Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 317
  • Last Modified:

.htaccess redirecting link to home page

Hi,
I need help with my .htaccess file, all works well execpt if I try the following link

www.mywebsite.com.au/admin/view_upd_order.php?order_id=45

I get redirected to my home page

https://www.mywebsite.com.au/index.php

if I take out the 2 lines below all works OK but I lose the ability to force users to the SSL site?
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


Any ideas what I am doing wrong?

Thanks for your help.

SetEnv PHPRC /home/mywebsite/public_html
Options +FollowSymLinks
Options +Indexes
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.mywebsite.com.au$ [NC]
RewriteRule ^(.*)$ https://www.mywebsite.com.au/$1 [L,R=301] 
RewriteRule ([0-9]+)(.*)\.html$ index.php?page_id=$1
ErrorDocument 404 http://www.mywebsite.com.au/index.php

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

RedirectMatch permanent ^/show/?$  http://www.mywebsite.com.au/showme.php
RedirectMatch permanent ^/showme/?$  http://www.mywebsite.com.au/showme.php

Open in new window

0
sabecs
Asked:
sabecs
  • 6
  • 5
  • 3
3 Solutions
 
giltjrCommented:
Need to look at it more, but I would suggest changing:

     ErrorDocument 404 http://www.mywebsite.com.au/index.php

To:

     ErrorDocument 404 https://www.mywebsite.com.au/index.php

If you really want to force all traffic to https.
0
 
Steve BinkCommented:
My guess is that the forced SSL is rewriting the URL improperly, and it is then being picked up by the 404 rule.  You'll need to turn on mod_rewrite's log functionality to verify what is actually being tested.  Use "RewriteLogLevel 9" and post a single attempt to browse to the affected URL.
0
 
giltjrCommented:
I would also change your:

RedirectMatch permanent ^/show/?$  http://www.mywebsite.com.au/showme.php
RedirectMatch permanent ^/showme/?$  http://www.mywebsite.com.au/showme.php

To go to https.  If you want to force SSL, then every redirect/rewrite you do should use https and not http.

I not so sure that your http rewrite rule is correct.  There are many different ways to for SSL, and I have seen a lot of then, not all, but a lot.  This was the 1st time I saw the way you are doing it.  I did find at least one place that had that way as an example so I must assume it works, but as routinet suggested, enabled logging and see what is going on.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
Steve BinkCommented:
>>> To go to https.  If you want to force SSL, then every redirect/rewrite you do
>>> should use https and not http.
>>> I not so sure that your http rewrite rule is correct.

While I think the rule will function as expected, I believe the logic of that particular approach is redundant.  It is checking to see if the server's internal HTTPS state is off or on.  Inside a normal port 80 vhost, that should always be off, and would therefore always be applied.  The rule I use for this same concept (as noted, this would be inside a port 80 vhost):

RewriteRule /?(.*) https://mydomain.com/$1 [R,L,QSA]

The difference here is that the above rule will forward *all* requests to the SSL version of the site, absent any other considerations.  The original rule will not fire if, somehow, an SSL-enabled request gets through to your "normal" site.  This rule is normally placed at the top of my list of rules, following only the rule that forbids the TRACE method.

The other consideration is that these rules are going into an .htaccess file, which is outside any specific <VirtualHost> container.  If you do not have access to the server's conf files, the existing rule is probably the better bet.
0
 
sabecsAuthor Commented:
Thanks for your help, very much appreciated.
I tried RewriteLogLevel 9 but received a server config error.

www.mywebsite.com.au/admin/view_upd_order.php?order_id=45

I did notice that the admin directory is password protected and the .htaccess file contains the following,

AuthUserFile "/home/mywebsite/.htpasswds/public_html/admin/passwd"
AuthName "Admin's Only"
AuthType Basic
require valid-user

If I remove it then link appears to work ok, so would I need to also change this .htaccess file?
0
 
Steve BinkCommented:
The RewriteLogLevel directive must go in the server or virtual host conf file.  It can not be used in an htaccess file.  Without access to the rewrite log, further troubleshooting will be difficult.
0
 
giltjrCommented:
Is there anything else in the .htaccess file for the admin directory?

Does your other .htaccess file work for URL's that don't need access to the admin directory?
0
 
sabecsAuthor Commented:
Thanks again for your help, there is nothing else in the .htaccess file for the admin directory and all other folders and links appear to work ok.

I just tried http://www.mywebsite.com.au/admin & www.mywebsite.com.au/admin and both of these get redirected to https://www.mywebsite.com.au/index.php also, but https://www.mywebsite.com.au/admin is OK..
0
 
giltjrCommented:
When you go to http://www.mywebsite.com.au/admin are you prompted for a userid and password?
0
 
sabecsAuthor Commented:
If I got to http://www.mywebsite.com.au/admin I am not prompted for a password, just get redirected to home page, only get prompted if I use https://
0
 
giltjrCommented:
Umm, I got to re-read. I thought that .htaccess files were supposed to processed "lowest" to highest", meaning if I had

/.htaccess
/admin/.htaccess

that the one in /admin would be processed first then the on in /.  I would expect you to be prompted.

What happens if you specific the full "admin" url of the default page?  Meaning something like /admin/index.php.
0
 
sabecsAuthor Commented:
0
 
giltjrCommented:
Although I don't think it should matter can you try using:



RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.mywebsite.com.au$ [NC]
RewriteRule ^(.*)$ https://www.mywebsite.com.au/$1 [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteRule ([0-9]+)(.*)\.html$ index.php?page_id=$1
ErrorDocument 404 http://www.mywebsite.com.au/index.php
0
 
sabecsAuthor Commented:
Thanks giltjr, I tried your suggestion but same again...
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 6
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now