Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

.htaccess  redirecting link to home page

Posted on 2013-01-04
14
Medium Priority
?
316 Views
Last Modified: 2013-02-10
Hi,
I need help with my .htaccess file, all works well execpt if I try the following link

www.mywebsite.com.au/admin/view_upd_order.php?order_id=45

I get redirected to my home page

https://www.mywebsite.com.au/index.php

if I take out the 2 lines below all works OK but I lose the ability to force users to the SSL site?
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


Any ideas what I am doing wrong?

Thanks for your help.

SetEnv PHPRC /home/mywebsite/public_html
Options +FollowSymLinks
Options +Indexes
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.mywebsite.com.au$ [NC]
RewriteRule ^(.*)$ https://www.mywebsite.com.au/$1 [L,R=301] 
RewriteRule ([0-9]+)(.*)\.html$ index.php?page_id=$1
ErrorDocument 404 http://www.mywebsite.com.au/index.php

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

RedirectMatch permanent ^/show/?$  http://www.mywebsite.com.au/showme.php
RedirectMatch permanent ^/showme/?$  http://www.mywebsite.com.au/showme.php

Open in new window

0
Comment
Question by:sabecs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 3
14 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 38747129
Need to look at it more, but I would suggest changing:

     ErrorDocument 404 http://www.mywebsite.com.au/index.php

To:

     ErrorDocument 404 https://www.mywebsite.com.au/index.php

If you really want to force all traffic to https.
0
 
LVL 51

Expert Comment

by:Steve Bink
ID: 38747203
My guess is that the forced SSL is rewriting the URL improperly, and it is then being picked up by the 404 rule.  You'll need to turn on mod_rewrite's log functionality to verify what is actually being tested.  Use "RewriteLogLevel 9" and post a single attempt to browse to the affected URL.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 1332 total points
ID: 38747229
I would also change your:

RedirectMatch permanent ^/show/?$  http://www.mywebsite.com.au/showme.php
RedirectMatch permanent ^/showme/?$  http://www.mywebsite.com.au/showme.php

To go to https.  If you want to force SSL, then every redirect/rewrite you do should use https and not http.

I not so sure that your http rewrite rule is correct.  There are many different ways to for SSL, and I have seen a lot of then, not all, but a lot.  This was the 1st time I saw the way you are doing it.  I did find at least one place that had that way as an example so I must assume it works, but as routinet suggested, enabled logging and see what is going on.
0
How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

 
LVL 51

Assisted Solution

by:Steve Bink
Steve Bink earned 668 total points
ID: 38747512
>>> To go to https.  If you want to force SSL, then every redirect/rewrite you do
>>> should use https and not http.
>>> I not so sure that your http rewrite rule is correct.

While I think the rule will function as expected, I believe the logic of that particular approach is redundant.  It is checking to see if the server's internal HTTPS state is off or on.  Inside a normal port 80 vhost, that should always be off, and would therefore always be applied.  The rule I use for this same concept (as noted, this would be inside a port 80 vhost):

RewriteRule /?(.*) https://mydomain.com/$1 [R,L,QSA]

The difference here is that the above rule will forward *all* requests to the SSL version of the site, absent any other considerations.  The original rule will not fire if, somehow, an SSL-enabled request gets through to your "normal" site.  This rule is normally placed at the top of my list of rules, following only the rule that forbids the TRACE method.

The other consideration is that these rules are going into an .htaccess file, which is outside any specific <VirtualHost> container.  If you do not have access to the server's conf files, the existing rule is probably the better bet.
0
 

Author Comment

by:sabecs
ID: 38747615
Thanks for your help, very much appreciated.
I tried RewriteLogLevel 9 but received a server config error.

www.mywebsite.com.au/admin/view_upd_order.php?order_id=45

I did notice that the admin directory is password protected and the .htaccess file contains the following,

AuthUserFile "/home/mywebsite/.htpasswds/public_html/admin/passwd"
AuthName "Admin's Only"
AuthType Basic
require valid-user

If I remove it then link appears to work ok, so would I need to also change this .htaccess file?
0
 
LVL 51

Expert Comment

by:Steve Bink
ID: 38748340
The RewriteLogLevel directive must go in the server or virtual host conf file.  It can not be used in an htaccess file.  Without access to the rewrite log, further troubleshooting will be difficult.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38748411
Is there anything else in the .htaccess file for the admin directory?

Does your other .htaccess file work for URL's that don't need access to the admin directory?
0
 

Author Comment

by:sabecs
ID: 38749277
Thanks again for your help, there is nothing else in the .htaccess file for the admin directory and all other folders and links appear to work ok.

I just tried http://www.mywebsite.com.au/admin & www.mywebsite.com.au/admin and both of these get redirected to https://www.mywebsite.com.au/index.php also, but https://www.mywebsite.com.au/admin is OK..
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38749313
When you go to http://www.mywebsite.com.au/admin are you prompted for a userid and password?
0
 

Author Comment

by:sabecs
ID: 38749334
If I got to http://www.mywebsite.com.au/admin I am not prompted for a password, just get redirected to home page, only get prompted if I use https://
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38749345
Umm, I got to re-read. I thought that .htaccess files were supposed to processed "lowest" to highest", meaning if I had

/.htaccess
/admin/.htaccess

that the one in /admin would be processed first then the on in /.  I would expect you to be prompted.

What happens if you specific the full "admin" url of the default page?  Meaning something like /admin/index.php.
0
 

Author Comment

by:sabecs
ID: 38749467
0
 
LVL 57

Accepted Solution

by:
giltjr earned 1332 total points
ID: 38749494
Although I don't think it should matter can you try using:



RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.mywebsite.com.au$ [NC]
RewriteRule ^(.*)$ https://www.mywebsite.com.au/$1 [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteRule ([0-9]+)(.*)\.html$ index.php?page_id=$1
ErrorDocument 404 http://www.mywebsite.com.au/index.php
0
 

Author Comment

by:sabecs
ID: 38749606
Thanks giltjr, I tried your suggestion but same again...
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question