Mod_rewrite giving 403 forbidden when on https

apache-2.2httpsmod-rewrite

I am developing a CMS/Framework for my clients and have just implemented a PHP script that detects if the currently loaded "application" requires HTTPS and redirects to the HTTPS equivalent if so.

At the same time I am also using mod_rewrite to implement friendly URLs which works great. However, when the script goes to HTTPS the mod_rewrite no longer seems to work and I get a standard Apache "access forbidden" message.

This is on a localhost development server (using XAMPP) with no SSL certificate installed (there would be on a live server). To be clear, I am NOT trying to force HTTPS via the mod_rewrite (this is what 90% of search results seem to be for), just want to get my friendly URLs working on it.

Edit: It also happens when accessing the "root" address (https://localhost/cms/) where it would default to the index page.

Here is my .htaccess:

# Protect files.
<FilesMatch "(\.(xml|html|cache))$">
  Order allow,deny
</FilesMatch>

# Disable directory listings.
Options -Indexes

# Follow symbolic links.
Options +FollowSymLinks

# Error document.
ErrorDocument 404 /index.php

# Rewrite URLs.
<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} !=/favicon.ico
    RewriteRule ^(.*)$ index.php?request=$1 [L,QSA]
</IfModule>

Any help would be much appreciated. Thanks 🙂

Best Answer

Seems the problem was that there is a second, seperate DocumentRoot configuration for SSL on Apache/XAMPP. Fixed it by setting the DocumentRoot value in "httpd-ssl.conf" to the same as the one in my "httpd.conf" file. Now everything works great!

Related Solutions

Tomcat – Apache2 – mod_expire and mod_rewrite not working in httpd.conf – serving content from tomcat

Probably the ProxyPass / directive you have in your config routes all requests to the Tomcat backend, bypassing all your mod_rewrite directives. You can try to remove the ProxyPass directive and use RewriteRule with the [P] flag after your other rewrites:

mod_rewrite: P|proxy

For the expire headers the situation is worse — in another similar question a solution was not found.

Option +FollowSymLinks would be needed for using mod_rewrite in .htaccess files; in your case it is not required, because you can put everything in the Apache config. Moving rules from config to .htaccess is pointless and can only make things slower. However, there is an important difference between .htaccess and the Apache config — in .htaccess patterns in RewriteRule are matched against relative filesystem paths (which never start with /), while in the VirtualHost context these patterns are matched against the URL path after the hostname, which always starts with /. Therefore at least one of your rules is incorrect:

RewriteRule ^content/(js|css)/([a-z]+)-([0-9]+)\.(js|css)$ /content/$1/$2.$4

should be

RewriteRule ^/content/(js|css)/([a-z]+)-([0-9]+)\.(js|css)$ /content/$1/$2.$4

(note the additional slash in the beginning).

How to troubleshoot a “Bad Request” in Apache2

It looks like not any rewrite rule will ever match / : in the two rewrite rules after the problematic one the "minimal" match is /./ and /././, so this two have no chance to match /.

You could add a rewrite rule specific to the url https://my.site.com/ just before the ".php" one :

 RewriteRule ^/$ /Director.php?rt= [L,QSA]

When you ask for / to your web server, it will serve the first page found with a name listed in the DirectoryIndex directive. If your DirectoryIndex contain index.php it is likely this page which is be catched by the rewrite rules actually.

Best Answer

Related Solutions

Tomcat – Apache2 – mod_expire and mod_rewrite not working in httpd.conf – serving content from tomcat

How to troubleshoot a “Bad Request” in Apache2

Related Topic