Forum Moderators: phranque
Here is the file:
----------------START .htaccess-----------------
directoryindex index.php
ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
<Limit GET PUT POST>
deny from 216.***.105.94
deny from 66.***.40.10
deny from 213.**.128.0/17
</Limit>
Options -Indexes
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/[^\.]+[^/]$
RewriteRule ^(.*)$ [%{HTTP_HOST}...]
RewriteCond %{HTTP_HOST}!^www\.
RewriteRule ^(.*)$ [%{HTTP_HOST}...] [R=301,L]
RewriteCond %{HTTP_HOST} kd.example.com
RewriteCond %{REQUEST_URI}!kd/
RewriteRule ^(.*)$ kd/$1 [L]
.
.
.
RewriteCond %{HTTP_HOST} mo.example.com
RewriteCond %{REQUEST_URI}!mo/
RewriteRule ^(.*)$ mo/$1 [L]
----------------END .htaccess-----------------
The problem I'm having is with subdirectories that are password protected using .htaccess (not the above .htaccess, obviously). If I enter an incorrect password it prompts me for the password again.. everything looks okay. But sometimes, when I enter the correct password it immediately directs me to the 401 error page. It is highly dependent on the syntax of the URL.
For example:
Using username: test
Using password : test
[example.com...] - loads fine
[example.com...] - 401 error
<snip>
I think there's a nasty loop happening here somewhere.
Can someone PLEASE point out the err of my ways?!
Thanks for any help!
Bret
[edited by: jdMorgan at 9:19 pm (utc) on Feb. 4, 2005]
[edit reason] Removed specifics, please see TOS. [/edit]
Welcome to WebmasterWorld!
I'd like to ask that you review the WebmasterWorld Terms of Service, and the Charter for this forum. The links are at the bottom center and top left of this page, respectively.
The main problem that I see with this code is that your syntax for {REQUEST_URI} is wrong. You must specify the leading slash in order to get a match. So, your loop-prevention is not working now. You should also escape the literal periods in the hostnames used in your {HTTP_HOST} checks.
RewriteEngine On
#
# Redirect adding trailing slash if missing
RewriteCond %{REQUEST_URI} ^/[^\.]+[^/]$
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1/ [R=301,L]
#
# Redirect adding leading www to domain or any subdomain if missing
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
#
# Redirect subdomains to subdirectories
RewriteCond %{HTTP_HOST} kw\.example\.com
RewriteCond %{REQUEST_URI} [b]!/k[/b]w/
RewriteRule ^(.*)$ /kw/$1 [L]
.
.
.
RewriteCond %{HTTP_HOST} mo\.example\.com
RewriteCond %{REQUEST_URI} [b]!/m[/b]o/
RewriteRule ^(.*)$ /mo/$1 [L]
# Redirect adding leading www to root domain if not subdomain specified
RewriteCond %{HTTP_HOST} ^domain\.com
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]
Jim
<snip>
[edited by: jdMorgan at 8:59 pm (utc) on Feb. 7, 2005]
[edit reason] Removed specifics. See TOS. [/edit]
There are several possible work-arounds, depending on how your site is structured. For example, bring people into the site on a public page, redirect to the other domain if necessary, and then authenticate.
The easiest cure is to control your inbound and internal links, and make sure you get the ones that point to the wrong domain fixed as soon as possible.
Jim
