Move your external redirects (those with a hostname and [R=301,L] in the rewriterule) above your internal rewrite rules, to avoid exposing the filepaths as a URL by redirecting after a rewrite.

You could save a lot of bother by re-arranging your "allow/deny" sections and using "Order Deny,Allow" instead. See Apache mod_access for details.

Note that while you are controlling access for most common HTTP methods, you are not doing so for some of the more-obscure ones. See the LimitExcept directive in Apache core documentation.

Your "^(.*)-p-(.*).html$" patterns can be horribly inefficient. Without seeing some example URL-paths, it's not possible to provide a guaranteed replacement, but if each URL-path has only two hyphens, then "^([^-]+)-p-([^.]+)\.html$" will be dozens to thousands of times faster depending on the length of the requested URL-path. Avoid using multiple ".*" subpatterns at all costs unless you can afford an early server upgrade.

Jim

Certainly move the redirect to be listed before any of the rewrites.

The rewrites each also need the [L] flag adding on the end.

OK, so I now have this:

IndexIgnore .htaccess */.?* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
#The next line modified by DenyIP
order allow,deny
#The next line modified by DenyIP
#deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName www.mysite.com
AuthUserFile /home/mysite/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/mysite/public_html/_vti_pvt/service.grp

Options +FollowSymLinks
RewriteEngine On
RewriteBase /store
RewriteCond %{HTTP_HOST} ^mysite\.com$ [NC]
RewriteRule ^(.*) http://www.mysite.com/store/$1 [QSA,L,R=301]
RewriteRule ^(.*)-p-(.*).html$ product_info.php?products_id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-c-(.*).html$ index.php?cPath=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-m-(.*).html$ index.php?manufacturers_id=$2&%{QUERY_STRING} [L]
<Files 403.shtml>
order allow,deny
allow from all
</Files>

Still giving me the same problem, tho :(

You do need to fix those double (.*) patterns.

Is this an OSC or ZC site?

There's a load of other issues you'll also need to address at some point.

yes, it's an OSC.

I'm still totally stuck on this. With no disrespect intended, I asked how to do one thing, and pretty much got told I need to do something else, but wasn't told how to do that either, lol.

You guys know this stuff a trillion times better than I do, so if you say the other stuff needs addressed, then I'm sure it does. If I could first figure out how to do what I initially asked about, I will certainly try to then tackle the other issues.

So, can anyone help me with my original query?

Sorry you feel slighted. I suspect that you think this problem is simpler than it really is.

Other than the hundreds-to-thousands-of-times-slower-than-optimum multiple-dot-star regex patterns, there's nothing remaining in this file that looks particularly suspect, except that you should not need to include "/store" in the substitution path if it's already declared as the RewriteBase.

Be sure that there are no internal rewrites whatsoever in the "main" .htaccess file that apply to these /store requests. If there are, then you still have a rules-order problem, because any internal rewrite occurring before an external redirect is invoked will result in the internally-rewritten filepath being 'exposed' to the client as a URL.

Analyze all of your .htaccess files from the root directory down, and apply this general rule across all rules in all files - taken as a single group:

All access control rules should go first, followed by all external redirects ordered from most-specific patterns and conditions (fewest URLs affected, e.g. single-page redirects) to least-specific patterns and conditions (more URLs affected -- e.g. domain canonicalization rules). Finish up with all internal rewrites, again in order from most- to least- specific.

Following that guideline will likely require you to move some rules between your .htaccess files.

Alternately, you can copy all of the required rules from the main .htaccess file into the lower-level .htaccess files, and set "RewriteOptions none" in order to override "RewriteOption Inherit" -- the likely current setting.

If that is unworkable, then you will need to move *all* redirects from lower level .htaccess files up into the main .htaccess file, modifying them to make them explicitly contingent on requests to the appropriate subdirectory. In this case, that would mean adding "store/" to the beginning of each of your rules patterns.

Jim