Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

.htaccess dilemna - not sure how to fix


technoczech

Recommended Posts

Hi,

 

During development, I used subdomain.domain.com and everything worked.

Moving to live, the files are under www, but I wanted to use domain.com, and that's making certain functionalities not work as follows.

 

I got a dedicated SSL certificate for domain.com, so I have this in my htaccess, and my SSL works fine:

 

**# Redirect www.domain.com to domain.com**

 

RewriteCond %{HTTP_HOST} ^www.domain.com [NC]

 

RewriteRule ^(.*)$ http://domain.com/$1 [L,R=301]

 

However for some reason that breaks some other functionality where a form gets reposted and I can't figure out why. But if I change htaccess to this:

 

**# Redirect domain.com to www.domain.com**

 

RewriteCond %{HTTP_HOST} ^domain.com [NC]

 

RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]

 

then the broken functionality works, but the SSL doesn't.

 

Before I go invest in an SSL for www.domain.com, I wanted to check with the experts here to see if there is something simple I can do to my htaccess file to make both scenarios work.

 

Many thanks in advance!

Link to comment
Share on other sites

I suspect your issue is you have www. in your configure files, remove it to fix.

 

Your redirect will not pass post vars used in most osC forms, hence forms issue.

 

you can add the rule

 

RewriteCond %{THE_REQUEST} !^POST

 

To avoid redirects if post vars exist, but the configure file fix should sort it for you. biggrin.gif

 

 

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Ugh, I've got another one now.

 

Now, when I click Continue on my contact_us page, it says forbidden.

At first I thought it was because I was using https for the initial contact_us, and then pressing continue was going to http. But I fixed it so the redirect goes to https, and it still says forbidden.

 

So first it's:

https://mydomain.com/contact_us.php

Click continue and it goes to:

https://mydomain.com/contact_us.php?action=success&SRsid=a46d918c<removedportionofsid>bbdad798

 

Here's the entire htaccess file, if it helps. I don't see anything specifically for contact_us, but I would be lying if I said I totally understood everything in it. I tried adding RewriteCond %{THE_REQUEST} !^POST just in case, but it didn't fix it.

 

# $Id: .htaccess,v 1.3 2003/06/12 10:53:20 hpdl Exp $

#

# This is used with Apache WebServers

#

# For this to work, you must include the parameter 'Options' to

# the AllowOverride configuration

#

# Example:

#

# <Directory "/usr/local/apache/htdocs">

# AllowOverride Options

# </Directory>

#

# 'All' with also work. (This configuration is in the

# apache/conf/httpd.conf file)

 

# The following makes adjustments to the SSL protocol for Internet

# Explorer browsers

 

<IfModule mod_setenvif.c>

<IfDefine SSL>

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

</IfDefine>

</IfModule>

 

# If Search Engine Friendly URLs do not work, try enabling the

# following Apache configuration parameter

#

# AcceptPathInfo On

 

# Fix certain PHP values

# (commented out by default to prevent errors occuring on certain

# servers)

#

#<IfModule mod_php4.c>

# php_value session.use_trans_sid 0

# php_value register_globals 1

#</IfModule>

 

# Ultimate SEO URLs BEGIN

Options +FollowSymLinks

RewriteEngine On

RewriteBase /

 

# Redirect index.php to domain.com

RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/

RewriteRule ^index\.php$ http://mydomain.com/ [R=301,L]

 

# Redirect www.domain.com to domain.com

RewriteCond %{HTTP_HOST} ^www.mydomain.com [NC]

RewriteRule ^(.*)$ http://mydomain.com/$1 [L,R=301]

 

RewriteCond %{HTTP_REFERER} ^http://www.mydomain.com$

RewriteRule !^http://[^/.]\.mydomain.com.* - [F,L]

 

RewriteRule ^(.*)-p-(.*).html$ product_info.php?products_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-p-(.*).html(.*)$ product_info.php?products_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-c-(.*).html$ index.php?cPath=$2&%{QUERY_STRING}

RewriteRule ^(.*)-m-([0-9]+).html$ index.php?manufacturers_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-pi-([0-9]+).html$ popup_image.php?pID=$2&%{QUERY_STRING}

RewriteRule ^(.*)-t-([0-9]+).html$ articles.php?tPath=$2&%{QUERY_STRING}

RewriteRule ^(.*)-a-([0-9]+).html$ article_info.php?articles_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-pr-([0-9]+).html$ product_reviews.php?products_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-pri-([0-9]+).html$ product_reviews_info.php?products_id=$2&%{QUERY_STRING}

RewriteRule ^(.*)-i-([0-9]+).html$ information.php?info_id=$2&%{QUERY_STRING}

# Ultimate SEO URLs END

 

# anti xss script 1 - pci compliance - by pixclinic

Options +FollowSymLinks

RewriteEngine On

RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

RewriteRule ^(.*)$ index_error.php [F,L]

RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)

RewriteRule .* - [F]

 

# extra anti uri and xss attack script 2 - sql injection prevention

Options +FollowSymLinks

RewriteEngine On

RewriteCond %{QUERY_STRING} ("|%22).*(>|%3E|<|%3C).* [NC]

RewriteRule ^(.*)$ log.php [NC]

RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC]

RewriteRule ^(.*)$ log.php [NC]

RewriteCond %{QUERY_STRING} (javascript:).*(;).* [NC]

RewriteRule ^(.*)$ log.php [NC]

RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark).* [NC]

RewriteRule ^(.*)$ log.php [NC]

RewriteRule (,|;|<|>|'|`) /log.php [NC]

RewriteBase /

 

# filter for most common exploits

RewriteCond %{HTTP_USER_AGENT} libwww-perl [OR]

RewriteCond %{QUERY_STRING} tool25 [OR]

RewriteCond %{QUERY_STRING} cmd.txt [OR]

RewriteCond %{QUERY_STRING} cmd.gif [OR]

RewriteCond %{QUERY_STRING} r57shell [OR]

RewriteCond %{QUERY_STRING} c99 [OR]

 

# ban spam bots

RewriteCond %{HTTP_USER_AGENT} almaden [OR]

RewriteCond %{HTTP_USER_AGENT} ^Anarchie [OR]

RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [OR]

RewriteCond %{HTTP_USER_AGENT} ^attach [OR]

RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [OR]

RewriteCond %{HTTP_USER_AGENT} ^BackWeb [OR]

RewriteCond %{HTTP_USER_AGENT} ^Bandit [OR]

RewriteCond %{HTTP_USER_AGENT} ^BatchFTP [OR]

RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]

RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:[email protected] [OR]

RewriteCond %{HTTP_USER_AGENT} ^Buddy [OR]

RewriteCond %{HTTP_USER_AGENT} ^bumblebee [OR]

RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [OR]

RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]

RewriteCond %{HTTP_USER_AGENT} ^CICC [OR]

RewriteCond %{HTTP_USER_AGENT} ^Collector [OR]

RewriteCond %{HTTP_USER_AGENT} ^Copier [OR]

RewriteCond %{HTTP_USER_AGENT} ^Crescent [OR]

RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]

RewriteCond %{HTTP_USER_AGENT} ^DA [OR]

RewriteCond %{HTTP_USER_AGENT} ^DIIbot [OR]

RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]

RewriteCond %{HTTP_USER_AGENT} ^DISCo\ Pump [OR]

RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]

RewriteCond %{HTTP_USER_AGENT} ^Download\ Wonder [OR]

RewriteCond %{HTTP_USER_AGENT} ^Downloader [OR]

RewriteCond %{HTTP_USER_AGENT} ^Drip [OR]

RewriteCond %{HTTP_USER_AGENT} ^DSurf15a [OR]

RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]

RewriteCond %{HTTP_USER_AGENT} ^EasyDL/2.99 [OR]

RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]

RewriteCond %{HTTP_USER_AGENT} email [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [OR]

RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]

RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]

RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]

RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]

RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]

RewriteCond %{HTTP_USER_AGENT} ^FileHound [OR]

RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]

RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]

RewriteCond %{HTTP_USER_AGENT} ^GetSmart [OR]

RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]

RewriteCond %{HTTP_USER_AGENT} ^gigabaz [OR]

RewriteCond %{HTTP_USER_AGENT} ^Go\!Zilla [OR]

RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]

RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]

RewriteCond %{HTTP_USER_AGENT} ^gotit [OR]

RewriteCond %{HTTP_USER_AGENT} ^Grabber [OR]

RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]

RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]

RewriteCond %{HTTP_USER_AGENT} ^grub-client [OR]

RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]

RewriteCond %{HTTP_USER_AGENT} ^HTTrack [OR]

RewriteCond %{HTTP_USER_AGENT} ^httpdown [OR]

RewriteCond %{HTTP_USER_AGENT} .*httrack.* [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]

RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]

RewriteCond %{HTTP_USER_AGENT} ^Indy*Library [OR]

RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]

RewriteCond %{HTTP_USER_AGENT} ^InternetLinkagent [OR]

RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]

RewriteCond %{HTTP_USER_AGENT} ^InternetSeer.com [OR]

RewriteCond %{HTTP_USER_AGENT} ^Iria [OR]

RewriteCond %{HTTP_USER_AGENT} ^Java/1.6.0_11 [OR]

RewriteCond %{HTTP_USER_AGENT} ^JBH*agent [OR]

RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]

RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]

RewriteCond %{HTTP_USER_AGENT} ^JustView [OR]

RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]

RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]

RewriteCond %{HTTP_USER_AGENT} ^LexiBot [OR]

RewriteCond %{HTTP_USER_AGENT} ^lftp [OR]

RewriteCond %{HTTP_USER_AGENT} ^Link*Sleuth [OR]

RewriteCond %{HTTP_USER_AGENT} ^likse [OR]

RewriteCond %{HTTP_USER_AGENT} ^Link [OR]

RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [OR]

RewriteCond %{HTTP_USER_AGENT} ^Mag-Net [OR]

RewriteCond %{HTTP_USER_AGENT} ^Magnet [OR]

RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]

RewriteCond %{HTTP_USER_AGENT} ^Memo [OR]

RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR]

RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]

RewriteCond %{HTTP_USER_AGENT} ^Mirror [OR]

RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]

RewriteCond %{HTTP_USER_AGENT} ^Morfeus [OR]

RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Indy [OR]

RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR]

RewriteCond %{HTTP_USER_AGENT} ^Mozilla*MSIECrawler [OR]

RewriteCond %{HTTP_USER_AGENT} ^MSIECrawler [OR]

RewriteCond %{HTTP_USER_AGENT} ^MSProxy [OR]

RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]

RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]

RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]

RewriteCond %{HTTP_USER_AGENT} ^NetMechanic [OR]

RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]

RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]

RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]

RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [OR]

RewriteCond %{HTTP_USER_AGENT} ^Ninja [OR]

RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]

RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]

RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]

RewriteCond %{HTTP_USER_AGENT} ^Openfind [OR]

RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]

RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]

RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]

RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]

RewriteCond %{HTTP_USER_AGENT} ^Ping [OR]

RewriteCond %{HTTP_USER_AGENT} ^PingALink [OR]

RewriteCond %{HTTP_USER_AGENT} ^Pockey [OR]

RewriteCond %{HTTP_USER_AGENT} ^psbot [OR]

RewriteCond %{HTTP_USER_AGENT} ^Pump [OR]

RewriteCond %{HTTP_USER_AGENT} ^QRVA [OR]

RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]

RewriteCond %{HTTP_USER_AGENT} ^Reaper [OR]

RewriteCond %{HTTP_USER_AGENT} ^Recorder [OR]

RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]

RewriteCond %{HTTP_USER_AGENT} ^robotgenius [OR]

RewriteCond %{HTTP_USER_AGENT} ^Scooter [OR]

RewriteCond %{HTTP_USER_AGENT} ^Seeker [OR]

RewriteCond %{HTTP_USER_AGENT} ^Siphon [OR]

RewriteCond %{HTTP_USER_AGENT} ^sitecheck.internetseer.com [OR]

RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]

RewriteCond %{HTTP_USER_AGENT} ^SlySearch [OR]

RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]

RewriteCond %{HTTP_USER_AGENT} ^Snake [OR]

RewriteCond %{HTTP_USER_AGENT} ^SpaceBison [OR]

RewriteCond %{HTTP_USER_AGENT} ^sproose [OR]

RewriteCond %{HTTP_USER_AGENT} ^Stripper [OR]

RewriteCond %{HTTP_USER_AGENT} ^Sucker [OR]

RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]

RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]

RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]

RewriteCond %{HTTP_USER_AGENT} ^Szukacz [OR]

RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]

RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]

RewriteCond %{HTTP_USER_AGENT} ^Toata [OR]

RewriteCond %{HTTP_USER_AGENT} ^URLSpiderPro [OR]

RewriteCond %{HTTP_USER_AGENT} ^Vacuum [OR]

RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]

RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]

RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]

RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[bb]andit [OR]

RewriteCond %{HTTP_USER_AGENT} ^webcollage [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]

RewriteCond %{HTTP_USER_AGENT} ^Web\ Downloader [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebHook [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebMiner [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebMirror [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]

RewriteCond %{HTTP_USER_AGENT} ^Website [OR]

RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]

RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]

RewriteCond %{HTTP_USER_AGENT} ^Webster [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]

RewriteCond %{HTTP_USER_AGENT} WebWhacker [OR]

RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]

RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]

RewriteCond %{HTTP_USER_AGENT} ^Whacker [OR]

RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]

RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]

RewriteCond %{HTTP_USER_AGENT} ^x-Tractor [OR]

RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]

RewriteCond %{HTTP_USER_AGENT} ^Xenu [OR]

RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR]

RewriteCond %{HTTP_USER_AGENT} ^Zeus

RewriteRule ^.* - [F,L]

 

#Disable .htaccess viewing from browser

<Files ~ "^\.ht">

Order allow,deny

Deny from all

Satisfy All

</Files>

 

<Files php.ini>

order allow,deny

deny from all

</Files>

 

<Files phpinfo.php>

order allow,deny

deny from all

</Files>

 

# deny most common except .php

<FilesMatch "\.(inc|tpl|h|ihtml|sql|ini|conf|class|bin|spd|theme|module|exe)$">

deny from all

 

</FilesMatch>

 

# Disable access to config.php

<Files ~ "includes\configure.php$">

deny from all

 

</Files>

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...