Solved

.htaccess  redirecting link to home page

Posted on 2013-01-04
14
309 Views
Last Modified: 2013-02-10
Hi,
I need help with my .htaccess file, all works well execpt if I try the following link

www.mywebsite.com.au/admin/view_upd_order.php?order_id=45

I get redirected to my home page

https://www.mywebsite.com.au/index.php

if I take out the 2 lines below all works OK but I lose the ability to force users to the SSL site?
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


Any ideas what I am doing wrong?

Thanks for your help.

SetEnv PHPRC /home/mywebsite/public_html
Options +FollowSymLinks
Options +Indexes
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.mywebsite.com.au$ [NC]
RewriteRule ^(.*)$ https://www.mywebsite.com.au/$1 [L,R=301] 
RewriteRule ([0-9]+)(.*)\.html$ index.php?page_id=$1
ErrorDocument 404 http://www.mywebsite.com.au/index.php

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

RedirectMatch permanent ^/show/?$  http://www.mywebsite.com.au/showme.php
RedirectMatch permanent ^/showme/?$  http://www.mywebsite.com.au/showme.php

Open in new window

0
Comment
Question by:sabecs
  • 6
  • 5
  • 3
14 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 38747129
Need to look at it more, but I would suggest changing:

     ErrorDocument 404 http://www.mywebsite.com.au/index.php

To:

     ErrorDocument 404 https://www.mywebsite.com.au/index.php

If you really want to force all traffic to https.
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 38747203
My guess is that the forced SSL is rewriting the URL improperly, and it is then being picked up by the 404 rule.  You'll need to turn on mod_rewrite's log functionality to verify what is actually being tested.  Use "RewriteLogLevel 9" and post a single attempt to browse to the affected URL.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 333 total points
ID: 38747229
I would also change your:

RedirectMatch permanent ^/show/?$  http://www.mywebsite.com.au/showme.php
RedirectMatch permanent ^/showme/?$  http://www.mywebsite.com.au/showme.php

To go to https.  If you want to force SSL, then every redirect/rewrite you do should use https and not http.

I not so sure that your http rewrite rule is correct.  There are many different ways to for SSL, and I have seen a lot of then, not all, but a lot.  This was the 1st time I saw the way you are doing it.  I did find at least one place that had that way as an example so I must assume it works, but as routinet suggested, enabled logging and see what is going on.
0
 
LVL 50

Assisted Solution

by:Steve Bink
Steve Bink earned 167 total points
ID: 38747512
>>> To go to https.  If you want to force SSL, then every redirect/rewrite you do
>>> should use https and not http.
>>> I not so sure that your http rewrite rule is correct.

While I think the rule will function as expected, I believe the logic of that particular approach is redundant.  It is checking to see if the server's internal HTTPS state is off or on.  Inside a normal port 80 vhost, that should always be off, and would therefore always be applied.  The rule I use for this same concept (as noted, this would be inside a port 80 vhost):

RewriteRule /?(.*) https://mydomain.com/$1 [R,L,QSA]

The difference here is that the above rule will forward *all* requests to the SSL version of the site, absent any other considerations.  The original rule will not fire if, somehow, an SSL-enabled request gets through to your "normal" site.  This rule is normally placed at the top of my list of rules, following only the rule that forbids the TRACE method.

The other consideration is that these rules are going into an .htaccess file, which is outside any specific <VirtualHost> container.  If you do not have access to the server's conf files, the existing rule is probably the better bet.
0
 

Author Comment

by:sabecs
ID: 38747615
Thanks for your help, very much appreciated.
I tried RewriteLogLevel 9 but received a server config error.

www.mywebsite.com.au/admin/view_upd_order.php?order_id=45

I did notice that the admin directory is password protected and the .htaccess file contains the following,

AuthUserFile "/home/mywebsite/.htpasswds/public_html/admin/passwd"
AuthName "Admin's Only"
AuthType Basic
require valid-user

If I remove it then link appears to work ok, so would I need to also change this .htaccess file?
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 38748340
The RewriteLogLevel directive must go in the server or virtual host conf file.  It can not be used in an htaccess file.  Without access to the rewrite log, further troubleshooting will be difficult.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38748411
Is there anything else in the .htaccess file for the admin directory?

Does your other .htaccess file work for URL's that don't need access to the admin directory?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:sabecs
ID: 38749277
Thanks again for your help, there is nothing else in the .htaccess file for the admin directory and all other folders and links appear to work ok.

I just tried http://www.mywebsite.com.au/admin & www.mywebsite.com.au/admin and both of these get redirected to https://www.mywebsite.com.au/index.php also, but https://www.mywebsite.com.au/admin is OK..
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38749313
When you go to http://www.mywebsite.com.au/admin are you prompted for a userid and password?
0
 

Author Comment

by:sabecs
ID: 38749334
If I got to http://www.mywebsite.com.au/admin I am not prompted for a password, just get redirected to home page, only get prompted if I use https://
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38749345
Umm, I got to re-read. I thought that .htaccess files were supposed to processed "lowest" to highest", meaning if I had

/.htaccess
/admin/.htaccess

that the one in /admin would be processed first then the on in /.  I would expect you to be prompted.

What happens if you specific the full "admin" url of the default page?  Meaning something like /admin/index.php.
0
 

Author Comment

by:sabecs
ID: 38749467
0
 
LVL 57

Accepted Solution

by:
giltjr earned 333 total points
ID: 38749494
Although I don't think it should matter can you try using:



RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.mywebsite.com.au$ [NC]
RewriteRule ^(.*)$ https://www.mywebsite.com.au/$1 [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteRule ([0-9]+)(.*)\.html$ index.php?page_id=$1
ErrorDocument 404 http://www.mywebsite.com.au/index.php
0
 

Author Comment

by:sabecs
ID: 38749606
Thanks giltjr, I tried your suggestion but same again...
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Need assistance modifying php script 3 40
Prevent SQL Injection 4 104
Re-negotiation handshake failed: Not accepted by client!? 8 264
Updating PHP in Windows Server 2012 r2 22 98
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

939 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now