htaccess odd behaviour

Discussion in 'Apache Migration/Compatibility' started by Pankaj Agrawal, Jul 4, 2018.

  1. Hi

    I have a working .htaccess code that works well in Apache. But is behaving odd in LiteSpeed server.

    Interestingly I tried two LightSpeed hosts and both are behaving differently.

    Code:
    RewriteEngine on
    RewriteCond %{REQUEST_URI} \.(html?|js)$ [NC]
    RewriteRule ^(.*)$ /home/test/public_html/?redirected=1&file=$1 [NC,L]
    Lets assume I go to:
    http://testdomain.com/path/to/index.html

    This is what happens in different servers:
    Apache:
    a. Browser shows I am on:
    http://testdomain.com/path/to/index.html

    b. Content is shown based on:
    http://testdomain.com/?redirected=1&file=index.html

    c. http://testdomain.com is WordPress so I get the content based on the logged in user.


    LightSpeed Server 1:
    Browser shows I am on:
    http://testdomain.com/path/to/index.html (GOOD)

    Content is shown based on:
    http://testdomain.com/?redirected=1&file=index.html (GOOD)

    c. Even if I am logged in. This page shows as if I am not logged in. i.e. SESSON/COOKIE information is removed by LightSpeed somehow? (BAD)


    LightSpeed Server 2:

    Browser redirects to:
    http://testdomain.com/?redirected=1&file=index.html (BAD)

    Nothing else would work as it is redirected.
    The L in [NC,L] should stop it from redirecting but not happening.

    I am totally lost, but don't want to say to customers that my software product doesn't work with LightSpeed because I love LightSpeed otherwise.

    Additional Information:
    Both LightSpeed servers are using cPanel.

    Thanks a lot for your help and any guidance you can provide.
     
    Last edited by a moderator: Jul 5, 2018
  2. NiteWave

    NiteWave Administrator

    is a /home/test/public_html/index.php there ?
    static .html/js served by php is much slower than direct by web server.
     
  3. Hi NiteWave,

    Thanks for the response.
    Yes, /home/test/public_html/index.php is there. (like I said it is a WordPress website which has a index.php in all installations)

    I totally agree, "static .html/js served by php is much slower than direct by web server", let me know if you have suggestions to add security to static files without loading PHP for each file. That would be awesome.

    But, I would anyway want to understand why .htaccess is misbehaving and find a solution if possible.

    Pankaj
     
  4. NiteWave

    NiteWave Administrator

    try "Alias" -- https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias

    for example,
    1. define following in virtual host section:
    Alias /share-html-js/ /home/test/public_html/
    2. in .htacess, replace
    Code:
    RewriteEngine on
    RewriteCond %{REQUEST_URI} \.(html?|js)$ [NC]
    RewriteRule ^(.*)$ /home/test/public_html/?redirected=1&file=$1 [NC,L]
    
    with
    Code:
    RewriteEngine on
    RewriteCond %{REQUEST_URI} \.(html?|js)$ [NC]
    RewriteRule ^(.*)$ /share-html-js/$1 [NC,L]
    
     
  5. Hi NiteWave,

    Is there any issue with the path: "/home/test/public_html/"?

    Based on the description of Alias: "The Alias directive allows documents to be stored in the local filesystem other than under the DocumentRoot. "

    As "/home/test/public_html/" is DocumentRoot, I do not see any value in the extra step.

    Also, most of the cPanel based hosts won't allow changing the virtual host file, including the two I am testing on.

    Pankaj
     
  6. NiteWave

    NiteWave Administrator

    what's the DocumentRoot of testdomain.com ?
    is it same as /home/test/public_html/ ?
     
  7. Yes it is same as /home/test/public_html/
     
  8. NiteWave

    NiteWave Administrator

    if it's same, then
    what's the purpose of
    Code:
    RewriteCond %{REQUEST_URI} \.(html?|js)$ [NC]
    RewriteRule ^(.*)$ /home/test/public_html/?redirected=1&file=$1 [NC,L]
    
    ?
    it looks the 2 lines can be deleted
     
  9. Without the rewrites, the static content (html/js) is served directly by web server without loading PHP and hence we cannot check if the user is authorised to view the content.

    With the rewrite code above. It will appear in browser that the same static url is being loaded. However, it will be routed through the PHP. So, the file is loaded from PHP. If you understand PHP, this is what we do in PHP ( https://screencast.com/t/AhlurHzFGLbp )

    JFYI, this is already working code and htaccess and hundreds of websites are using it already. The only problem is with the way htaccess is behaving in LightSpeed server.

    Pankaj
     
    Last edited by a moderator: Jul 9, 2018
  10. NiteWave

    NiteWave Administrator

    if so, following rewrite rule should be ok :
    Code:
    RewriteCond %{REQUEST_URI} \.(html?|js)$ [NC]
    RewriteRule ^(.*)$  ./index.php?redirected=1&file=$1 [NC,L]
    
     
  11. Well, there is some new revelations.

    The code you sent does not work. I get a 404 error.

    However, in Server 2 I mentioned that it was redirecting to http://testdomain.com/?redirected=1&file=index.html the issue was happening because the site has https and I was going to http url. So it was redirecting for https. Now it is working as expected in Server 2.

    However, in Server 1 there is one issue:
    On rewrite, the WordPress session cookie is not available, and hence the logged in user's information is not available.
    If I go directly to WordPress, the user is logged in.

    So, the issue is not with the LightSpeed server, but some configuration that I am not able to guess.

    Pankaj
     
    Last edited by a moderator: Jul 9, 2018
  12. NiteWave

    NiteWave Administrator

    can you show the complete .htaccess of server 1 ?
    and more detail about
     
  13. There are two .htaccess files. One public_html/.htaccess

    Code:
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress
    
    # Wordfence WAF
    <IfModule LiteSpeed>
    php_value auto_prepend_file '/home/abhisams/public_html/wordfence-waf.php'
    </IfModule>
    <Files ".user.ini">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
    </IfModule>
    
    </Files>
    php_value upload_max_filesize 64M
    php_value post_max_size 64M
    php_value memory_limit 400M
    php_value max_execution_time 180
    php_value max_input_time 180
    # END Wordfence WAF
    
    
    I have tried changing it to:


    Code:
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress
    

    Inside another folder something like: public_html/path/to/.htaccess There is:
    Code:
    RewriteEngine on
    RewriteCond %{REQUEST_URI} \.(html?|js)$ [NC]
    RewriteRule ^(.*)$ /home/test/public_html/?redirected=1&file=$1 [NC,L]
    

    Regarding WordPress session cookie is not available.
    There is a cookie that WordPress uses for logged in user, which looks like
    Code:
    $_COOKIE['wordpress_logged_in_jksoi1msmsu1jhso1llasjdasdash"]
    This is available in direct php load, or via other wordpress rewrite, but not when in PHP when loaded via above .htaccess.
     
    Last edited by a moderator: Jul 9, 2018
  14. NiteWave

    NiteWave Administrator

    please change it to
    Code:
    RewriteEngine on
    RewriteCond %{REQUEST_URI} \.(html?|js)$ [NC]
    RewriteRule ^(.*)$ /index.php?redirected=1&file=$1 [NC,L]
    to see if any difference
     
  15. No difference
     
  16. Well, after so much of testing and trying and everything. I found the reason. And I feel soo foolish, I did not see it before.

    It turns out the the website was on https, and the rewrite url was using http. And for some reason cookies were not shared between https and http, which I guess is logical.

    Thanks for all your time. I am sorry for all the trouble that was.

    Hopefully this incidence will help some other people who face similar issue.
     
    NiteWave likes this.
  17. NiteWave

    NiteWave Administrator

    Thanks for your update
     

Share This Page