Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Problem modifying .htaccess file to allow 301 redirect, reveals /framework/main.php?url=/ » Installing SilverStripe

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Installing SilverStripe /

Getting SilverStripe up and running on your computer and on your web server.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Problem modifying .htaccess file to allow 301 redirect, reveals /framework/main.php?url=/

Go to End


3 Posts   2469 Views

Avatar
JamesMcMeex

Community Member, 6 Posts

7 April 2016 at 11:53pm

Hi,

I am having a problem with an .htaccess file, where I am trying to set up a 301 redirect. When I add the code to redirect the domain to www, the full URL including /framework/main.php?url=/ is revealed. Here is my current .htaccess file:

### SILVERSTRIPE START ###

# Deny access to templates (but allow from localhost)
<Files *.ss>
	Order deny,allow
	Deny from all
	Allow from 127.0.0.1
</Files>

# Deny access to IIS configuration
<Files web.config>
	Order deny,allow
	Deny from all
</Files>

# Deny access to YAML configuration files which might include sensitive information
<Files ~ "\.ya?ml$">
	Order allow,deny
	Deny from all
</Files>

# Route errors to static pages automatically generated by SilverStripe
ErrorDocument 404 /assets/error-404.html
ErrorDocument 500 /assets/error-500.html

<IfModule mod_env.c>
	# Ensure that X-Forwarded-Host is only allowed to determine the request
	# hostname for servers ips defined by SS_TRUSTED_PROXY_IPS in your _ss_environment.php
	# Note that in a future release this setting will be always on.
	SetEnv BlockUntrustedIPs true
</IfModule>

<IfModule mod_rewrite.c>

	# Turn off index.php handling requests to the homepage fixes issue in apache >=2.4
	<IfModule mod_dir.c>
		DirectoryIndex disabled
	</IfModule>

	SetEnv HTTP_MOD_REWRITE On
	RewriteEngine On
	RewriteBase /

	# Enable HTTP Basic authentication workaround for PHP running in CGI mode
	RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

	# Deny access to potentially sensitive files and folders
	RewriteRule ^vendor(/|$) - [F,L,NC]
	RewriteRule silverstripe-cache(/|$) - [F,L,NC]
	RewriteRule composer\.(json|lock) - [F,L,NC]

	# Process through SilverStripe if no file with the requested name exists.
	# Pass through the original path as a query parameter, and retain the existing parameters.
	RewriteCond %{REQUEST_URI} ^(.*)$
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteRule .* framework/main.php?url=%1 [QSA]

	# If framework isn't in a subdirectory, rewrite to installer
	RewriteCond %{REQUEST_URI} ^(.*)/framework/main.php$
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteRule . %1/install.php? [R,L]

</IfModule>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^mysite\.co\.uk$ [NC]
RewriteRule ^(.*)$ http://www.mysite.co.uk/$1 [R=301,L]
### SILVERSTRIPE END ###

Can anyone advise how I can stop the extra file path showing up?

Avatar
dhensby

Community Member, 253 Posts

11 April 2016 at 10:04pm

You need to move your redirects to be BEFORE the silverstripe re-write rules.

Otherwise you're forwarding to the re-written rule which is framework/main.php?url=$1

Avatar
JamesMcMeex

Community Member, 6 Posts

11 April 2016 at 10:20pm

Edited: 11/04/2016 10:29pm

Ah OK, thank you so much dhensby! So, for the sake of others who might be similarly stuck, this is how I rearranged the rules in my .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^mysite\.co\.uk$ [NC]
RewriteRule ^(.*)$ http://www.mysite.co.uk/$1 [R=301,L]

### SILVERSTRIPE START ###

# Deny access to templates (but allow from localhost)
<Files *.ss>
	Order deny,allow
	Deny from all
	Allow from 127.0.0.1
</Files>

# Deny access to IIS configuration
<Files web.config>
	Order deny,allow
	Deny from all
</Files>

# Deny access to YAML configuration files which might include sensitive information
<Files ~ "\.ya?ml$">
	Order allow,deny
	Deny from all
</Files>

# Route errors to static pages automatically generated by SilverStripe
ErrorDocument 404 /assets/error-404.html
ErrorDocument 500 /assets/error-500.html

<IfModule mod_env.c>
	# Ensure that X-Forwarded-Host is only allowed to determine the request
	# hostname for servers ips defined by SS_TRUSTED_PROXY_IPS in your _ss_environment.php
	# Note that in a future release this setting will be always on.
	SetEnv BlockUntrustedIPs true
</IfModule>

<IfModule mod_rewrite.c>

	# Turn off index.php handling requests to the homepage fixes issue in apache >=2.4
	<IfModule mod_dir.c>
		DirectoryIndex disabled
	</IfModule>

	SetEnv HTTP_MOD_REWRITE On
	RewriteEngine On
	RewriteBase /

	# Enable HTTP Basic authentication workaround for PHP running in CGI mode
	RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

	# Deny access to potentially sensitive files and folders
	RewriteRule ^vendor(/|$) - [F,L,NC]
	RewriteRule silverstripe-cache(/|$) - [F,L,NC]
	RewriteRule composer\.(json|lock) - [F,L,NC]

	# Process through SilverStripe if no file with the requested name exists.
	# Pass through the original path as a query parameter, and retain the existing parameters.
	RewriteCond %{REQUEST_URI} ^(.*)$
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteRule .* framework/main.php?url=%1 [QSA]

	# If framework isn't in a subdirectory, rewrite to installer
	RewriteCond %{REQUEST_URI} ^(.*)/framework/main.php$
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteRule . %1/install.php? [R,L]

</IfModule>
### SILVERSTRIPE END ###

Go to Top
Go to TopReturn to top