I am developing a CMS/Framework for my clients and have just implemented a PHP script that detects if the currently loaded "application" requires HTTPS and redirects to the HTTPS equivalent if so.
At the same time I am also using mod_rewrite to implement friendly URLs which works great. However, when the script goes to HTTPS the mod_rewrite no longer seems to work and I get a standard Apache "access forbidden" message.
This is on a localhost development server (using XAMPP) with no SSL certificate installed (there would be on a live server). To be clear, I am NOT trying to force HTTPS via the mod_rewrite (this is what 90% of search results seem to be for), just want to get my friendly URLs working on it.
Edit: It also happens when accessing the "root" address (https://localhost/cms/) where it would default to the index page.
Here is my .htaccess:
# Protect files.
<FilesMatch "(\.(xml|html|cache))$">
Order allow,deny
</FilesMatch>
# Disable directory listings.
Options -Indexes
# Follow symbolic links.
Options +FollowSymLinks
# Error document.
ErrorDocument 404 /index.php
# Rewrite URLs.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?request=$1 [L,QSA]
</IfModule>
Any help would be much appreciated. Thanks 🙂
Best Answer
Seems the problem was that there is a second, seperate DocumentRoot configuration for SSL on Apache/XAMPP. Fixed it by setting the DocumentRoot value in "httpd-ssl.conf" to the same as the one in my "httpd.conf" file. Now everything works great!