Is it possible to redirect post data?

Question

I have a website where all requests are redirected silently (via .htaccess) to index.php and then PHP is used to show the correct page (by parsing the REQUEST_URI).

I was wondering if it's possible to submit POST data to a fake address too?

I've currently got my form like so...

<form action="/send-mail" method="post">

And my .htaccess rule is...

# redirect mail posting to index
RewriteRule send-mail index.php?send-mail [NC,L] 

My index.php checks isset($_GET['send-mail']) which works fine.

This however seems to drop off all the POST data that should be sent to it.

Is there a way to keep the post data? I don't want to use GET because it can't send as much information, though it might not be an issue with a simple inquiry form.

Here is my .htaccess for redirecting to index.php

# serve files and dirs if they exist please, otherwise send to index
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php

Answer 1

Try this:

# redirect mail posting to index
RewriteRule send-mail index.php?send-mail [NC,P]

"P" acts like "L" in that it stops processing rules but it also tells the module that the request should be passed off to the proxy module intact (meaning POST data is preserved).

Answer 2

To avoid issues with some proxies and Apache rewrites, pass in POST data or set the Content-Length: 0 header for requests with an empty body.

I recently had issues with Apache converting my request to a GET when doing a POST with an empty body. So, instead of this:

curl -X POST https://example.com/api/user/123456789

pass the Content-Length header:

curl -X POST https://example.com/api/user/123456789 -H 'Content-Length: 0'

or pass something in the body:

curl -X POST https://example.com/api/user/123456789 -d ''

Answer 3

I've found the most reliable way is to use the 307 status code.

RewriteRule send-mail index.php?send-mail [R=307,L]

Status code 307 indicates that the request should be repeated with the same HTTP method and data. So your POST request will be repeated along with its data if you use this status code.

You may detect if the request is a POST request as well in case you need to support standard 301 redirects for non POST requests.

# POST requests.
RewriteCond %{REQUEST_METHOD} POST
RewriteRule send-mail index.php?send-mail [R=307,L]

# Standard GET requests.
RewriteRule send-mail index.php?send-mail [R=301,L]

Answer 4

I want to redirect user_login.php to seo friendly url like /user-login with post form data and this worked for me.

RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/user_login\.php [NC]
RewriteRule ^ user-login [QSA,R=301]
RewriteRule ^user-login$ user_login.php [QSA,L]

In view file

<form action="<?php $siteurl;?>/user-login" method="post" id="user_login">

Answer 5

You should be able to simply redirect to index.php, and then in that script, access $_SERVER['REQUEST_URI'] to see the original request, with "send-mail" intact.

By the way, "can't send as much information" is not the reason to use POST. The reason to use POST is that the request will modify data on your site, instead of simply retrieving data.

Suppose you put a hyperlink on your page with a GET request like "/delete_user?id=1234," and then some search engine innocently follows the link as it's indexing your site. That's why GET requests are not good for requests that modify data.

Answer 6

As long as you are only using an internal rewrite, not an HTTP redirect, you should not lose POST data. Here is the rule I use on my site:

RewriteRule ^(.*)$ index.php/$1 [L]

Try using the HTTPLiveHeaders extension for Firefox (or something similar) and track the entire page request. Make sure you are not getting an HTTP redirect. If you get a HTTP/1.1 3xx response and Location: http://address header, that is the problem. Your rewrite rule that you posted should not cause that to happen. If you are being redirected, there is probably either an error in your PHP code or another rewrite rule that is being applied.