Forum Moderators: phranque
I was wondering if anyone can help me here.
A few months ago, i made my profiles available by doing the following .htaccess in my public_html folder.
RewriteEngine on
RewriteRule ^profile_(.*).html index.php?page=view_profile&id=$1
This has worked fine. However, I now want to run a number of cgi programs from the cgi-bin directory, (chiefly for movabletype) but that brings up a 403 forbidden notice.
If i change it to
Options +FollowSymLinks
RewriteEngine on
RewriteRule ^profile_(.*).html index.php?page=view_profile&id=$1
then this then sets up the whole site to be a 500 error.
Can I have some advice please. Should I be writing some sort of exclude, or a condition? My last problem was with mod_rewrite, and I find it very hard to write and understand this code, so advance apologies for my stupidity, and any advance is greatly appreciated.
I have looked through the forum, but can't seem to find a specific answer to this.
If I could just have a specific condition for cgi-bin, that would be ideal
Many thanks
If your mod_rewrite code worked before without the Options directive, then you don't need to add it; If mod_rewrite works without it, then this option has already been set in the server configuration.
The issue of running cgi-bins shouldn't have anything to do with your existing code, but you may need to add some directives to "turn it on". Your best bet here is to read your host's FAQ pages to see what's needed beyond the settings they've already made for you.
Jim
I've already contacted them and they have suggested an exclude of some sort would be the best option. I don't know enough about this topic to know what I should be asking them for, to be honest.
If i could allow an condition which would exempt any access like:
www.mysite.com/cgi-bin/any.cgi
that would ideal....is this possible, or have i completely got the wrong end of the stick?
Many thanks
James
The only way your .htaccess code will affect your cgi-bin programs is if you install that .htaccess code in your cgi-bin directory, and name your cgi programs "profile_<something>.html". In other words, your RewriteRule already excludes any file with a name other than profile_<something> and this .htaccess code is not installed in your cgi-bin directory anyway.
So this is not the same problem. The 500 error was likely caused by having the unneccessary Options directive in your .htaccess. The 403 error is telling you that you have an access restriction on your cgi-bin directory, and that is the real problem -- Based on what I see here, anyway...
Jim
I see your point. But when i remove
RewriteEngine on
RewriteRule ^profile_(.*).html index.php?page=view_profile&id=$1
then I can access the cgi-bin programs without a problem. When i replace it then it goes straight back to 403.
when i add
Options +FollowSymLinks
then it goes straight to a 500 error whatever the requested page. Once removed the site is fine, save for the 403 on cgi-bin
What do you think I should ask. I have no problem accessing and running cgi in /cgi-bin without the .htaccess.
If I can get hold of the error logs, would that help?
Thanks for the ongoing advice, is greatly appreciated
James
What do you think I should ask. I have no problem accessing and running cgi in /cgi-bin without the .htaccess.
I'd ask: I have no problem accessing and running cgi in /cgi-bin without the .htaccess. Why is that?
If I can get hold of the error logs, would that help?
That certainly would, if there's anything in there.
Jim
OK – for the 403
[Mon Feb 2 05:00:08 2004] [error]
Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /home/myusername/myusername/public_html/cgi-bin/cgi.test
and the 500
[Mon Feb 2 04:57:41 2004] [alert] /home/myusername/myusername/public_html/.htaccess: Options not allowed here
Thanks
James
Well, it looks like you're stuck; mod_rewrite can't run without FollowSymLinks enabled, and your server is configured with FollowSymLinks disabled and also with permission to use Options (to enable FollowSymLinks) denied.
Contact your host and tell them you need Options privileges. If they won't let you have them, it's time to change hosts. :(
Jim
I'll contact them. But one thing i'm still not sure about
mod_rewrite can't run without FollowSymLinks enabled
But it is working with the profile_*.html etc rewrite. So why is it working only partially.
So shall i just ask for FollowSymLinks to be enabled?
and how can i check when it is enabled
I know i keep saying thanks, but i do appreciate it. I can decipher php when necessary but mod_rewrite etc is indecipherable for me.
James
FollowSymLinks is apparently only enabled for the one directory where it works now without your intervention. Either that, or maybe they have set FollowSymLinksIfOwnerMatch. You need FollowSymLinks enabled globally, or you need privileges to use Options to enable it where you need it -- Either approach would work, but it's a matter of your preference and what your host will allow. Given a choice, I would prefer to have Options privileges.
Jim
Am talking to them now - and thinking about moving hosts.
Having looked at my code, I would like to make it subject to RewriteCond.
Original code was
RewriteEngine on
RewriteRule ^profile_(.*).html index.php?page=view_profile&id=$1
I tried to bring in a RewriteCond, so changed it to
RewriteEngine on
RewriteCond % {REQUEST_URI} ^/index.php?page=view_profile&id=$1
RewriteRule ^profile_(.*)\.html [L]
....and unsurprisingly, i'm getting
RewriteCond: bad flag delimiters
I'm not doing this to resolve the 403/500 problem, I just want to use more RewriteRule in future, but subject to conditions.
Many thanks
James
That code won't work for several reasons. First, you have a space between "%" and {REQUEST_URI}, which causes the "bad flag delimiter" error.
Next, you have two different URIs required by the same rule, which means the rule will never be applied because the requested URI cannot be both "/index.php?page=view_profile&id=$1" and "/profile_(.*)\.html" at the same time.
Finally, %{REQUEST_URI} cannot be used to test a query string, because a query string is not treated as part of a URI in Apache; it is simply an attached "piece of data" to be passed to the script at that URI. The "?" delimits the query string from the URI itself, and is not part of either. To test for the query string you've shown, you must use
RewriteCond %{QUERY_STRING} ^page=view_profile&id=(.*)$ I strongly suggest that you download, print, read, and save for ready reference the Apache mod_rewrite documentation [httpd.apache.org], the Apache URL Rewriting Guide [httpd.apache.org], and a Regular Expressions reference such as Steve Ramsay's Guide to Regular Expressions [etext.lib.virginia.edu]. Apache mod_rewrite is completely unforgiving of errors and accepts almost no variation of formatting "style." It requires precision and attention to detail, and you cannot get by without that documentation unless -- by some rare chance -- a snippet of code you find posted here actually works on your server without any modification. As the author of a fair amount of it, I can tell you that that happens only rarely. I will also readily admit to having that documentation sitting right here in front of me in a 3-ring binder a good part of the time I'm working on my own code.
I have physically worn out three copies of the documentation cited above, and I still use it often, just to make sure I never see those pesky 500-Server Error messages... OK, so I don't see them too often. ;)
If you have the time, download the entire Apache documentation set - It's free!
Jim
Looks like I'm downloading then :).
Thanks for your help - it's a great forum here.
James
