A Magento Redirect Loop

Discuss practical ways rearrange URLs using mod_rewrite.

Postby AndrewKalonga » Mon Aug 03, 2009 8:26 am

I have partly solved problem [4] by reversing the rules in [3] and [4] then adding SKIP=x.

Code: Select all
RewriteCond %{SCRIPT_FILENAME}\.php -f
RewriteRule ^(.*)$ /index/$1.php [S=1]

RewriteConds here...
...
RewriteRule !^(media|skin|js)(/.*)?$ /index.php [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]


This is letting me use the desired links www.mysite.com/terms and Magento's www.mysite.com/checkout/cart/. The links hide /index and /index.php respectively.

What next?
1- Rewrite the first condition to include: The php file must be in the root directory for this rule to succeed.
2- Verify that these rules hold so that no php files in any folders can be directly accessed.

I think that will finally be a secure configuration. I hope any experts can help me out on this.

Many Thanks.
AndrewKalonga
 
Posts: 10
Joined: Thu May 21, 2009 11:24 am
Location: Nottingham, UK

Postby richardk » Mon Aug 03, 2009 3:13 pm

Post your full mod_rewrite.
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby AndrewKalonga » Tue Aug 04, 2009 4:56 am

Hie richard
Here is part of my htaccess

Code: Select all
<Files index>
ForceType application/x-httpd-php
</Files>

<Files shop>
ForceType application/x-httpd-php
</Files>

<Files order>
ForceType application/x-httpd-php
</Files>

<Files guide>
ForceType application/x-httpd-php
</Files>


Here is my full mod_rewrite.

Code: Select all
# rewrite all to include www
RewriteCond %{HTTP_HOST} !^www\..*
RewriteRule ^.*$ http://www.mysite.com%{REQUEST_URI} [R=permanent,L]

# Ignore requests to /index, /index/*, /shop and /shop/*.
RewriteRule ^(index|shop|order)(/.*)?$ - [S=4]
 
# Redirect to remove an trailing /index.php or /index.php/.
RewriteCond %{THE_REQUEST} \ /(.+/)?index\.php/?(\?.*)?\  [NC]
RewriteRule ^(.+/)?index\.php/?$ http://www.mysite.com/$1 [R=301,L]

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

#attempted to limit access of php in root directory only
#doesn't work so, I'm using the rule below
#RewriteRule ^$|^[^/.]\.php*$ /index/$1 [T=application/x-httpd-php, S=1]

RewriteCond %{SCRIPT_FILENAME}\.php -f
RewriteRule ^.*$ /index/$1 [S=1]

# If the request does not match an existing file
RewriteCond %{SCRIPT_FILENAME} !-f
# and the request does not match an existing directory
RewriteCond %{SCRIPT_FILENAME} !-d
# and the request does not match a symbolic link
RewriteCond %{SCRIPT_FILENAME} !-l
# and the request is not for /media/*, /skin/* or /js/* send
# the request to index.php.
RewriteRule !^(media|skin|js|images)(/.*)?$ /index.php [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]

Thanks
I appreciate your help very much.
AndrewKalonga
 
Posts: 10
Joined: Thu May 21, 2009 11:24 am
Location: Nottingham, UK

Postby richardk » Wed Aug 05, 2009 3:50 pm

Try
Code: Select all
Options +FollowSymLinks

RewriteEngine On

# rewrite all to include www
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* http://www.example.com%{REQUEST_URI} [R=301,L]

# Ignore requests to /index, /index/*, /shop and /shop/*.
RewriteRule ^(index|shop|order)(/.*)?$ - [L]

# Redirect to remove an trailing /index.php or /index.php/.
RewriteCond %{THE_REQUEST} \ /(.+/)?index\.php/?(\?.*)?\  [NC]
RewriteRule ^(.+/)?index\.php/?$ http://www.example.com/$1 [R=301,L]

#attempted to limit access of php in root directory only
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^([^/.]+\.php)?$ /index/$1 [QSA,L]

RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-l
RewriteRule !^(media|skin|js|images)(/.*)?$ /index.php [QSA,L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby AndrewKalonga » Mon Aug 10, 2009 5:45 am

Code: Select all
#attempted to limit access of php in root directory only
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^([^/.]+\.php)?$ /index/$1 [QSA,L]

- does not work. I am getting the 404 page for missing file $1 when I enter something like www.example/contact where actual contact has .php extension.

What about reverting to my previous solution that works for www.example/contact and use php code to detect that a file
is not being accessed directly ("the old fashion way")

In .htaccess
Code: Select all
RewriteCond %{SCRIPT_FILENAME}\.php -f
RewriteRule ^(.*)$ /index/$1.php [S=1]

RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-l
RewriteRule !^(media|skin|js)(/.*)?$ /index.php [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]


In php files not to be accessed directly
Code: Select all
if (strtolower(__FILE__) == strtolower($_SERVER['SCRIPT_FILENAME']))
{
    header('Location: ' . substr($_SERVER['REQUEST_URI'],0, -4));
    exit;
}


Is this creating unnecessary server load? Should we continue solving the rewrite?
AndrewKalonga
 
Posts: 10
Joined: Thu May 21, 2009 11:24 am
Location: Nottingham, UK

Postby richardk » Wed Aug 12, 2009 10:59 am

Try replacing
Code: Select all
Options +FollowSymLinks

with
Code: Select all
Options +FollowSymLinks -MultiViews


You may need to replace
Code: Select all
<Files index>
ForceType application/x-httpd-php
</Files>

<Files shop>
ForceType application/x-httpd-php
</Files>

<Files order>
ForceType application/x-httpd-php
</Files>

<Files guide>
ForceType application/x-httpd-php
</Files>

with
Code: Select all
<Files index>
  ForceType application/x-httpd-php
  Options +MultiViews
</Files>

<Files shop>
  ForceType application/x-httpd-php
  Options +MultiViews
</Files>

<Files order>
  ForceType application/x-httpd-php
  Options +MultiViews
</Files>

<Files guide>
  ForceType application/x-httpd-php
  Options +MultiViews
</Files>

as well.

Is this creating unnecessary server load? Should we continue solving the rewrite?

I doubt you'll notice. And if you did you could continue with the mod_rewrite.
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Previous

Return to Friendly URLs with Mod_Rewrite

Who is online

Users browsing this forum: Google [Bot] and 25 guests

cron