.htaccess RewriteRule causing 403 Forbidden
https://stackoverflow.com/questions/10068466
-
30-05-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm trying to install the Recess PHP framework on my web host (Dreamhost). It includes the following .htaccess:
Options FollowSymLinks
RewriteEngine On
RewriteRule ^([^.]+)$ $1.html [QSA]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ bootstrap.php [QSA,L]
This works fine on my machine (XAMPP 1.7.7 on Windows 7) but results in 403 Forbidden errors on some files my web host. All directory permissions are set to 755 and all file permissions are set to 644. PHP runs under the same user that owns the files.
The following URLs result in 403s:
- http://test.dd.moofz.com/
- http://test.dd.moofz.com/recess-conf.php
- http://test.dd.moofz.com/index.php
- http://test.dd.moofz.com/bootstrap.php
- http://test.dd.moofz.com/MIT-LICENSE
The following URLs don't:
- http://test.dd.moofz.com/.gitignore
- http://test.dd.moofz.com/httpd_logo_wide.gif
- http://test.dd.moofz.com/README.textile
- http://test.dd.moofz.com/the-book-of-recess.pdf
What would cause this to happen?
Solution
As it turns out, I needed to change the line:
Options FollowSymLinks
to:
Options +FollowSymLinks
OTHER TIPS
Not familiar with that framework, but it looks like either there are some lines elsewhere or it may need tweaking.
Though I admittedly am no mod rewrite expert, looks like first line is directing all requests to request_file.html, then on line 2 if the file does not exist it calls up boostrap.php on line 3.
Your problem may lie in boostrap.php, see what happens in that script and how the request is handled. A debugger may be useful at that step. Although you may get this to work, it seems to me it may not be optimal as is. For instance, I believe usually there is a ruleset that avoid havings .gif, .jpg .css directed to your routing script. Something like this:
RewriteCond $1 !^(favicon\.ico|favicon\.png|media|robots\.txt|crossdomain\.xml|css|js)
This avoids the overhead of having php handle the requests for those types of files. There would even be more things to consider for robust application production usage, just tweak your rules so everything is routed proper and things should be fine.
