Jump to content
TheCanadian

Password Protected Folder Problem

Recommended Posts

Hi all!

 

I've run into a problem and the solutions I found online are not working as expected. I have several password protected folders (using htaccess), and I've had numerous people complain that they can't log in. The reason I have found is that they are entering the url of the directory without a trailing slash, and the server is automatically redirecting them to a URL with a slash - but the URL lacks the "www", so it's treated as a different URL and thus they get the password prompt again and assume their login is wrong. So I figured I should just be able to write my own redirect to replace directory queries without slashes to redirect to a URL with a slash but using the same domain they entered (with or without www's). Seems simple... so I thought. Here's what I have for htaccess code:

 

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_URI} !/$

RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1/ [L,R=301]

 

Basically that seems to be standard code I've found multiple people using, except that I'm not hard-coding the host name to be with or without www, but just passing back the %{HTTP_HOST} they entered. What I get is totally unexpected. I actually get back in place of $1 the entire local server path to the folder they entered. Example:

 

Entering:

ht tp://www.mydomain. com/members

 

Spits back:

ht tp://www.mydomain. com//home/myuser/public_html/members/

 

Any idea what I'm doing wrong?

I basically want a way of allowing people to type in the URL like this:

ht tp://www.mydomain. com/members

and be able to enter their login, then silently be redirected to the same URL they entered with the trailing slash:

ht tp://www.mydomain. com/members/

and NOT be redirected to:

ht tp://mydomain. com/members/

 

PS - The spaces are intentional so I could represent a fictional URL with it being blotted out by the forum.

Share this post


Link to post
Share on other sites

Had a thought and tried this, and so far it seems to be working:

 

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_URI} !/$

RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI}/ [L,R=301]

 

But is there anything I'm missing, or am I not doing this the proper way? Any opinions from anyone who knows htaccess better than I do would be appreciated. Thanks!

Share this post


Link to post
Share on other sites

You are on the right track but something like this may be what you need.

 

>RewriteCond %{HTTP_HOST} !^www\.yourdomain\.ext [NC]
RewriteRule ^(.*)$ http://www.yourdomain.ext/$1/ [R=301,L]

Share this post


Link to post
Share on other sites
You are on the right track but something like this may be what you need.

 

>RewriteCond %{HTTP_HOST} !^www\.yourdomain\.ext [NC]
RewriteRule ^(.*)$ http://www.yourdomain.ext/$1/ [R=301,L]

 

I just tried that, but it does not quite work. I get redirected to the URL with 2 slashes now. So I'm guessing it's combining the server's default redirect to the non-www domain with a slash to the domain with www's and another slash? I'm going to try removing the trailing / after the $1 and see how that works...

Share this post


Link to post
Share on other sites

Didn't work. Now in my password protected folder, I get a 401 error unless I explicitly enter the trailing / in my URL, so the initial redirect to the non-www then back again must be clobbering my credentials somehow. Is there a way of simply disabling the default redirect to the non-www by way of some coding in my htaccess?

Edited by TheCanadian

Share this post


Link to post
Share on other sites

Because of the double-slash problem that showed up, I'm guessing it's just piggy-backing on the default rule instead of overriding it, so it's redirecting to non-www, then redirecting back to www. That causes the password protected area to spit out a 401 error. I *think* it's because the switch to non-www happens first, then the authentication is processed, then the switch back to www happens. I'm not sure though - that's just a guess based on what I've found about the order of events in the htaccess files.

 

So far this is the only code I've been able to get to reliably work:

 

>RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_URI} !/$
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI}/ [L,R=301]

It only works if I put it in the htaccess within the password protected folders, and after the authentication section of the htaccess file. I had to change the !-f to -d because it was trying to put a / on the end of requests for missing files too. So it seems to be working, even though I'm still confused as to why the rewrite rule was initially spitting out the server path instead of the URL.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...