logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Directory Privacy and mod_rewrite
Author
michon



Joined: 27 Feb 2018
Posts: 1
Location: UK, Notts

PostPosted: Thu 28 Jun '18 11:53    Post subject: Directory Privacy and mod_rewrite Reply with quote

Apache 2.4 htaccess RewriteRule issue

Just recently updated our server to Apache 2.4 from 2.2 and have had some issues with password protected directories.
The accounts affected on the server are all staging accounts.
We create a staging account as subdomain of our staging domain (clientname.example.com) then password protect the root directory (public_html) via cPanel’s ‘Directory Privacy’ option.

All this worked fine when the server ran Apache 2.2, if you hit the sub domain then see the Apache login box and you’d be asked to enter the username and password. Wrong password, cancel or no credentials entered would result in a default server ‘Authorisation Required’ message.

But since updating to Apache 2.4 when you hit a sub domain the Apache login box still appears but if you cancel it or just click login without entering any credentials you still get taken to the ‘protected’ website and are able to see all text content but it’s unstyled all links, css js and images, result in a 404.

After talking to our server manager he say the issue is the WordPress htaccess RewriteRules. It overrides Apache showing the usual .shtml files.
We’ve found a work around by adding a new RewriteCond:
Code:
RewriteCond %{REQUEST_FILENAME} !.shtml$

But that gets over written each time we access the permalink page of WP admin.

Has anyone had the same issue and found another fix?
Or has anyone got another advice?

We've tested it on non WordPress sites and same issue happens, is it an Apache / mod_rewrite issue?

Full rewrite block:
Code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !.shtml$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>



WP version - 4.9.6

Server info:
cPanel Version - 68.0 (build 29)
Apache Version - 2.4.29
PHP Version - 5.4.45
MySQL Version - 5.5.58-cll
Architecture - x86_64
Operating System - linux

AlowOverrides All
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Thu 18 Oct '18 10:38    Post subject: Reply with quote

RewriteCond %{REQUEST_URI} !^/(.*)\.shtml(.*)$
Back to top


Reply to topic   Topic: Directory Privacy and mod_rewrite View previous topic :: View next topic
Post new topic   Forum Index -> Apache