htaccess not working correctly

CBG

• June 19, 2018 08:17

Hi, I install cPanel on a fresh server yestarday and noticed today that .htaccess don't appear to be working as it should. When Password protect is being used, I need to put 'RewriteEngine off' above it, for it to work. However this then breaks the Rewrite rules and they don't work. I just write out the password protect and the URL Rewite works and tried with just the Password Protect in it from AuthType down. But together they will not. I have full root access to the server, and can't seem to work it out. Here is the .htaccess. The path to the .htaccess is /home/USERNAME/dev.DOMAIN.co.uk/.htaccess RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?/$1 [L] RewriteEngine off AuthType Basic AuthName "Dev Zone" AuthUserFile "/home/USERNAME/.htpasswds/dev.DOMAIN.co.uk/passwd" require valid-user # php -- BEGIN cPanel-generated handler, do not edit # Set the "ea-php70" package as the default "PHP" programming language. AddType application/x-httpd-ea-php70 .php .php7 .phtml # php -- END cPanel-generated handler, do not edit

• 

  Jcats

  • June 19, 2018 13:37

  What if you place the rules above the rewrites?

  0
• 

  CBG

  • June 19, 2018 13:43

  If I put the password protect above the rewrite rules, it ask for username and password, but when you press cancel, it starts to load the page and not give a 401, same if I remove RewriteEngine off It weird not seen this before. Also if I put the below at the top, it doesn't work either, just starts to load the page order deny,allow deny from all allow from 127.0.0.1 allow from 192.168.1.5 allow from 192.168.1.6
  The 192.168.1.* are replaced with really ips

  0
• 

  Jcats

  • June 19, 2018 13:44

  Then add: Errordocument 401 default right below the htpasswd rules like AuthType Basic AuthName "Dev Zone" AuthUserFile "/home/USERNAME/.htpasswds/dev.DOMAIN.co.uk/passwd" require valid-user Errordocument 401 default RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?/$1 [L]
  

  0
• 

  CBG

  • June 19, 2018 13:48

  Thank you, that did the trick :) Feel like a complete doughnut

  0
• 

  cPanelMichael

  • June 19, 2018 17:38

  Hello @CBG, I'm glad to see that modification helped. Note that I did try reproducing this behavior. I tested with an account using the following entries in the /home/user/public_html/.htaccess file: # php -- BEGIN cPanel-generated handler, do not edit AddHandler fcgid-script .php .php7 .phtml # php -- END cPanel-generated handler, do not edit RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?/$1 [L]
  I setup two test files in /home/user/public_html/ named index.php and test.php. I then browsed to cPanel >> Directory Privacy and password protected the public_html directory. Upon doing so, the .htaccess file was updated to: # php -- BEGIN cPanel-generated handler, do not edit AddHandler fcgid-script .php .php7 .phtml # php -- END cPanel-generated handler, do not edit RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?/$1 [L] AuthType Basic AuthName "123" AuthUserFile "/home/user/.htpasswds/public_html/passwd" require valid-user
  I confirmed that authentication was required, and when entered, the redirects worked as expected. Additionally, failed authentication attempts correctly showed the unauthorized page. Were there any differences to how you tested this? Thank you.

  0
• 

  CBG

  • June 19, 2018 20:11

  Hi, The only different it was on a sub-domain and that the PHP to use was at the bottom. The sub-domain was located outside of the public_html folder, so was in /home/USERNAME/dev.DOMAIN.co.uk/.htaccess Thanks

  0
• 

  cPanelMichael

  • June 20, 2018 14:57

  Hi, The only different it was on a sub-domain and that the PHP to use was at the bottom. The sub-domain was located outside of the public_html folder, so was in /home/USERNAME/dev.DOMAIN.co.uk/.htaccess Thanks

  
  Hi Garry, I tested the scenario with a subdomain as well, and confirmed it continued to work properly. Here's a look at the .htaccess file used in the subdomain's document root: RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?/$1 [L] # php -- BEGIN cPanel-generated handler, do not edit AddHandler fcgid-script .php .php7 .phtml # php -- END cPanel-generated handler, do not edit AuthType Basic AuthName "123" AuthUserFile "/home/user/.htpasswds/public_html/test1/passwd" require valid-user
  Do you have another .htaccess file in the parent directory (e.g. public_html/.htaccess) with additional rewrite rules that are inherited by the subdirectory? Thank you.

  0
• 

  CBG

  • June 20, 2018 15:05

  Hi, Yes I have the below .htaccess in home/USERNAME/public_html/ RewriteEngine on RewriteCond %{HTTP_HOST} ^(www.)?DOM-AIN.co.uk$ [NC,OR] RewriteCond %{HTTP_HOST} ^(www.)?DOM-AIN.uk$ [NC,OR] RewriteCond %{HTTP_HOST} ^(www.)?DOMAIN.uk$ [NC,OR] RewriteCond %{HTTP_HOST} ^DOMAIN.co.uk$ [NC] RewriteRule ^(.*)$ https://www.DOMAIN.co.uk/$1 [R=301,L] RewriteCond %{HTTPS} off RewriteRule (.*) https://www.DOMAIN.co.uk/$1 [R=301,L] RewriteCond %{HTTP_USER_AGENT} libwww-perl.* RewriteRule .* " [F,L] FileETag none Options All -Indexes SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding AddOutputFilterByType DEFLATE "application/atom+xml" \ "application/javascript" \ "application/json" \ "application/ld+json" \ "application/manifest+json" \ "application/rdf+xml" \ "application/rss+xml" \ "application/schema+json" \ "application/vnd.geo+json" \ "application/vnd.ms-fontobject" \ "application/x-font-ttf" \ "application/x-font-opentype" \ "application/x-font-truetype" \ "application/x-javascript" \ "application/x-web-app-manifest+json" \ "application/xhtml+xml" \ "application/xml" \ "font/eot" \ "font/opentype" \ "font/otf" \ "image/bmp" \ "image/svg+xml" \ "image/vnd.microsoft.icon" \ "image/x-icon" \ "text/cache-manifest" \ "text/css" \ "text/html" \ "text/javascript" \ "text/plain" \ "text/vcard" \ "text/vnd.rim.location.xloc" \ "text/vtt" \ "text/x-component" \ "text/x-cross-domain-policy" \ "text/xml" AddEncoding gzip svgz ExpiresActive On ExpiresDefault A0 ExpiresDefault A691200 Header set Cache-Control "max-age=691200" RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?/$1 [L] # php -- BEGIN cPanel-generated handler, do not edit # Set the "ea-php70" package as the default "PHP" programming language. AddType application/x-httpd-ea-php70 .php .php7 .phtml # php -- END cPanel-generated handler, do not edit # BEGIN cPanel-generated php ini directives, do not edit # Manual editing of this file may result in unexpected behavior. # To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor) # For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI) php_flag display_errors Off php_value max_execution_time 90 php_value max_input_time 60 php_value max_input_vars 1000 php_value memory_limit 256M php_value post_max_size 256M php_value session.gc_maxlifetime 1440 php_value session.save_path "/var/cpanel/php/sessions/ea-php70" php_value upload_max_filesize 256M php_flag zlib.output_compression Off # END cPanel-generated php ini directives, do not edit
  Then for the sub-domain, the .htaccess in my first post.

  0
• 

  cPanelMichael

  • June 20, 2018 16:20

  Hello, It looks like those rules are the culprit. It's always a good idea to exclude a specific subdirectory from your Mod_Rewrite rules if you don't want them applied. Here's a StackOverflow URL with an example of how to do this: How to stop sub directory inheriting parent's htaccess rules Thank you.

  0

Please sign in to leave a comment.