htaccess / Redirection & authentificaion conflict - Apache Web Server forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

htaccess / Redirection & authentificaion conflict

fabaroulettes

3:19 pm on Nov 10, 2009 (gmt 0)

10+ Year Member

Hello,
(first msg here, so... double hello !)

I've been working on this for two days... i'm going to kill myself !

My situation :
- a primary domain, let's say base-domain.com
- a subdomain, let's say example.com

I've a first htaccess in the root directory of example.com, that :
- redirect example.base-domain.com to example.com
- adds www
- adds a trailing slash

Here it is :


Options +FollowSymLinks
RewriteEngine On
RewriteBase /
##Adding trailing slash
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ http://www.example.com/$1/ [L,R=301] 
##Going to www.example.com
RewriteCond %{HTTP_HOST} ^example.base-domain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.example.base-domain.com$ [OR]
RewriteCond %{HTTP_HOST} ^example.com$ 
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]

And... it works fine :)
for example, http://example.base-domain.com/test goes to http://www.example.com/test/

Perfect !

The problem is when I try to secure a directory with htaccess authentification.

If I put the following classic htaccess in the "admin" directory :


AuthUserFile /home/xyz/xyz/admin/.htpass
AuthName "Identification obligatoire"
AuthType Basic
Require valid-user

I can't access http://www.example.com/admin/ : I get an error 301 (too many redirection).

If I remove the first (redirection) htaccess, the authentification works, but nothing is redirected.

If I remove the second (authentification) htaccess, the redirections work, but I can't access admin at all ! (it's a bit too secured).

So... is there a solution ?!?

THANK YOU

[edited by: jdMorgan at 3:33 pm (utc) on Nov. 10, 2009]
[edit reason] example.com [/edit]

jdMorgan

3:51 pm on Nov 10, 2009 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Let's try cleaning up your code, making it more efficient, and adding an exclusion for .htpass files:


Options +FollowSymLinks
RewriteEngine on
#
# Add missing trailing slash
RewriteCond $1 !\.htpass
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*[^/])$ http://www.example.com/$1/ [R=301,L]
#
# Force canonical www.example.com domain
RewriteCond %{HTTP_HOST} ^(www\.)?example\.base-domain\.com [NC,OR]
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

The following domain canonicalization is much more robust, handling FQDN hostnames and appended port numbers, but allows only one hostname to be used on this server:


# Externally redirect non-canonical hostname requests to single canonical domain
RewriteCond %{HTTP_HOST} !^www\.example\.com$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

Note that you may wish to add more exclusions to the 'trailing slash' redirect; Realize that your original code invokes a check of the server filesystem for each and every HTTP request to your server. This is slow, and uses a lot of server resources. Even with the improvements shown above -- checking only if there is no trailing slash, and doing the filesystem check only after all other checks, it is still fairly inefficient. Consider by-passing the check if the request_filename contains a period in the final path-part, or any other method you can think of consistent with your URL- and filesystem- naming conventions.

An example pattern to exclude filepaths with periods in the final part would be "!^([^/]*/)*[^./]*\."

Note that this pattern would also exclude .htpass and .htaccess files, so the separate .htpass exclusion would not be required if you used this one.

Jim

fabaroulettes

4:09 pm on Nov 10, 2009 (gmt 0)

10+ Year Member

thank you for your answer !

I've made the changes you proposed, but I still have my authentification problem :(

If it can help, the real situation is here :
<snip>

And the reason why I add a trailing slash, is because by default, http://www.example.com/test goes to http://example.base-domain.com/test !
And, as I notices that it works with test/, I added this trailing slash trick.

thanx

[edited by: jdMorgan at 4:22 pm (utc) on Nov. 10, 2009]
[edit reason] No domains, e-mails or IMs, please. See TOS and forum charter. [/edit]

jdMorgan

4:26 pm on Nov 10, 2009 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Check to be sure that you *do not* have a custom 401 document handler pointed to a non-canonical domain name. For example, this is wrong in two ways:


ErrorDocument 401 http://example.com/login-please.html

The directive refers to a domain, and that domain is non-canonical.

This is correct:


ErrorDocument 401 /login-please.html

Here only a local filepath is referenced.

Jim

fabaroulettes

4:37 pm on Nov 10, 2009 (gmt 0)

10+ Year Member

sorry about the links in my previous posts.

I can't find any ErrorDocument... in the htaccess i've access to.
Could it be in a higher level htaccess, managed by my web hoster ?

thanx

fab

fabaroulettes

4:50 pm on Nov 10, 2009 (gmt 0)

10+ Year Member

wow !

I think I've found a solution (even if i don't really understand...) :

I've added 'ErrorDocument 401 /admin/' at the begenning of my authentificaion htaccess (in the directory /admin/) and it seems to work !