Stopping rewrite for passworded folders

Fix it!!

Stopping rewrite for passworded folders

Postby Marc_J » Tue Aug 15, 2006 9:13 am

My current situation is as follows (using modrewrite.com as an example domain): -

My hosting account (cpanel) is setup with the full domain (modrewrite.com), onto which I have parked local versions (modrewrite.co.uk) and a shortened version (modrw.com).

I have the following htaccess in the root to rewrite all traffic to the short version (including the www): -

Code: Select all
RewriteEngine on

RewriteCond %{HTTP_HOST} !^www\.modrw\.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^(.*) http://www.modrw.com/$1 [L,R=301]


This is working fine. However, I have an htaccess protected /admin folder which stopped working when I started using the above mod_rewrite code in the root.

It seems that no matter which domain I access the /admin folder from, upon authentication it gets rewritten to the full "account" domain version (modrewrite.com/admin), which is causing a 404 error (I'm assuming because this is in conflict with the mod_rewrite in the root).

Changing the host account domain to the short version is not an option as too many things are tied to it.

I need to disable mod_rewrite in the admin folder, either by an htaccess file in it or (preferably) by an entry in the htaccess of the root to ignore the admin folder. The trouble is I don't know how to do either?

Any help would be much appreciated!
Marc_J
 
Posts: 25
Joined: Tue Aug 15, 2006 9:00 am

Postby richardk » Sat Aug 19, 2006 2:12 pm

Code: Select all
RewriteEngine on

RewriteCond %{HTTP_HOST} !^www\.modrw\.com$ [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule !^(admin)(/.*)?$ http://www.modrw.com%{REQUEST_URI} [L,R=301]


/admin should be ignored. If you want /protected to be ignored you would replace (admin) with (admin|protected), the directory names are in the () seperated by a |.
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby Marc_J » Sun Aug 20, 2006 12:33 am

Thanks!
Marc_J
 
Posts: 25
Joined: Tue Aug 15, 2006 9:00 am

Postby soundsgood » Thu Aug 31, 2006 5:16 pm

richardk wrote:
Code: Select all
RewriteEngine on

RewriteCond %{HTTP_HOST} !^www\.modrw\.com$ [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule !^(admin)(/.*)?$ http://www.modrw.com%{REQUEST_URI} [L,R=301]


/admin should be ignored. If you want /protected to be ignored you would replace (admin) with (admin|protected), the directory names are in the () seperated by a |.
I think this might solve my problem as well but do I put this in the .htaccess in the root or the .htaccess in my admin folder that has the auth in it?
Thanks,
Bill Kellum
soundsgood
 
Posts: 5
Joined: Tue Aug 29, 2006 1:24 pm

Postby richardk » Fri Sep 01, 2006 2:08 am

Probably in the root and subdirectory but not the passworded directory. But we tried ignoring the folder with
Code: Select all
RewriteCond %{REQUEST_URI} !^/VerveShop/admin(/.*)?$ [NC]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 11 guests

cron