SED is the coolest UNIX command ever. In the class I had at WPI that covered SED the professor had no idea how powerful and useful this command can become.
I need to add an exception to apache.conf files that allows checking a status jsp directly through port 80. In the config files for these applications there is a re-write command that pushes all traffic through https.
It looks like:
#Force all traffic through secure http
RewriteCond %{HTTP:SSLClientCipher} !^..*$
RewriteCond %{HTTP_HOST} !^localhost* [NC]
RewriteCond %{REQUEST_URI} !/fw3?\.jsp
RewriteCond %{REQUEST_URI} !/d\.jsp
RewriteCond %{REQUEST_URI} !^/support/Data\.jsp
RewriteCond %{REQUEST_URI} !^.*(\r|\n|%0A|%0D).* [NC]
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [NC,NE,R,L]
What I want is:
#Force all traffic through secure http
RewriteCond %{REQUEST_URI} !^/jmx/app_status.jsp
RewriteCond %{HTTP:SSLClientCipher} !^..*$
RewriteCond %{HTTP_HOST} !^localhost* [NC]
RewriteCond %{REQUEST_URI} !/fw3?\.jsp
RewriteCond %{REQUEST_URI} !/d\.jsp
RewriteCond %{REQUEST_URI} !^/support/Data\.jsp
RewriteCond %{REQUEST_URI} !^.*(\r|\n|%0A|%0D).* [NC]
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [NC,NE,R,L]
This is being changed in the build – each application carries it's own apache.conf file within the RPM – better to do this in puppet, but that has not been pulled out yet. That deployment of the rpm and config file will ultimately put the change out as releases move forward.
But meanwhile I need this change out to 73 servers and 42 applications now. Within the next hour actually.
I worked through the SED command on a single box, and then tried it on that same box and then another box before running through func – the flip side of sed is that you can very quickly mess up a file completely.
This command takes a backup. Running it twice would be bad. You would need to add checking for the line "RewriteCond %{REQUEST_URI} !^/jmx/app_status.jsp" already present if that was a risk, and not run the sed command if already present.
[root@p1-qaut1 ~]# func p1-vm167* call command run ' for i in /etc/httpd/conf/ConstantContact*; do cp ${i} ${i}.bak; sed "s/#Force all traffic through secure http/#Force all traffic through secure http\n RewriteCond \%\{REQUEST_URI\} \!\^\/jmx\/app_status.jsp/" < ${i} > ${i}.2; mv ${i}.2 ${i}; done'
('p1-vm167.ad.prodcc.net', [0, '', ''])
Okay, I had to do it – here’s the bulletproof version (running more than once creates no effect).
for i in ConstantContact*.conf; do if [[ `egrep "RewriteCond \%\{REQUEST_URI\} \!\^\/jmx\/app_status.jsp" ${i}` ]]; then echo $i > /dev/null; else cp ${i} ${i}.bak; sed "s/#Force all traffic through secure http/#Force all traffic through secure http\n RewriteCond \%\{REQUEST_URI\} \!\^\/jmx\/app_status.jsp/" < ${i} > ${i}.2; mv ${i}.2 ${i}; fi; done
and in func…
[root@p1-qaut1 ~]# func p1-vm167* call command run 'for i in /etc/httpd/conf/ConstantContact*.conf; do if [[ `egrep "RewriteCond \%\{REQUEST_URI\} \!\^\/jmx\/app_status.jsp" ${i}` ]]; then echo $i > /dev/null; else cp ${i} ${i}.bak; sed "s/#Force all traffic through secure http/#Force all traffic through secure http\n RewriteCond \%\{REQUEST_URI\} \!\^\/jmx\/app_status.jsp/" < ${i} > ${i}.2; mv ${i}.2 ${i}; fi; done'
('p1-vm167.ad.prodcc.net', [0, '', ''])
[root@p1-qaut1 ~]#
Good luck. TEST CAREFULLY before running anything like this against servers. You can do great harm.
— doug