Is it possible to redirect post data?

60
votes

I have a website where all requests are redirected silently (via .htaccess) to index.php and then PHP is used to show the correct page (by parsing the REQUEST_URI).

I was wondering if it's possible to submit POST data to a fake address too?

I've currently got my form like so...

<form action="/send-mail" method="post">

And my .htaccess rule is...

# redirect mail posting to index
RewriteRule send-mail index.php?send-mail [NC,L]

My index.php checks isset($_GET['send-mail']) which works fine.

This however seems to drop off all the POST data that should be sent to it.

Is there a way to keep the post data? I don't want to use GET because it can't send as much information, though it might not be an issue with a simple inquiry form.

Here is my .htaccess for redirecting to index.php

# serve files and dirs if they exist please, otherwise send to index
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php
5
phpapache.htaccess

5 Answers

66
votes

Try this:

# redirect mail posting to index
     RewriteRule send-mail index.php?send-mail [NC,P]

"P" acts like "L" in that it stops processing rules but it also tells the module that the request should be passed off to the proxy module intact (meaning POST data is preserved).

9
votes

You should be able to simply redirect to index.php, and then in that script, access $_SERVER['REQUEST_URI'] to see the original request, with "send-mail" intact.

By the way, "can't send as much information" is not the reason to use POST. The reason to use POST is that the request will modify data on your site, instead of simply retrieving data.

Suppose you put a hyperlink on your page with a GET request like "/delete_user?id=1234," and then some search engine innocently follows the link as it's indexing your site. That's why GET requests are not good for requests that modify data.

1
votes

To avoid issues with some proxies and Apache rewrites, pass in POST data or set the Content-Length: 0 header for requests with an empty body.

I recently had issues with Apache converting my request to a GET when doing a POST with an empty body. So, instead of this:

 curl -X POST https://example.com/api/user/123456789

pass the Content-Length header:

 curl -X POST https://example.com/api/user/123456789 -H 'Content-Length: 0'

or pass something in the body:

 curl -X POST https://example.com/api/user/123456789 -d ''
0
votes

As long as you are only using an internal rewrite, not an HTTP redirect, you should not lose POST data. Here is the rule I use on my site:

RewriteRule ^(.*)$ index.php/$1 [L]

Try using the HTTPLiveHeaders extension for Firefox (or something similar) and track the entire page request. Make sure you are not getting an HTTP redirect. If you get a HTTP/1.1 3xx response and Location: http://address header, that is the problem. Your rewrite rule that you posted should not cause that to happen. If you are being redirected, there is probably either an error in your PHP code or another rewrite rule that is being applied.

0
votes

I want to redirect user_login.php to seo friendly url like /user-login with post form data and this worked for me.

RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/user_login\.php [NC]
RewriteRule ^ user-login [QSA,R=301]
RewriteRule ^user-login$ user_login.php [QSA,L]

In view file 

<form action="<?php $siteurl;?>/user-login" method="post" id="user_login">