1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 12:28 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Joomla .htaccess and SEF

.htaccess SEF

         

xeont

5:11 am on Oct 3, 2010 (gmt 0)

10+ Year Member



hi everyone,

im using this .htaccess to redirect to http and https and back.. it is working find until i turn on SEF, when i turn on SEF, .htaccess conditions does NOT apply to the website, its stays on http, no effect from .htaccess conditions, i tried Jooma built in SEF and Sh404SEF, both does the same,

any idea how to fix this

#
# @version $Id: htaccess.txt 14401 2010-01-26 14:10:00Z louis $
# @package Joomla
# @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
# @license [gnu.org...] GNU/GPL
# Joomla! is Free Software
##


#####################################################
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################

## Can be commented out if causes errors, see notes above.
#Options +FollowSymLinks

#
# mod_rewrite in use

RewriteEngine On


RewriteBase /

#into the site to HTTPS
# Activate the rewrtite module

# if is not an access from 443 port
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{QUERY_STRING} (option=com_contact)+ [OR]
RewriteCond %{QUERY_STRING} (option=com_user)+
RewriteRule (.*) [%{SERVER_NAME}%{REQUEST_URI}...] [L,R]

##into the site to HTTP
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{QUERY_STRING} (option=com_agora)+ [OR]
RewriteCond %{QUERY_STRING} (option=com_content)+
RewriteRule (.*) [%{SERVER_NAME}%{REQUEST_URI}...] [L,R]



########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
## Deny access to extension xml files (uncomment out to activate)
#<Files ~ "\.xml$">
#Order allow,deny
#Deny from all
#Satisfy all
#</Files>
## End of deny access to extension xml files
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits

# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root)



########## Begin - Joomla! core SEF Section
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC]
RewriteRule (.*) index.php
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
#
########## End - Joomla! core SEF Section

thanks

g1smd

7:58 am on Oct 3, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



The HTTP/HTTPS part of the code is dangerous, as it generates a 302 redirect, not a 301. It looks at part of the query string value. Once you turn on SEF URLs, you're no longer using query strings in URLs, so it no longer works. The patterns in that code will need to be modified to match whatever is in the SEF URLs.

Additionally, the HTTP/HTTPS code should appear after the block of code that blocks common exploits, not before it.

Finally, the code in the "core SEF" section is very inefficient, and should be enhanced. A recent thread has the details.

[webmasterworld.com...] [webmasterworld.com...]

xeont

5:51 pm on Oct 3, 2010 (gmt 0)

10+ Year Member



thank you very much g1smd for your reply, do you know how to get this to work?

thank you.

g1smd

9:17 pm on Oct 3, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Yes, the current ruleset looks at part of the query string value. Once you turn on SEF URLs, you're no longer using query strings in URLs, so it no longer works. The patterns in that code will need to be modified to match whatever is in the SEF URLs.

Since you haven't supplied any example URLs, there's no way to suggest what the new patterns should be.

g1smd

1:01 pm on Feb 20, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



See also: [webmasterworld.com...]
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 12:28 am May 2, 2026