In /public_html/ I have a wordpress install as well as a directory - 'mydirectory' - that I'd like to protect and be able to access directly. I've got the protection setup with an .htaccess and .htpasswd file, but I'm only getting 404 errors when I try to access the files in that folder. I've tried just about every re-write option I can find for the root level .htaccess file, but nothing has worked. I'm curious if I'm missing something outside of the rewrite condition that could be affecting it? I cannot seem to figure out why I can't get this to work! Below are my various .htaccess files and the rewrites i've tried.
Root Level:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
.htaccess in mydirectory:
ErrorDocument 401 default
AuthType Basic
AuthName "LampreyTrillo"
AuthUserFile file:///public_html/mydirectory/.htpasswd
Require valid-user
.htpasswd in mydirectory:
test:pass
Rewrites I've Tried:
RewriteRule ^mydirectory(/.*)?$ - [L,NC]
# disable the rewrite engine in the ignored directory .htaccess
RewriteEngine off
RewriteCond %{REQUEST_URI} ^/mydirectory/(.*)$
RewriteCond %{REQUEST_URI} !(mydirectory) [NC]
#Change last rewrite rule from '. /index.php' to './ /index.php'
RewriteRule ^mydirectory/.*$ - [PT]
RewriteCond %{REQUEST_URI} !^/(mydirectory|mydirectory/.*)$
I'm stumped, cant figure out what I'm missing here so any advice or new information would be greatly appreciated! Thank you in advance!
Add this to your .htaccess file:
RewriteCond %{REQUEST_URI} !(your_excluded_directory|your_excluded_directory_2|your_excluded_directory_3_etc) [NC]
just before
RewriteCond %{REQUEST_FILENAME} !-f
Related
Good morning,
I have a very strange issue with the default .htaccess with WordPress.
I have a "stats" folder in the webroot which contain something else than WordPress. Usually, I can access it by doing www.example.com/stats/ on the web browser. But with one WordPress, www.example.com/stats/ is rewrited to the index.php of WordPress.
Please note that I use the defaut WordPress .htaccess which is:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Usually, RewriteCond %{REQUEST_FILENAME} !-d should help to skip rewriting as stats is a directory. But stats still rewrite to index.php.
I already tried to add some other RewriteCond (with REQUEST_FILENAME and QUERY_STRING) to try skipping manually stats directory but it not works. Here are them (as requested on comments):
RewriteCond %{REQUEST_FILENAME} !^stats$
RewriteCond %{REQUEST_FILENAME} !^stats/$
RewriteCond %{REQUEST_FILENAME} !^/stats/$
RewriteCond %{QUERY_STRING} !stats
RewriteCond %{QUERY_STRING} !^stats/$
RewriteCond %{QUERY_STRING} !^/stats/$
RewriteCond %{QUERY_STRING} !stats(.*)
Both are not working.
As requested in comment also, I tried to rename stats to another name. And it works with the name stats2. But I still want to use stats as folder name.
Note that it is not a caching issue.
Inside the folder stats, there is a .htaccess:
AuthType Basic
AuthName "Members Only"
AuthUserFile /var/www/clients/client0/web1/web/stats/.htpasswd_stats
require valid-user
Note that the folder stats is managed by ISPConfig.
Any idea to check? Thanks in advance.
Found the issue!!!
In general, Apache does the rewrite phase before the authorization phase, which is why your code performs the rewrite without ever asking for user to authenticate.
https://stackoverflow.com/a/13295036/7664726
I had to add it to the .htaccess in the website root:
RewriteCond %{LA-U:REMOTE_USER} !^$
So my final .htaccess is this:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{LA-U:REMOTE_USER} !^$
RewriteRule . /index.php [L]
</IfModule>
Thanks to add peoples in comment section helping me solve this issue.
Instead of modifying the root .htaccess file, it may be preferable to simply disable the rewrite engine in the /stats/.htaccess file. Since mod_rewrite is not inherited (by default) this should prevent the WordPress front-controller in the root .htaccess file being processed.
For example, in /stats/.htaccess:
RewriteEngine Off
AuthType Basic
: etc.
I have a website with the following structure:
/public_html
/main site content (html content mostly)
/.htaccess (1)
/secret (dir)
/wp (dir)
/a wordpress install
/.htaccess (2)
/secret/wp/ is meant to be a development site for moving to a wordpress solution. It's where I'm working on the new site.
The root .htaccess is causing 403 Forbidden errors when I try to view the new site. I know this because deleting it from the server fixes the issue.
The problem is, it's doing some important file extension name rewrites for me that I need or else my main site breaks.
htaccess (1)
<Files ~ "^\.(htaccess|htpasswd)$">
deny from all
</Files>
DirectoryIndex index.html
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(wp-admin)($|/) - [L] # You don't want to mess with WordPress
RewriteRule ^/secret/wp/ - [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule .* $0.html
# browser requests html
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^\ ]+)\.html
RewriteRule ^/?(.*)\.html$ /$1 [L,R=301]
# check to see if the request is for a html file:
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^/?(.*)$ /$1.html [L]
</IfModule>
Redirect 301 /shop.html https://mydomain.myshopify.com/
Adding the line "RewriteRule ^/secret/wp/ - [L]" was the result of searching for a solution to this issue, but it doesnt seem to do anything.
My other .htaccess seems to not be triggering at all. I will post it for clarity:
.htaccess (2)
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /secret/wp/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /secret/wp/index.php [L]
# Fix 403 errors on existing directories; WordPress overrides.
RewriteCond %{REQUEST_URI} ^/secret/wp/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I'm at a loss for what to do. I can't just delete the .htaccess file or else the whole site breaks, but I can't seem to figure out how to stop the 403 errors. I'm pretty sure it's because of the rewrite rule, but it doesn't seem to be stopping for the directory like its supposed to.
Any help would be greatly appreciated.
I think you can try this into your .htaccess
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
Found the answer. It took a week of digging and testing through every possible forum I could find, but eventually (after deleting the whole wp install and reinstalling to a clean directory), I found the simplest answer that fixed it all:
I had to edit my .htaccess file to allow "index.php" as a valid
default index page.
My .htaccess file for the top level of my domain only had this line:
DirectoryIndex index.html
I just had to change it to DirectoryIndex index.html index.php
And then everything worked.
I am having an issue with .htaccess files (something that I do not really understand) - therefore, if I could get an explanation along with an answer that would be incredible!
Anyway, the situation is as follows.
Aim : I am trying to remove the www portion of my website so that it loads up always as XXX.com.
I have a root directory with an .htaccess coded as follows :
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
</IfModule>
This works well for it's purpose. However, in a directory called "Info" I have an installation of Wordpress with it's own .htaccess which currently looks like :
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /info/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /info/index.php [L]
</IfModule>
This does not remove the www and is the standard WordPress installation .htaccess file. My question is, what do I have to do to this file or the root directory file to fix the canonical issue!
Thanks a bunch,
Alex
Rewrite rules that are in htaccess files have precedence in subfolders first. Meaning the htaccess file in the /info/ folder completely supercedes any rules in parent directories. That's why the rule in your root directory is being ignored.
If you're using apache 2.4, you can use the InheritBefore option:
RewriteOption InheritBefore
which makes any rules in the parent directory get applied before any rules in the current directory.
If you're not using apache 2.4, then you'll have to duplicate the rules before the wordpress rules:
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /info/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /info/index.php [L]
</IfModule>
I fixed the issue myself. In WP it was surprisingly easy to do.
I logged into wp-login.php and then proceeded through to General settings where I removed the "www." from both listed URLs... Worked a charm!
I have a vbulletin with vbseo installed and the .htaccess code is
# Comment the following line (add '#' at the beginning)
# to disable mod_rewrite functions.
# Please note: you still need to disable the hack in
# the vBSEO control panel to stop url rewrites.
RewriteEngine On
# Some servers require the Rewritebase directive to be
# enabled (remove '#' at the beginning to activate)
# Please note: when enabled, you must include the path
# to your root vB folder (i.e. RewriteBase /forums/)
#RewriteBase /
#RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com
#RewriteRule (.*) http://www.yourdomain.com/forums/$1 [L,R=301]
RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]
RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap|api\.php)
RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !/(admincp|modcp|clientscript|cpstyles|images)/
RewriteRule ^(.+)$ vbseo.php [L,QSA]
the sub-domains have wordpress on it for example : games.domain.com not working it gives me Internal Server Error
so how to resolve this issue? and get's the domain and sub-domains work ?
I solve the problem by adding .htaccess file into games folder with the following code only
RewriteEngine Off
Here's a tricky one for y'all. I have a WordPress site installed on my server in the following directory:
public_html/priestessentrepreneur/dsa/blogdsa
I have divinesparkastrology.com pointed to public_html/priestessentrepreneur/dsa
I have priestessastrology.com pointed to public_html/priestessentrepreneur/dsa/blogdsa
So, my (singular) WordPress installation used to have the site URL set to http://www.divinesparkastrology.com/blogdsa but I recently changed it to http://www.priestessastrology.com/. When you type in http://www.divinesparkastrology.com/ you are correctly forward to the new url, http://www.priestessastrology.com/. However, if you try to go directly to http://www.divinesparkastrology.com/blogdsa it says Nothing Found.
I want http://www.divinesparkastrology.com/blogdsa and all of its subfolders and files to point to their new location at http://www.priestessastrology.com/ (the directory structure hasn't ever changed, only the base URL changed). How do I update the .htaccess file so that the new url still works properly, but if and only if the user has entered the old URL they are forwarded to the new one?
Edit: here's what's currently in my /dsa .htaccess file:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^divinesparkastrology\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.divinesparkastrology\.com$
RewriteRule ^/?$ "http\:\/\/www\.priestessastrology\.com\/" [R=301,L]
And here's what's in my /dsa/blogdsa .htaccess file:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Add the following RewriteRule to the WordPress .htaccess file:
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# added line
RewriteRule ^blogdsa/?$ / [R=301,L]
RewriteRule ^blogdsa/(.+)$ /$1 [R=301,L]
RewriteRule . /index.php [L]
Note: that you will never be able to access a blogdsa WordPress page with this rule in place.
Don't do it at the .htaccess level. Do it at the httpd.conf level, with a very basic
NameVirtualHost x.x.x.x
<VirtualHost x.x.x.x>
ServerName www.divinesparkastrology.com
ServerAlias divinesparkastrology.com *.divinesparkastrology.com
RedirectPermanent / http://priestessastrology.com
</VirtualHost>
This way you can do your redirects without having to mess with sharing .htaccess with wordpress or having the two sites sharing a common structure. Apache will take care of redirecting all requests to the new server name without having to load/parse/rewrite the .htaccess file on every single hit.
Add the following to your the top of your .htaccess file in the public_html/priestessentrepreneur/dsa/blogdsa folder. before any existing rules.
RewriteEngine On
RewriteBase /
#if request is on the divinesparkastrology domain
RewriteCond %{HTTP_HOST} ^(www\.)?divinesparkastrology\.com [NC]
#and it is for a folder starting with blogdsa
RewriteCond %{REQUEST_URI} ^/(blogdsa.*)$ [NC]
#redirect them to the same folder on the priestressastrology site
RewriteRule .* http://www.priestessastrology.com/%1 [L,R=301]
Edit: modified to include just divinesparkastrology without www and, more importantly, since blogdsa is a part of both sites, the .htaccess should be placed in blogdsa directory, not the dsa dir.