Forum Moderators: phranque
I'm using the following non-www to www mod_rewrite solution in my root .htaccess file:
RewriteEngine on
Options +FollowSymLinks
RewriteCond %{HTTP_HOST} ^domain\.com [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]
What I get is a 301 redirect which causes a 401 Authorization Error.
Is there a reason why this shouldn't work with password protected directories?
I've read the documentation, the rewrite guide, and all the relevant posts on this site. So, I understand how mod_rewrite works but I'm far from an expert. I couldn't find any reason why it shouldn't work.
Here is the .htaccess file that is in the password protected directory:
AuthType Basic
AuthName "Protected Area"
AuthUserFile /home/domain/.htpasswds/protected/passwd
require valid-user
DirectoryIndex protected.php
HTTP/1.1 301 Moved Permanently
Date: Thu, 26 Jan 2006 22:32:26 GMT
Server: Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 PHP/4.3.11 mod_bwlimited/1.4 mod_log_bytes/1.2 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7a
WWW-Authenticate: Basic realm="Protected Area"
Location: http://www.domain.com/error-docs/401.html
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
Any suggestions would be great.
Welcome to WebmasterWorld!
From the highest-level view, the problem is that authentication is domain-specific, and www.example.com is not considered to be the same domain as example.com. In fact, www.example.com is a subdomain of example.com. The 'authorization status' is controlled by your browser -- It will only send your authentication to the same domain that it was received from.
I assume that you are trying to do the non-www to www- redirect before 'logging in.' If this is that case (and only if this is the case), then your problem may be solved by placing the directive
RewriteOptions inherit
If, however, you have already 'logged in' to example.com, then you shouldn't expect that login to be valid for www.example.com -- you should re-arrange the code to redirect first, and then log in (and use the fix above if it still doesn't work).
Also, if you have configured this server yourself, and it's an Apache 1.x server, make sure that mod_auth is loaded before mod_rewrite. Module execution order is the reverse of the module load order, and since you want the redirect to occur before someone logs into the non-anonical domain, you need mod_rewrite to run first.
Jim
Apache normally redirects rquests for a directory without ending slash to a URL with the slash, but it removed 'www' at the same time.
If so, you can usually avoid it by using URL with the trailing slash.
You can also use code for remedy this situation.
Example:
(Normally, this code should be the first rule, in the .htaccess of docroot.)
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d
RewriteRule ^/*(.*[^/])$ [%{HTTP_HOST}...] [L,R=301]
However, this example checks if the URL is for a directory or not,
which uses a system call supposedly a little heavy.
(It depends on point of view, though.)
So, I usually use this:
RewriteRule ^/*(.+/)?([^.]*[^/])$ [%{HTTP_HOST}...] [L,R=301]
This one uses the fact that I don't use periods in the directory name while all other requests for files has at least one period (fue to the extension).
And it allows me to avoid (somewhat costly) -d check.
If you want to cover both http and https:
Options +FollowSymlinks
RewriteEngine On
RewriteCond s%{HTTPS} ^((s)on¦s.*)$ [NC]
RewriteRule ^/*(.+/)?([^.]*[^/])$ http%2://%{HTTP_HOST}/$1$2/ [L,R=301]
If you use other RewriteRules, such as the rule for "Short URL",
you need to think the order you place all rules very carefully.
PS.
You may want to read this thrad and the link in it for more examples.
[webmasterworld.com...]
If you have access to httpd.conf (or Apache2.conf), you may want to put rules in it rather than .htaccess.
When I have a chance to get back to this problem I'm sure your replies will prove useful.
