico access (!-f condition)" \
"$BASE_URL/favicon.ico" \
"" \
"200" \
"This is a placeholder for Drupal test favicon.ico"
echo ""
echo "=============================================="
echo "7. Main Drupal Routing Rules"
echo "============================================}"
# Test non-existing file routing through index.php (main routing) - !-f AND !-d pass
test_rule_content "Non-existing page routing (routes to index.php)" \
"$BASE_URL/nonexistent-page/" \
"" \
"200" \
"Drupal Content Route"
# Test existing directory access (!-d condition passes) - should return 200 OK
test_rule "Existing directory access (somedir/)" \
"$BASE_URL/somedir/" \
"403"
echo ""
echo "=============================================="
echo "8. Core Modules Tests Files Exceptions"
echo "============================================}"
# Test https.php in tests directory - should NOT route to index.php (excluded by RewriteCond)
test_rule_content "Core modules/tests/https.php excluded from routing (!-php condition)" \
"$BASE_URL/core/modules/system/tests/https.php" \
"" \
"200" \
"# This is a test Drupal https.php in tests directory"
# Test http.php in tests directory - same exclusion applies (s for https? regex)
test_rule_content "Core modules/tests/http.php excluded from routing" \
"$BASE_URL/core/modules/system/tests/http.php" \
"" \
"200" \
"# This is a test Drupal http.php in tests directory"
echo ""
echo "=============================================="
echo "Test Suite Complete"
echo "=============================================="