Infinite Loop on Login Page SSL RewriteRule! - Apache Web Server forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Infinite Loop on Login Page SSL RewriteRule!

peterski

2:27 pm on Aug 22, 2008 (gmt 0)

10+ Year Member

1. What I'm trying to accomplish is to have all requests to the '/adminlogin.php' file redirected to use SSL (https://).

2. If already using https then do nothing

3. After any successful RewriteRule or a direct SSl access to adminlogin.php I'd like all other links to default BACK to http:// (no SSL) unless they are specifically referenced their HTML code as a secure link using <a href='https://...

Can anyone see what I'm doing wrong here below?

Thanks

Peter

.htaccess
/*--------------------------------------------------------*/
Options +FollowSymLinks
RewriteEngine On
RewriteBase /

# If HTTPS request - Works! - Needed to put '()' round the RewriteCond filename!
RewriteCond %{HTTPS} on
# redirect non-login requests to HTTP
RewriteCond %{REQUEST_URI} !(adminlogin\.php)
RewriteRule ^(.+)$ [%{HTTP_HOST}...] [R=301,L]

# If not HTTPS request - Works!
RewriteCond %{HTTPS} off
# redirect login requests to HTTPS
RewriteRule ^(adminlogin.php)$ [%{HTTP_HOST}...] [R=301,L]
/*--------------------------------------------------------*/

jdMorgan

2:53 pm on Aug 23, 2008 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Please describe how this code was tested, what results were obtained, and how those results differed from your expectations. Since both rules are marked "Works!" and no description of the problem is given, it's a bit difficult to guess which might fail or why.

Jim

peterski

4:54 pm on Aug 23, 2008 (gmt 0)

10+ Year Member

Sorry about the lack of clarity. Last night it was just looping saying "Your about to view pages over a secure connection", with a click OK or Cancel button. Then immediately followed by, "Your about to leave a secure page" with OK or Cancel button - words to that effect in IE6. Today - it works perfectly!

The only thing I may have changed last night is that on the 1st rule I had previously written [%{HTTP_HOST}%{REQUEST_URI}...] and now I have [%{HTTP_HOST}...] (with the $1).

Would this have made the difference?

PB

jdMorgan

5:39 pm on Aug 23, 2008 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

I'd suggest:


Options +FollowSymLinks
RewriteEngine on
#
# If HTTPS request
RewriteCond %{HTTPS} ^on$ [NC]
# redirect non-login requests to HTTP
RewriteCond %{REQUEST_URI} !^/adminlogin\.php$
RewriteRule (.*) http://%{HTTP_HOST}/$1 [R=301,L]
#
# If not HTTPS request
RewriteCond %{HTTPS} ^off$ [NC]
# redirect login requests to HTTPS
RewriteRule ^adminlogin\.php$ https://%{HTTP_HOST}/adminlogin.php [R=301,L]

Be aware that the variable "HTTPS" is not always available on all server set-ups. You may wish to try using
"%{SERVER_PORT} ^443$" instead of "%{HTTPS} on", and
"%{SERVER_PORT} !^443$" instead of "%{HTTPS} off"

If this does not help, you might want to look at the browser requests and server responses using the Live HTTP Headers add-on for Firefox/Mozilla browsers. This may give you some insight as to where/when the unexpected redirect is occurring. There is the possibility that you have one or more redirects in the php code itself that are countermanding these in .htaccess.

Also, to the extent possible, correct the links on your site so that pages and object links/URLs refer to the "correct" http/https protocol. If all the links were correct, then you likely wouldn't need this redirect code, except to clean up search engine results for pages that were spidered before the links were corrected, and to catch "type-ins" and bookmarks of incorrect URLs.

Jim

peterski

10:44 am on Aug 24, 2008 (gmt 0)

10+ Year Member

I think the problem was a redirect in one of my PHP files like you rightly suggested.

Unfortunately, the redirects are necessary because people don't type [,...] they just type the domain name and hit enter which defaults in most browsers to http://

Again, thanks a lot. I love your site by the way, the help is in-valuable!

Peter B