I have a wordpress install in /, which has the following .htaccess
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I have a small internal photo-archive page in /photo-archive, which has the following .htaccess:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^?]*)$ /photo-archive/index.php?path=$1 [NC,L,QSA]
#AuthType Basic
#AuthName "Photo-Archive-Test"
#AuthUserFile "passwd"
#require valid-user
What's listed above works, but the photo-archive isn't password protected (since those lines are commented out).
Testing:
When I uncomment those lines, instead of getting the photo-archive front page and a password prompt, I get wordpress's 404 page.
If I comment out wordpress's .htaccess and uncomment all of the lines in the photo-archive's .htaccess, then I get the photo-archive's page with password protection.
If I comment out the photo-archive's rewriteengine stuff and uncomment the password stuff, then I still get wordpress's 404 page.
So it seems that somehow wordpress is picking up on the fact that the page is password protected and then is applying its rewriteEngine code as a result.
Any idea what's going on here or how to fix it?
Edit: There is only one line causing the problem: require valid-user
Edit2: After doing some research online, it seems like what's happening is apache is going to the photo-archive page, getting a 401 (unauthorized) error, tries to give that error to the browser, the browser looks that page up somehow, and wordpress serves up its 404 page, since it doesn't have a 401 page. I don't know how to fix it, but I think this may be the cause.
Try this in your WP .htaccess:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_URI} !/photo-archive [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I added "ErrorDocument 401 /401.html" to the top of the wordpress's .htaccess file.
401.html is just a simple html file right now, it could be anything:
<html>401 error</html>
I got the answer from here: http://wordpress.org/support/topic/htaccess-and-subdirectories
.htaccess files are additive. Whenever you request a page, the webserver basically goes through every directory down the tree from the root (specified by the closest match of in the httpd.conf file), and adds all the .htaccess files together. As it traverses them, it parses each one. Later .htaccess files override previous ones, but only for the same specified items. RewriteRules are cumulative.
So what I think is going on is that the authorization in the password protected directory is forcing a 401 response ("Authorization Required") back to the client. Normally, the client would get the 401 and ask for a password.
However, in this case, this 401 response is intercepted by the WordPress RewriteRules which says to rewrite everything to WordPress. This is because .htaccess's are cumulative and your closest matching Directory is the root.
So, by forcing an ErrorDocument for the 401 response before the WordPress rules, you pre-empt them (since the file actually exists, the RewriteRules won't take effect upon it), causing your 401 document to be sent instead of rewriting to WordPress. However, the client doesn't give a crap about that document, it sees the 401 and asks for a password.
Notice that if you fail to give a password three times (depending on the client), you'll probably get forwarded back to WordPress. This may or may not be what you want. If you add the 403 line, you'll get either your error document or a 403 Forbidden page back, not certain which.
Other possible solutions:
- Add a new Directory statement to httpd.conf, specifically specifying your password protected directory, thus bypassing the wordpress rewrites from the htaccess search path.
- Add another rewrite to the top of the wordpress rewrites that pre-empts them for that directory only.
But forcing a 401/403 document seems like the best solution to me, since it will work with any password protected subdirectories you care to add, without having to specify them.
Related
I have a main domain and a domain alias that points to the main domain.
With the following .htaccess rule, I route traffic for the domain alias to a subfolder:
RewriteCond %{HTTP_HOST} ^(www\.)?domainalias\.nl$ [NC]
RewriteRule !^subfolder/ /subfolder%{REQUEST_URI} [L,NC]
This works, only the URL of the domain alias is shown in the address bar.
Then I have some other rules, for instance:
RewriteRule ^pagina/([^/]*)/([^/]*)\.html$ /subfolder/result.php?page=$1®io=$2 [L]
This also works and shows a page like:
https://www.domainalias.nl/pagina/socialemedia/drenthe.html
Now comes the problem. I can also enter URLs like:
https://www.domainalias.nl/pagina/blabla/test/123/socialemedia/drenthe.html
or:
https://www.domainalias.nl/blabla
or any other non-existing URL.
These pages show the homepage, however, it should show a 404 error page.
Probably caused by my rule that routes everything to the subfolder. How can I prevent this?
EDIT:
Sorry guys. I should have posted the complete .htaccess file. You pointed me in the right direction. The main domain is a Wordpress website, therefore the .htaccess also includes the following rules at the bottom of the file:
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
If I remove these, my domain alias works and shows proper 404 pages.
How can I change these rules so that they only apply to the main domain?
The main domain is a Wordpress website....
If I remove these, my domain alias works and shows proper 404 pages.
How can I change these rules so that they only apply to the main domain?
This is arguably a fault with the WordPress website. WP itself should be generating a 404, not simply serving the homepage.
However, you can add an exception before the WordPress code block (front-controller) that prevents the request being routed to WordPress if the domain-alias is requested, or rather only when the main-domain is requested.
For example, before the WordPress code block:
# Prevent further processing if not the main-domain
RewriteCond %{HTTP_HOST} !^(www\.)?main-domain\.com
RewriteRule ^ - [L]
Alternatively, you could place an additional .htaccess file in the /subfolder directory and simply disable the rewrite engine:
# /subfolder/.htaccess
RewriteEngine Off
This will prevent other directives in the root .htaccess file (including the WordPress front-controller) being processed after the request has been rewritten to the /subfolder, because mod_rewrite directives are not inherited by default. Although this does assume that no other directives should be processed when the /subfolder is requested (or rewritten to).
I have WordPress installed in the root folder and in a subfolder. I can access the home page for the WordPress site in the subdomain, but the permalinks does not work – error 404. I have tried to reset the permalinks, but it did not help. I can’t find any .htaccess file, so I have created one myself and placed it in the subfolder directory:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /projects/bigsargefitness/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /projects/bigsargefitness/index.php [L]
</IfModule>
Here is a link to the subfolder WordPress site:
http://ninahortendesigns.com/projects/bigsargefitness/
I have set the database options to the above direction.
Thanks for your help.
You will need to look at a few things:
.htaccess file in the root WP site (WP1) and edit it so that WP1 doesn't catch the URLs and generate 404 errors, I'm not sure if that comment assisted, I've used this answer for a similar issue.
.htaccess file in the sub WP site (WP2) and rename it to "htaccess.old" then log into your wp2/wp-admin, go to "Settings->Permalinks" check the URL structure is as desired (it doesn't usually change) and click "Save" at the bottom of the page. This will regenerate your .htaccess file within the context of the sub-directory and you shouldn't get 404 errors when you visit sub-pages like this
Here's the code from the first link edited so that it should work with your site, although if you have additional rules, you should only insert the line under the comment.
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
# Include in the next line all folders to exclude
RewriteCond %{REQUEST_URI} !(projects) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
If you have custom rules, only insert these lines
# Include in the next line all folders to exclude
RewriteCond %{REQUEST_URI} !(projects) [NC]
Assuming you're a designer and are uploading examples of sites you've built, you should only have to do step 2 the next time you upload a new site to the wp1/projects/ sub-directory
Cause
Error 404 occurs when the resource or path you requested cannot be reached. In this case it's likely because URL rewrite isn't working properly, hence the permalink requests were still being directed to the requested path (e.g. /projects/bigsargefitness/your-category/your-post-name) instead of the rewritten path (i.e. /projects/bigsargefitness/index.php).
The following solution assumes you use Debian/Ubuntu, otherwise the principles should remain the same.
Solution
Firstly, ensure that the rewrite engine has been installed:
sudo a2enmod rewrite
Then, ensure that the engine is allowed for the subdirectory by editing/adding the following lines in the file /etc/apache2/sites-available/your-site.conf:
<Directory /var/www/projects/bigsargefitness/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
The key here is to ensure that the line says AllowOverride All instead of AllowOverride None.
Finally, restart your server:
sudo service apache2 restart
Let me know if this helps.
I have a strange problem with a site i installed on my server, the same exact code works elsewhere so i'm stuck here trying to figure out what is not working.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
This is the standard Wordpress htaccess. Technically, the "!-d" rule should allow me to list or access any directory but in this install, it's not the case.
I have a "admin" folder and wordpress keeps kicking in and handling the admin url as "wp-admin" but thats not what i want. I already have other servers where i have a custom "admin" folder mixed with wordpress and it launches fine but something strange here seems to be hapenning.
What we have done:
Disable the rewrite engine, wordpress turns off the folder responds
Disable/Reenable the rewrite engine (to flush possible existing rules) nope
Tried to add "RewriteCond %{REQUEST_URI} !^/admin", doesn't work, WP still kicks in
Can you guys suggest anything else?
After some testing we found out that wordpress was catching all error messages even the 401 on our server. It kept showing 404 because thats the only rendered error by Wordpress.
To this end, we just put a
RewriteEngine Off
In the folder we were trying to access and blam! all of it works now!
I hope this can help others!
I'm trying to block Wordpress from messing with /example and /example2, as I had some advanced things (e.g. password protection) that Wordpress was breaking and incorrectly giving 404 messages to.
Here's my .htaccess:
DirectoryIndex index.html index.php parking-page.html
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_URI} !^/(example|example/.*|example2|example2/.*).*$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ./ /index.php [L]
</IfModule>
# END WordPress
This works to block Wordpress from those folders, but now Wordpress won't catch bad URLs anymore unless they have a / in them.
For example, Wordpress will catch:
mydomain.com/something/
mydomain.com/something/anything
mydomain.com/something/anything.html
but it won't catch
mydomain.com/something
mydomain.com/something.html
(even if mydomain.com/something is a valid WP page that would normally work if I didn't have the %{REQUEST_URI} line in there)
The latter type of URL is given the server 404 messages. How can I keep Wordpress in the loop on everything but those two directories?
I have discovered the solution (hat-tip). It is the exact same issue as on this question, except whereas his problem was that the directory in question was using WebDAV, my problem was that the directory was using password protection.
In essence, the default WordPress rules should work as they are--but they break when the folder is password protected. These rules that should catch it as a file (-f) or directory (-d) fail:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
It wasn't catching my password protected directory as a file or directory because it was stuck at the password prompt--and I didn't have any error pages to send it to. Thus, the solution is to set up error handling:
ErrorDocument 401 /err.txt
ErrorDocument 403 /err.txt
Just put these two lines above all the WordPress stuff and create /err.txt. That way it can land on the file and the default WP code works beautifully.
i have an really unusual problem i've never had before.
i've no .htaccess file on my server. looked everywhere, there is just no file, but a Wordpress Plugin (AskApacheRewriteRules) tells me that the following Rules are active:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
any idea why that could be, i've already wrote my hosting provider, but their service isn't the best.
even if i create an htaccess file with other rules and save it to my root of the server, it doesn't change anything. The plugin always tells me the same and i believe the plugin, because i'm having issues with the /index.php/ in my url (that i don't want to have).
any ideas?
On the AskApacheRewriteRules options page, did you make sure that using_index_permalinks is set to false and that using_mod_rewrite_permalinks is set to true? If this isn't the case, WordPress will attempt to use PATH_INFO for your permalinks, resulting in /index.php/(permalink_structure).
Note that the WordPress rewrite class stores its rewrite rules as a WordPress option in the database, which is where AskApacheRewriteRules gets its information. The plugin also apparently formats the rules with the mod_rewrite_rules function before echoing them to the page, which will surround them with:
<IfModule mod_rewrite.c>
...
</IfModule>
So, the likely reason you can't find the .htaccess file is because it doesn't exist; the rules are just present in the database. The reason why the rules are present in the database is because you're using permalinks, and this is the auto-generated WordPress ruleset, which is saved regardless of whether it's actually being used or not.
Edit: You must have a .htaccess file in the root of your web directory with the following contents:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
<IfModule !mod_rewrite.c>
# If mod_rewrite isn't available, we'll do this a hackish (and bad) way...
ErrorDocument 404 /index.php
</IfModule>
The rewrite_rules option is stored at SELECT option_value FROM wp_options WHERE option_name = 'rewrite_rules', but it gets regenerated every time you change the permalink, and isn't used except for writing to .htaccess from what I can tell.
Anyway, those are definitely the correct rules for what you want to do. Are you sure that mod_rewrite is enabled on your host?
Edit:
Let's make 100% sure that mod_rewrite is working correctly and go from there.
Create a .htaccess file in your web root with the following rules, exactly as written:
RewriteEngine On
RewriteRule ^rwtest http://stackoverflow.com/ [R,L]
Then go to your site with the URL example.com/rwtest and see if you get redirected to StackOverflow. If not, something is wrong with mod_rewrite. If you do, then at least we know that piece isn't the problem.
Have you checked if it's defined in your apache configuration file (it appears that the plug is showing an excerpt from that).