Asked  7 Months ago    Answers:  5   Viewed   31 times

I have a website where all requests are redirected silently (via .htaccess) to index.php and then PHP is used to show the correct page (by parsing the REQUEST_URI).

I was wondering if it's possible to submit POST data to a fake address too?

I've currently got my form like so...

<form action="/send-mail" method="post">

And my .htaccess rule is...

# redirect mail posting to index
RewriteRule send-mail index.php?send-mail [NC,L] 

My index.php checks isset($_GET['send-mail']) which works fine.

This however seems to drop off all the POST data that should be sent to it.

Is there a way to keep the post data? I don't want to use GET because it can't send as much information, though it might not be an issue with a simple inquiry form.

Here is my .htaccess for redirecting to index.php

# serve files and dirs if they exist please, otherwise send to index
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php

 Answers

77

Try this:

# redirect mail posting to index
     RewriteRule send-mail index.php?send-mail [NC,P]

"P" acts like "L" in that it stops processing rules but it also tells the module that the request should be passed off to the proxy module intact (meaning POST data is preserved).

Wednesday, March 31, 2021
 
viper
answered 7 Months ago
30

After much exploration it was found the issue was the PHP Handler -- the fastCGI (cgi) handler was not keeping the headers.

Changing to the suphp handler immediately resolved the issues.

Wednesday, March 31, 2021
 
eek
answered 7 Months ago
eek
92

Take a look at this:

<Directory />
    Options FollowSymLinks
    AllowOverride All
</Directory>
<Directory /var/www/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
</Directory>

You have enabled AllowOverride All on the root directory, but then disabled it on /var/www/. I am going to guess that you intended to use Location / instead of Directory /.

Additional clarification AllowOverride has to be in an Directory section. Location can override directives in Directory if supported in Location.

Saturday, May 29, 2021
 
EastSw
answered 5 Months ago
73

No, it is not possible to POST data from the address bar. You can only initiate GET requests from there by adding params to the URL. The POST Body cannot be attached this way.

Regardless of this, it is very much possible to send POST requests to your webserver for the pages in a frame. HTTP is just the protocol with which your browser and webserver talk to each other. HTTP knows nothing about frames or HTML. The page in the frame has a URI, just like any other page. When you click a link, your browser asks the server if it has something for that URI. The server will check if it has something for that URI and respond accordingly. It does not know what it will return though.

With tools like TamperData for Firefox or Fiddler for IE anyone can tinker with HTTP Requests send to your server easily.

Saturday, May 29, 2021
 
waylaidwanderer
answered 5 Months ago
41

Long story short: no, it's not possibile using PHP.

One way I can think of doing this is to output the new form output as hidden fields along with javascript to auto-submit the form ...

It's the only way to do it.


The question is a possible duplicate of PHP Redirect with POST data.


As a suicide solution, you may consider to use HTTP 307 - Temporary Redirect.
From the HTTP/1.1 documentation linked above:

If the 307 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.

My bold simply emphasizes that the redirect without the user confirmation actually depends on the browser's implementation of the protocol.

The redirect can be implemented in the PHP script which receives the POST request as follows&ast;:

header('HTTP/1.1 307 Temporary Redirect');
header('Location: <your page in an external site>');

Basic usage Example:

page1.html - the page which contains the form

<html>
  <body>
    <form method="POST" action="page2.php">
      <input name="variable1" />
      <input name="variable2" />
      <input type="submit" />
    </form>
  </body>
</html>

page2.php - the page which processes your POST data before redirect

<?php

if (isset($_POST['variable1']) && isset($_POST['variable2'])) {

  //do your processing stuff

  header('HTTP/1.1 307 Temporary Redirect');
  header('Location: page3.php');

  exit;
} else
    echo 'variable1 and variable2 are not set';

page3.php the page to which the POST data has to be redirected (i.e. the external site)

<?php

if (isset($_POST['variable1']) && isset($_POST['variable2'])) {

    foreach ($_POST as $key=>$val)
        echo $key . ' = ' . $val . '<br>';

} else
    echo 'variable1 and variable2 are not set';

&ast; don't try this at home!

Monday, September 27, 2021
 
jul
answered 4 Weeks ago
jul
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :