With that configuration you can't (at least easily). I suggest for testing, you add this option:
GeoIPScanProxyHeaders On
From the documentation (http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Proxy-Related_Directives)
When this is set, the module will look at several other sources for the IP address, in this order:
The HTTP_CLIENT_IP environment variable (set by Apache).
The HTTP_X_FORWARDED_FOR environment variable (set by Apache).
The X-Forwarded-For for header (set by a proxy).
The HTTP_REMOTE_ADDR environment variable (set by Apache).
Set that option for testing and remove it when done. Then you can send arbitrary IP's as HTTP headers with curl, ex:
curl --header "X-Forwarded-For: 1.2.3.4" "http://your.site/path"
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
This messy block of conditions is injected automatically by cPanel before every RewriteRule
directive when it auto-renews an SSL (Let's Encrypt?) security certificate. These conditions ensure that the validation file (required in order to renew the SSL cert) is accessible.
Unfortunately, I've not been able to get to the bottom of why cPanel does it this way - it can be a maintenance nightmare and I have encountered directives that have been broken by these conditions (admittedly the directives were less than perfect to begin with). (I've tried asking on the cPanel forums, but I've never had a good response.)
...is there a way to combine the Rewrite Rules so the conditions just have to be written once?
Yes. You can move these conditions to their own block at the start of the .htaccess
file and reverse their meaning, so instead of only triggering the RewriteRule
when a request does not match the pattern (using a negated regex). You can prevent further rewrites when a request does match the pattern. For example:
# BEGIN cPanel SSL CERT RENEWAL
RewriteCond %{REQUEST_URI} ^/[0-9]+\..+\.cpaneldcv$ [OR]
RewriteCond %{REQUEST_URI} ^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ [OR]
RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ [OR]
RewriteCond %{REQUEST_URI} ^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^ - [L]
# END cPanel SSL CERT RENEWAL
Note the removal of the !
(negation) prefix on the CondPattern and the additional OR
flag on the first three conditions. The RewriteRule
then prevents further mod_rewrite directives being processed should the request match.
(On Apache 2.4.8+ these directives can be moved entirely to the server config. With the help of RewriteOptions InheritDownBefore
.)
Then, followed by just the RewriteRule
directives you had before (although I've added the L
flag):
RewriteRule ^(.*)/landing/(.*)/(.*)$ landing.php?page=$1&id=$2&mid=$3 [L]
RewriteRule ^(.*)/landing/(.*)$ landing.php?page=$1&id=$2 [L]
RewriteRule ^(.*)/landing$ landing.php?page=$1 [L]
You should probably be including L
flags on those remaining rewrites.
You could also combine those 3 rewrites into a single directive if you wanted, but that would depend if your application handles empty URL parameters.
(Someone suggested to me to use the QSA flag, however, upon research I don't think that has anything to do with what I want to accomplish.)
Yes, that doesn't really have anything to do with this particular problem. The QSA
(Query String Append) flag would allow you to merge any query string that was present on the request with the query string you are writing in the RewriteRule
substitution.
Best Answer
The
reqenv
function must be compared against something, you cannot just check for the environment variable to be set or not as your code tries to. I admit the error message is not particularly enlightening :-)The following should work for you: