Cannot redirect legacy URLs using index.php

I'm not sure about Nginx, but Apache can do it.

  RewriteCond "%{QUERY_STRING}" "option=com_content&view=article&id=4&Itemid=3"
  RewriteRule ^/index.php$ /node/1? [R,L]

One of the options to add vhost config is on http://community.aegirproject.org/node/73

Another might be: https://www.drupal.org/project/hosting_injections

Scratch that. It is not relevant in this situation, and the only problem is related to /index.php defined as internal only location, as explained in the following comment.

It is not possible for reasons our support already explained. I will try to provide more details, though.

Thanks to very strict handling of .php files execution with explicitly defined locations (which can't be overridden by any config "injection" anyway), we have already prevented all Nginx based Aegir users from many security threats, including some which required Aegir security releases but affected only Apache based systems.

That is why I'm against making it more "open" by removing current restrictions.

Plus, Aegir always forced clean URLs, so something like /index.php?alien=stuff (even as a base for further redirects/rewrites) was never expected to work anyway.

But even if we would remove current restrictions (introduced by popular demand) and allow direct requests to /index.php it would still not provide a way to add such rewrites/redirects, because to make them effective you would still have to be able to add them **inside** already existing location for /index.php, so we would need to develop an extra injection point/method to be able to add rewrites precisely within /index.php location in the default config.

And it goes even worse, because this configuration/location is shared between all vhosts/sites in your Aegir system, so you would need to manage extra, parent pseudo if{} locations to restrict this per site, which is highly discouraged and a messy to manage (and we would never allow this on hosted instances for security reasons).

It is basically a request for removing already tested and saving many people a lot of headaches security restrictions, to get some added complexity and potential security hole, or at least ability to break configuration for all hosted sites, easily.

Not a good idea, in my opinion.

I just realized that you are trying to use $args in these rewrites, which is not going to work anyway, because you can use literal or regex, but only on the URI, which ends at /index.php so everything following ? is simply ignored.

To correct approach is to add rewrites matching against $args and not $uri

This is something already doable via built-in config extension: https://github.com/omega8cc/boa/blob/master/docs/HINTS.txt

The only missing part would be to make the internal; line optional inside the location = /index.php { }. Otherwise it will throw 404 before it can process rewrites for requests starting with /index.php

Her is an example on how these redirects should be defined:

  if ( $args ~* "^item_id=1000011525" ) {
    rewrite ^ $scheme://$host/node/5? permanent;
  }
  if ( $args ~* "^item_id=1000011526" ) {
    rewrite ^ $scheme://$host/node/6? permanent;
  }

We have removed this restriction which affected only BOA users, so /index.php is no longer an internal only location. This is better solution than adding some extra complexity to make it possible. Now rewrites/redirects of this type can be added via already supported extra config includes in BOA.

This is in fact for 7.x-3.x, which is the version used in BOA.