Suggested Master .htaccess file

[sog2012]

First rule of websites. Make a backup copy of stuff before you change it.

The old file is at http://docs.joomla.org/Htaccess_example ... ldid=35925

The revision history is at: http://docs.joomla.org/index.php?title= ... on=history

There's likely only a couple of characters out of place in the new file.

It's likely something to do with the index redirect. Comment out that section of code for now and report any problems with the rest of the code.

The .htaccess file code is anything but trivial. It did contain many errors, some of the old code would never run at all.

Let me get this straight. When you request exactly http://www.example.com/administator you get the log in screen, but after you submit the form you are taken back to exactly http://www.example.com/administator again.

Yes sir, that is correct. When I load my Joomla Administration Login webpage, I enter my username and password, but it just loops back to the login page and won't let me login in.

The code responsible for that is:

########## Begin - Redirect index.php to /
## Note: Change example.com to reflect your own domain name
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/
RewriteRule ^(([^/]+/)*)index\.php$ http://www.mywebsite.com.au/$1 [R=301,L]
########## End - Redirect index.php to /

When I comment that section out, then I can login to my backend.

Any ideas why that code would stop us from login? Joe has same problem.

[g1smd]

It looks like Joomla really "needs" that index.php to be included in the URL, except for the single case of "www.example.com/index.php" with nothing following.

Adding another RewriteCond ahead of the code may solve it:

Code: Select all

RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator

EDIT: TYPO CORRECTED.

[sog2012]

Good command, thanks.

[g1smd]

I can't answer a second question before we've finished discussing the first question.

The changes are all listed at http://docs.joomla.org/index.php?title= ... on=history as stated above.

You need the "Compare selected versions" button.

EDIT: The last two lines of the code snippet you posted were NOT in the Joomla Docs master .htaccess file. They are another version from elsewhere.

[g1smd]

Right. My meal has arrived. Free wi-fi session in pub is now terminated.

[sog2012]

Actually this one piece of code stops my Search Module working and loops my Backend Admin login page:

########## Begin - Redirect index.php to /
## Note: Change example.com to reflect your own domain name
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/
RewriteRule ^(([^/]+/)*)index\.php$ http://www.mywebsite.org/$1 [R=301,L]
########## End - Redirect index.php to /

So I did as you suggest and added that line, so now it looks like:

########## Begin - Redirect index.php to /
## Note: Change example.com to reflect your own domain name
RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/
RewriteRule ^(([^/]+/)*)index\.php$ http://www.mywebsite.org/$1 [R=301,L]
########## End - Redirect index.php to /

That fixed the admin login problem and I can now login. Thank you.

However, that didn't fix the search module. When I type in a keyword to search, it just loops and don't resturn the search results. The only way I can get the search module to work properly is edit out the line that says:

#RewriteRule ^(([^/]+/)*)index\.php$ http://www.mywebsite.org/$1 [R=301,L]

And interestingly, when I edited out the above line, then I can login to my Administrator even without your new code of: RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator

So it seems that once RewriteRule ^(([^/]+/)*)index\.php$ http://www.mywebsite.org/$1 [R=301,L] is edited out, the search module works and the admin login works, even without your new code: "RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator"

What is it about that particular line that stops my search module from returning the search results? And why does it stop being able to login to admin?

[sog2012]

I completed testing the htaccess file and here are my results and feedback:

It works well and my website seems to load and work fast. Thank you very much clever boy Your work is appreciated.

However, I had to edit out the following sections and commands:

1.
#RewriteRule ^(([^/]+/)*)index\.php$ http://www.mywebsite/$1 [R=301,L]

This command above stops my search module from displaying the search results and it just loops my main page. But once I edit this command out, my search module works fine. Any solution?

2.
########## Begin - Automatic compression of resources
# Compress text, html, javascript, css, xml, kudos to Komra.de
# May kill access to your site for old versions of Internet Explorer
#AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript #application/x-javascript
########## End - Automatic compression of resources

This section above gives me a 500 Server error. So I had to comment that out as well. Any solution?

[PhilD]

I tried this ruleset (########## Begin - Redirect index.php to / )
on my site. Prevents me from logging in with a 403 error

url used:
http://mysite.org/xxxxx/administrator/

Changed this rule
RewriteRule ^(([^/]+/)*)index\.php$ http://mysite.org/$1 [R=301,L]

to

RewriteRule ^([^/]*)index\.php$ http://mysite.org/$1 [R=301,L]

Now I am able to log in
url shown after logging in
http://mysite.org/xxxx/administrator/index2.php

normal url after logging in before using this rule section
http://mysite.org/xxxx/administrator/index2.php

Not sure if the change breaks the rule or the intent of the rule

HOWEVER THE FOLLOWING BLOCK WORKS and leaves the rule set as intended (added the administrator rule)
Edit:

The following works:

Code: Select all

########## Begin - Redirect index.php to /
## Note: Change example.com to reflect your own domain name
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/
RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator
RewriteRule ^(([^/]+/)*)index\.php$ http://chowclub.org/$1 [R=301,L]
########## End - Redirect index.php to /

[sog2012]

I tried this ruleset (########## Begin - Redirect index.php to / )
on my site. Prevents me from logging in with a 403 error

url used:
http://mysite.org/xxxxx/administrator/

Changed this rule
RewriteRule ^(([^/]+/)*)index\.php$ http://mysite.org/$1 [R=301,L]

to

RewriteRule ^([^/]*)index\.php$ http://mysite.org/$1 [R=301,L]

Now I am able to log in
url shown after logging in
http://mysite.org/xxxx/administrator/index2.php

normal url after logging in before using this rule section
http://mysite.org/xxxx/administrator/index2.php

Not sure if the change breaks the rule or the intent of the rule

Hi Phil. Can you please try something for me and tell me if it works for you as well;

Go to this section of your original htaccess code:

########## Begin - Redirect index.php to /
## Note: Change example.com to reflect your own domain name
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/
#RewriteRule ^(([^/]+/)*)index\.php$ http://www.yourwebsite.org/$1 [R=301,L]
########## End - Redirect index.php to /

Just do one thing, and that is comment and edit out the line that says; RewriteRule ^(([^/]+/)*)index\.php$ http://www.yourwebsite.org/$1 [R=301,L]

Please edit out RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator for this testing purposes.

Then tell me if you can login to your admin section. I don't need the code "RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator" to enter my admin backend once I commented out "RewriteRule ^(([^/]+/)*)index\.php$ http://www.mywebsite.org/$1 [R=301,L]"

And Phil, does your search module work on your website, if you have "RewriteRule ^(([^/]+/)*)index\.php$ http://www.yourwebsite.org/$1 [R=301,L]" activated and not commented out?

[PhilD]

First I just added the working code block to my post above. Use it.

Second I am not using the master htaccess file at this time. I just added the code block to what I use for testing on a test site.

There are many things in the master htaccess file that will cause things to break or not function as expected. Since every site is different so what works on one site or server setup may not work on another site or server. If you wish to use the file, then it is your responsibility to track down the offending rules and either not use them or post the specific rule here with a description of what is not working when the rule is active.

[sog2012]

Well this htaccess file works amazingly well for me.

I only have a couple of major issues, and that is the "AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript #application/x-javascript" command which gives me Server 500 Errors and the following command:

RewriteRule ^(([^/]+/)*)index\.php$ http://www.mywebsite/$1 [R=301,L]

That command stops my Search module from displaying search results and causes my admin login to loop and not allowing me to login. And even if I use the new code "RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator", which fixes the login issue, I still cannot use it because my Search Module won't work properly as long as "RewriteRule ^(([^/]+/)*)index\.php$ http://www.mywebsite/$1 [R=301,L]" is activated.

So I am hoping someone can give me a solution for:

RewriteRule ^(([^/]+/)*)index\.php$ http://www.mywebsite/$1 [R=301,L]

But other than those 2 issues, it's working well for me

[PhilD]

"So I am hoping someone can give me a solution for:
RewriteRule ^(([^/]+/)*)index\.php$ http://www.mywebsite/$1 [R=301,L] "



The rule
RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator

has to be added to the rest of that block, not used instead of

see the code block I posted above. copy/paste the block replacing that section block within your htaccess. change the url to reflect your websites url

If that don't work then either you are doing something wrong, have a syntax error, or you can not use that rule for some reason that I can not determine. Infinite loop usually means a syntax error.

Search works fine on my site with the rule block enabled as does logging in to administrator.

[mailm]

this is mainly to sog2012.
I can see what is happening. you are not reading what you have been told several times.
Let me put it this way, both phild and kurchania and g1msd have told you several times that this htaccess will not work for everyone and it is not their job to make it work to fit on your (unknown) server. Even the documents within the original htaccess say that using the file can/will break your site. i would not dream of asking people to make an asp directive setup work on my linux site.

mandville even removed an off topic post that kurchania was kind enough to answer http://forum.joomla.org/viewtopic.php?p ... 7#p2438397 with the line "read the documentation before asking more". I also note that you sent a PM and complained it hadn't been read, did you read mandville's signature line? The moderators don't all work on your time zone or pocket money
I can see that while i have watched this topic and the distractions to g1msd in getting the code working as best as possible for the most amount of people, i may soon leave this topic and can imagine that others will soon follow.
here is my advice put a different way.
wait for g1msd to finish, then complain it doesnt work for you on your server - where it works for everyone else.
hint a copy of the original htaccess file is in EVERY copy of the joomla download zip file.
I am sorry to the admins/mods if this looks like a flame post but i hope it gets the user to do what has been suggested, read and wait.

[C0nw0nk]

Code: Select all

RewriteCond %{QUERY_STRING} .*[.][.]/[.][.].*
RewriteRule ^(.*)$ - [F,L]

I think this command should be added since it stops people backtracking through the server with query strings.

example : www.domain.com/index.php?../../

[PhilD]

Change
RewriteRule ^(.*)$ - [F,L]
to
RewriteRule .* - [F]

more efficient

[C0nw0nk]

Change
RewriteRule ^(.*)$ - [F,L]
to
RewriteRule .* - [F]

more efficient

Do you recommend i do that with all of my commands in my htaccess ?

[PhilD]

refer to http://forum.joomla.org/viewtopic.php?p ... 6#p2436126
where this already has been answered.

[F] terminates mod_rewrite processing for the current request. [L] is not required.
No need to create any backreference. It is not going to be used.

Edit:

Code: Select all

RewriteCond %{QUERY_STRING} .*[.][.]/[.][.].*
RewriteRule .* - [F]

works as desired, but not sure if the condition could be more efficient.
example : domain.com/index.php?../../

[g1smd]

RewriteCond %{QUERY_STRING} .*[.][.]/[.][.].*
can be simplified.

The leading .* causes the RegEx to match the entire input string right the very end, and then to look for a period after the end, which of course there isn't (it would be like saying "tell me what the 21st digit of this 20 digit number is"). It then backs off one character from the end and checks if the next character is a period. It then backs off another character and checks if the next character is a period. Then again and again until it finds a period... right near the beginning of the input string. Once it has finished finding the ../.. match in the input string, the trailing .* says to read each character to the very end of the input string but do nothing with them.

This pattern, without leading or trailing .* parts:

[.][.]/[.][.]

would parse faster, as the input string is read left to right until the first period is matched, and if there isn't a second period right there, processing would move on checking for a period later in the string and then an adjacent one, then the slash and so on.

Once the ../.. part had been found, the rule would match true and the rest of the input string wouldn't be read at all (unlike the trailing .* forcing a read to the end).

This [.][.]/[.][.] pattern could run hundreds of times faster than the one with the unwanted leading and trailing .* patterns. The .* is greedy, promiscuous and ambiguous and a major drain on mod_rewrite processing.

One more simplification is possible. When there is only one character, the character "group" syntax is not required. So [.] becomes \. here. Remember to escape literal periods.

The final pattern is very odd looking: \.\./\.\. but is correct.

Additionally, the alternative \.{2}/\.{2} is also possible I guess.

[g1smd]

Now we know that the

Code: Select all

RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator

exclusion makes the login section work, simply add another check for a unique part of the search URL and that will also likely spring back to life.

[sog2012]

...wait for g1msd to finish, then complain it doesnt work for you on your server - where it works for everyone else....[/b]

I was shocked and very sad at reading your comments about me. I have never complained, I have tried my best to help and contribute by giving feedback. If you read my posts you would also notice I have said thank you many times and stated it's very appreciated to everyone for contributing to a great htaccess file.

I have not complained as you suggest, I have just giving honest, constructive feedback in the attempt to help all the coders. I thought coders rely on and encourage feedback, any type of feedback so they can make the Master htaccess better and better for a wider circle of people. So all these hours I spent testing and giving feedback was meant well, yet you accuse me of complaining.

I am sorry if I got too excited and too keen to help.

I will not say another word in this thread as I am very sad now that my good intentions of trying to be helpful with feedback has been turned into an attempt to paint me as a bad person who just complains and doesn't read the comments

[g1smd]

However, I had to edit out the following sections and commands:

#RewriteRule ^(([^/]+/)*)index\.php$ http://www.mywebsite/$1 [R=301,L]

Of course deleting the command that stopped you logging in would then allow you to log in. However, once deleted that command no longer does what it is supposed to do elsewhere in the site - because it is deleted.

Instead, the additional line

Code: Select all

RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator 

says do your thing, except when user is logging in or out.

This command above stops my search module from displaying the search results and it just loops my main page. But once I edit this command out, my search module works fine. Any solution?

You now say search is also broken. That's fine, and the simple solution is to add another exclusion for search URLs to this RewriteCond.

[g1smd]

@sog2012 STEP AWAY FROM THE KEYBOARD. I appreciate the feedback as to what is broken, but you need to wait at least a day for a response. By the time I have replied to a post, 12 posts back, you have asked two more questions. I cannot type any faster. It's 2 a.m. and there are 5 more of your posts currently unread and unanswered as I am still only as far as the previous page of this thread.

[g1smd]

The old 2.3 version of that code works on my site:
RewriteCond %{THE_REQUEST} ^.*/index\.php$
RewriteRule ^index\.php$ http://www.stonymountainproperty.com/ [R=301,L]

That code only acts on the root.

The new 2.4 version of those lines prevent me from logging in to the backend:
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/
RewriteRule ^(([^/]+/)*)index\.php$ http://www.stonymountainproperty.com/$1 [R=301,L]

This code works in all folders, and theres obviously a clash with how the login is coded. The RewriteCond exclusion posted above should fix the login.

[mrplowdan]

great thanks a lot, I'd just like to add what I changed
Using JA Purity II theme, joomla 1.5

had to comment out the Redirect index.php to / section to fix the search

and changing the line below
from

Code: Select all

RewriteRule ^(components|modules|plugins|templates)/ - [F]

to

Code: Select all

RewriteRule ^(components|modules|plugins)/ - [F]

fixes the font and page width buttons on the top of the page

[g1smd]

########## Begin - Redirect index.php to /
## Note: Change example.com to reflect your own domain name
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/
RewriteRule ^(([^/]+/)*)index\.php$ http://www.mywebsite.com.au/$1 [R=301,L]
########## End - Redirect index.php to /

When I comment that section out, then I can login to my backend.
Any ideas why that code would stop us from login? Joe has same problem.

The additional RewriteCond mentioned above should fix it, but it won't fix the search issue. That will need a separate test.

[g1smd]

Changed this rule

Code: Select all

RewriteRule ^(([^/]+/)*)index\.php$ http://mysite.org/$1 [R=301,L]
to
RewriteRule ^([^/]*)index\.php$ http://mysite.org/$1 [R=301,L]

Now I am able to log in
url shown after logging in
http://mysite.org/xxxx/administrator/index2.php

normal url after logging in before using this rule section
http://mysite.org/xxxx/administrator/index2.php

Not sure if the change breaks the rule or the intent of the rule.

Second rule will only run for request like http://www.example.com/aaaindex.php or http://www.example.com/index.php and will not run for request like http://www.example.com/aaa/index.php in any folder.

HOWEVER THE FOLLOWING BLOCK WORKS and leaves the rule set as intended (added the administrator rule)

Code: Select all

########## Begin - Redirect index.php to /
## Note: Change example.com to reflect your own domain name
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/
RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator
RewriteRule ^(([^/]+/)*)index\.php$ http://chowclub.org/$1 [R=301,L]
########## End - Redirect index.php to /

Thanks for confirmation.

[g1smd]

Right. What I need is the URL for the search that fails. Use example.com or www.example.com instead of the real domain name. From this URL I will need to pick a unique part to test, in the same way as the match for "administrator" above.

No hurry. It's 2.36 a.m. ---> bed.

[kurchania]

@g1smd,

Kudos man working so hard in Master HTACCESS .

my few web service and ajax call are not working as expected.
can we use any method to skip this rules to following query string parameterl:-

format=raw
tmpl=component

@sog2012
this is important topic of security of site and all people are looking at it for security protection.
if you have your own query related to your server to make htaccesss work in your server you can start your own new thread.
also first try to understand the command of mod_rewrite
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html
@mailm

wait for g1msd to finish, then complain it doesnt work for you on your server - where it works for everyone else.
hint a copy of the original htaccess file is in EVERY copy of the joomla download zip file.

but its good if at the time of development someone is testing the things and giving feedback.it will make htaccess more stable and compatible.
Golden Rule more test cases better and stable product in market.

[PhilD]

I think there is a fundamental issue with the htaccess that sog2012 is using. It has not been identified yet.

In one way of troubleshooting, the first step is to make an educated guess where the issue is likely to be. For example if you think it is being caused by this section "########## Begin - Redirect index.php to /" then comment out the whole section and test to see if the issue (in this case with sog2012 the search issue) goes away. If it does then that is the area giving trouble, if the issue does not go away, then your in the wrong section, enable the section and look for another likely section and repeat the process. Once you find the troublesome area, enable the area rule and a condition, test and repeat. once the condition is found that gives trouble it may be able to be worked on or another condition added.

[PhilD]

I have found an issue with the code block below.

Code: Select all

########## Begin - Redirect index.php to /
## Note: Change example.com to reflect your own domain name
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/
RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator
RewriteRule ^(([^/]+/)*)index\.php$ http://chowclub.org/$1 [R=301,L]
########## End - Redirect index.php to /

A Virtuemart store will not allow one to add items to the cart. When the attempt is made to add an item to the cart a redirect back to the sites main (home) page is the result. Virtuemart is one of those extensions that mix and match and use a lot of stuff from both the frontend VM directory and from the Virtuemart directory under administrator directory. I can't right now test conditions as I need the store to work.

Also thanks to g1smd for explaining how the rule sets work. I did notice this:
RewriteCond %{QUERY_STRING} .*[.][.]/[.][.].*
was Very Slow, so thanks for explaining to everyone how it works and making it more efficient.