htaccess odd behaviour

[Pankaj Agrawal]

Hi

I have a working .htaccess code that works well in Apache. But is behaving odd in LiteSpeed server.

Interestingly I tried two LightSpeed hosts and both are behaving differently.

RewriteEngine on
RewriteCond %{REQUEST_URI} \.(html?|js)$ [NC]
RewriteRule ^(.*)$ /home/test/public_html/?redirected=1&file=$1 [NC,L]

Lets assume I go to:
http://testdomain.com/path/to/index.html

This is what happens in different servers:
Apache:
a. Browser shows I am on:
http://testdomain.com/path/to/index.html

b. Content is shown based on:
http://testdomain.com/?redirected=1&file=index.html

c. http://testdomain.com is WordPress so I get the content based on the logged in user.


LightSpeed Server 1:
Browser shows I am on:
http://testdomain.com/path/to/index.html (GOOD)

Content is shown based on:
http://testdomain.com/?redirected=1&file=index.html (GOOD)

c. Even if I am logged in. This page shows as if I am not logged in. i.e. SESSON/COOKIE information is removed by LightSpeed somehow? (BAD)


LightSpeed Server 2:
Browser redirects to:
http://testdomain.com/?redirected=1&file=index.html (BAD)

Nothing else would work as it is redirected.
The L in [NC,L] should stop it from redirecting but not happening.

I am totally lost, but don't want to say to customers that my software product doesn't work with LightSpeed because I love LightSpeed otherwise.

Additional Information:
Both LightSpeed servers are using cPanel.

Thanks a lot for your help and any guidance you can provide.

 

[NiteWave]

is a /home/test/public_html/index.php there ?
static .html/js served by php is much slower than direct by web server.

 

[Pankaj Agrawal]

Hi NiteWave,

Thanks for the response.
Yes, /home/test/public_html/index.php is there. (like I said it is a WordPress website which has a index.php in all installations)

I totally agree, "static .html/js served by php is much slower than direct by web server", let me know if you have suggestions to add security to static files without loading PHP for each file. That would be awesome.

But, I would anyway want to understand why .htaccess is misbehaving and find a solution if possible.

Pankaj

 

[NiteWave]

try "Alias" -- https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias

for example,
1. define following in virtual host section:
Alias /share-html-js/ /home/test/public_html/
2. in .htacess, replace

RewriteEngine on
RewriteCond %{REQUEST_URI} \.(html?|js)$ [NC]
RewriteRule ^(.*)$ /home/test/public_html/?redirected=1&file=$1 [NC,L]

with

RewriteEngine on
RewriteCond %{REQUEST_URI} \.(html?|js)$ [NC]
RewriteRule ^(.*)$ /share-html-js/$1 [NC,L]

 

[Pankaj Agrawal]

Hi NiteWave,

Is there any issue with the path: "/home/test/public_html/"?

Based on the description of Alias: "The Alias directive allows documents to be stored in the local filesystem other than under the DocumentRoot. "

As "/home/test/public_html/" is DocumentRoot, I do not see any value in the extra step.

Also, most of the cPanel based hosts won't allow changing the virtual host file, including the two I am testing on.

Pankaj

 

[NiteWave]

what's the DocumentRoot of testdomain.com ?
is it same as /home/test/public_html/ ?

 

[Pankaj Agrawal]

Yes it is same as /home/test/public_html/

 

[NiteWave]

if it's same, then
what's the purpose of

RewriteCond %{REQUEST_URI} \.(html?|js)$ [NC]
RewriteRule ^(.*)$ /home/test/public_html/?redirected=1&file=$1 [NC,L]

?
it looks the 2 lines can be deleted

 

[Pankaj Agrawal]

Without the rewrites, the static content (html/js) is served directly by web server without loading PHP and hence we cannot check if the user is authorised to view the content.

With the rewrite code above. It will appear in browser that the same static url is being loaded. However, it will be routed through the PHP. So, the file is loaded from PHP. If you understand PHP, this is what we do in PHP ( https://screencast.com/t/AhlurHzFGLbp )

JFYI, this is already working code and htaccess and hundreds of websites are using it already. The only problem is with the way htaccess is behaving in LightSpeed server.

Pankaj

 

[NiteWave]

if so, following rewrite rule should be ok :

RewriteCond %{REQUEST_URI} \.(html?|js)$ [NC]
RewriteRule ^(.*)$  ./index.php?redirected=1&file=$1 [NC,L]

 

[Pankaj Agrawal]

Well, there is some new revelations.

The code you sent does not work. I get a 404 error.

However, in Server 2 I mentioned that it was redirecting to http://testdomain.com/?redirected=1&file=index.html the issue was happening because the site has https and I was going to http url. So it was redirecting for https. Now it is working as expected in Server 2.

However, in Server 1 there is one issue:
On rewrite, the WordPress session cookie is not available, and hence the logged in user's information is not available.
If I go directly to WordPress, the user is logged in.

So, the issue is not with the LightSpeed server, but some configuration that I am not able to guess.

Pankaj

 

[NiteWave]

can you show the complete .htaccess of server 1 ?
and more detail about

On rewrite, the WordPress session cookie is not available

 

[Pankaj Agrawal]

There are two .htaccess files. One public_html/.htaccess

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# Wordfence WAF
<IfModule LiteSpeed>
php_value auto_prepend_file '/home/abhisams/public_html/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>

</Files>
php_value upload_max_filesize 64M
php_value post_max_size 64M
php_value memory_limit 400M
php_value max_execution_time 180
php_value max_input_time 180
# END Wordfence WAF

I have tried changing it to:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Inside another folder something like: public_html/path/to/.htaccess There is:

RewriteEngine on
RewriteCond %{REQUEST_URI} \.(html?|js)$ [NC]
RewriteRule ^(.*)$ /home/test/public_html/?redirected=1&file=$1 [NC,L]

Regarding WordPress session cookie is not available.
There is a cookie that WordPress uses for logged in user, which looks like

$_COOKIE['wordpress_logged_in_jksoi1msmsu1jhso1llasjdasdash"]

This is available in direct php load, or via other wordpress rewrite, but not when in PHP when loaded via above .htaccess.

 

[NiteWave]

Inside another folder something like: public_html/path/to/.htaccess There is:

RewriteEngine on
RewriteCond %{REQUEST_URI} \.(html?|js)$ [NC]
RewriteRule ^(.*)$ /home/test/public_html/?redirected=1&file=$1 [NC,L]

please change it to

RewriteEngine on
RewriteCond %{REQUEST_URI} \.(html?|js)$ [NC]
RewriteRule ^(.*)$ /index.php?redirected=1&file=$1 [NC,L]

to see if any difference

 

[Pankaj Agrawal]

No difference

 

[Pankaj Agrawal]

Well, after so much of testing and trying and everything. I found the reason. And I feel soo foolish, I did not see it before.

It turns out the the website was on https, and the rewrite url was using http. And for some reason cookies were not shared between https and http, which I guess is logical.

Thanks for all your time. I am sorry for all the trouble that was.

Hopefully this incidence will help some other people who face similar issue.

 

[NiteWave]

Thanks for your update