WordPress.org

Ready to get started?Download WordPress

Forums

WP 2.0 - htaccess overly aggressive? 404's galore (26 posts)

  1. brianarn
    Member
    Posted 8 years ago #

    I just sent this in an email to Ryan, but I thought I should probably post it here too, just in case anyone else is seeing it.

    http://www.randomthink.net/dump_env.html is a sample of my problem output. My issue is notably different from the others I've seen on the boards, in that not only do my permalinks work fine, but now WP is catching odd random other requests, even when the files/folders exist.

    Examples:
    http://www.randomthink.net/archives/2005/12/30/wordpress-20/ - works fine, comments are fine too. There is a /wordpress folder under randomthink.net where I house the files, so I'm a little surprised that a slug with wordpress in it was working okay. I did update to those two files that Ryan posted - the functions-post and classes, I believe, including rev 3396 of classes, so that might be fixing that.

    http://www.randomthink.net/tests/ - this isn't a WP page or anything, but simply a directory with some html files and whatnot, and it loads fine.

    http://www.randomthink.net/gallery/ - my G2 install, works fine.

    http://www.randomthink.net/awstats/ - my awstats install. This one doesn't work right. WP intercepts the request and gives me a pretty WP 404. I've tried adding index.php to the request (shown in the dump_env above), and it doesn't work then either. It works fine if I turn on verbose rewrites with Ryan's plugin.

    http://www.randomthink.net/awstats/icon/clock/hr1.png - a file deep within my awstats install path. Doesn't work, is caught by WP. Technically, the icon folder under there is a symlink, but that option is on in Apache, and it works fine if I'm using verbose rewrites.

    http://www.randomthink.net/misc/ - a directory that's closed to open viewing, with no index file. It gets intercepted by WP. However, if I put an index file in there (be it .html or .php), I get that file, so it's a half-works.

    http://www.randomthink.net/misc/wow/ - a directory that's explicitly open to everyone. Works fine, regardless of index existing there or not.

    It's seems like a random crapshoot as to whether or not folders that are at the same level as my WP index.php file (which is now the root of my site) work or not.

    I'm fairly certain that this is due to the .htaccess file handing everything off to WP that fails the -f and -d tests. However, some of those things shouldn't be failing that test, but seem to be, since WP gets the request.

    I'm a DreamHost customer, and they've asked that we run PHP as a CGI. I've even noticed comments in some of the WP code mentioning adjustments put in place for that. I'm not sure if that could be causing some of the problems.

    Any insight you could offer would be most appreciated. I'm really comfortable in and around a shell, as well as with PHP, so if there's anything that needs to be altered or adjusted, let me know and I'll get it in rather quickly.

    For now, if I turn on Ryan's rewrite.php plugin, it just writes out the verbose rewrites and all is well. However, I'm going to keep that off for the moment so you can go poke at things, should you so desire.

    As an aside, I've noticed that sometimes I can turn on the verbose rewrites, pull up my awstats page, then turn the verbose rewrites back off and continue to look at my stats, including a full refresh, so long as I don't close my browser. That one could be that my awstats are guarded with basic auth, and something about being authenticated might be making the request go through past the -f and -d checks. That doesn't make sense, but not much else has made sense with this issue so far, so I'm not surprised.

    Thanks again for any help and/or insight you can offer.

  2. kektex
    Member
    Posted 8 years ago #

    I`m having the same problem.I am also at dreamhost and I cannot get to my statistics folder.Wordpress catches it and sends me back to the index.php
    I replaced it with my previous .htaccess (which was much bigger than the new one btw) and it worked but it broke the permalinks.
    My new .htaccess :

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php
    </IfModule>

    # END WordPress

    All the other folders work correctly except for my statistics folder (where I installed awstats)

  3. kektex
    Member
    Posted 8 years ago #

    anyone know how to solve this?

  4. razorshine
    Member
    Posted 8 years ago #

    I could do with help on this as well

  5. imperialman
    Member
    Posted 8 years ago #

    I'm having the same problem here, where I have wordpress in the domain root and awstats in a subdirectory. When trying to view the subdirectory, instead I get the blog homepage.

    .htaccess help would be much appreciated!

  6. imperialman
    Member
    Posted 8 years ago #

    FIXED! Thanks to user "ronrapp" on the Dreamhost knowledge base (https://panel.dreamhost.com/kbase/index.cgi?area=796), here's a way to get WordPress 2.0 to allow real subdirectories to work while WordPress is in the root.

    The root .htaccess file has the following three lines added into the middle of the wordpress block, where "stats" is the name of the non-WordPress subdirectory:


    RewriteCond %{REQUEST_URI} ^/stats/(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^/failed_auth.html$
    RewriteRule ^.*$ - [L]

    So, the root .htaccess should look like this:


    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_URI} ^/stats/(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^/failed_auth.html$
    RewriteRule ^.*$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php
    </IfModule>

    # END WordPress

    Then, you can add a .htaccess and .htpassword into the subdirectory to password protect it, and it works fine. (Details are available elsewhere).

    I was also able to use this to have a root-level blog (www.blog.com) and a password-protected subdirectory blog (www.blog.com/blog2). Things seem to work fine.

    Hope that helps, since I think many people are having this problem.

  7. imperialman
    Member
    Posted 8 years ago #

    Addendum: The fix above only works if you modify the .htaccess file via the root WordPress blog! You can't modify the .htaccess file directly (not by shell or ftp)

    To get there, go to your blog's wp-admin -> Manage -> Files -> .htaccess

    Also, you will have to redo this step if you ever Update Permalink Structure (in Options)... For some reason, that rewrites the .htaccess from scratch.

  8. imperialman
    Member
    Posted 8 years ago #

    Ok, I'm sorry again, but the solution outlined above is only temporary. WordPress is free to modify the stuff in .htaccess listed between the "# BEGIN WordPress" and "# END WordPress" at any time, and eventually WordPress will overwrite the fix I proposed there.

    I don't know too much about .htaccess so I don't know if you can put the three lines outside of the WordPress block in .htaccess.

    So, to get it to work (for the moment, at least), I had to modify "wp-content/classes.php" which is what generates the WordPress block in .htaccess. I realize this isn't good programming since now classes.php can't be upgraded as easily (right?), but it works now and can be refixed later if needs be.

    Basically I adapted the directions of http://wordpress.org/support/topic/26121?replies=27#post-228334

    So here's the fix, starting from scratch:

    1. Go to wp-content/classes.php, and search for "$rules". You'll find a section that looks like this:

    $rules = "<IfModule mod_rewrite.c>\n";
    $rules .= "RewriteEngine On\n";
    $rules .= "RewriteBase $home_root\n";

    2. After that last line, add the following 3 lines where "stats" is the subdirectory to be password-protected.

    $rules .= "RewriteCond %{REQUEST_URI} ^/stats/(.*)$ [OR]\n";
    $rules .= "RewriteCond %{REQUEST_URI} ^/failed_auth.html$\n";
    $rules .= "RewriteRule ^.*$ - [L]\n";

    3. Go to "Options -> Permalink" and update the permalink structure. Verify via "Manage -> Files -> .htaccess" that your .htaccess file now reflects the three lines within the WordPress block.

    4. Add password-protection to the subdirectory via an .htaccess and .htpassword within the subdirectory, as outlined elsewhere.

    Everything should work now! You may have to repeat these steps if an upgrade to classes.php comes out in the future.

    Sorry about the confusion -- WordPress kept giving me false hope!

  9. brianarn
    Member
    Posted 8 years ago #

    Modifying the php files directly isn't a solution that I like, at all at all, because you have to repeat it if you ever upgrade. :) I'd bet there's a way to add those rules via plugin.

    Or, I tried this and while it oddly fixed my awstats access issue, I still can't see stats or failed_auth or whatever. Try this out rather than a modded classes.php and let me know how it works for you. Paste the # WP Fix lines above your WordPress lines. WP won't ever edit those.

    # WP Fix
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_URI} ^/stats/(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^/failed_auth.html$
    RewriteRule ^.*$ - [L]
    </IfModule>

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php
    </IfModule>

    # END WordPress

    Edit: I said this didn't fix my stats problem, but now it has. I can see the stuff at /stats/ just fine, and I can also see my /awstats/ stuff just fine too. Awesome!

  10. brianarn
    Member
    Posted 8 years ago #

    I'm just going to put this as a separate reply, because it's awfully odd.

    So, now I've got those pieces in as listed above, and I said it worked. It turns out, it only kind-of works.

    Oddly enough, the browser I use makes a difference.

    Firefox: http://www.randomthink.net/stats/ - I get asked to authenticate, but it winds up redirecting to WP's 404.
    Firefox: http://randomthink.net/stats/ - I get asked to authenticate, and it works fine.

    IE: http://www.randomthink.net/stats/ - I get asked to authenticate, and it works fine.
    IE: http://randomthink.net/stats/ - I don't get asked to authenticate, as it seems to use my prior auth, and it works fine.

    So, it's mostly working. I'm guessing that IE just drops the www somewhere along the way in the basic auth. Very weird.

    It's an odd fix, and makes no sense that it works for my issue, since my issue was with /awstats and not much else, but hey. Too weird.

  11. jaybarrow
    Member
    Posted 8 years ago #

    Finally a fix that works for me! After upgrading to WP 2.0 my Dreamhost /stats/ directory was also unreachable (unless I deleted the necessary code in my .htaccess file... then permalinks wouldn't work).

    At least I can access my /stats/ directory again. However non-existant subdirectories (eg.: http://www.escape-key.com/bloopybloopybloopbloop )and nonexistant files (eg.: http://www.escape-key.com/whatchoowant ) still redirects to the main index.php instead of giving a 404.

  12. Skit
    Member
    Posted 8 years ago #

    Hey guys,

    Still on 1.5, but problem is fairly similar..

    I've previously used the fix listed above to get the DreamHost /stats/ page to work.
    I'm now trying to get awstats to work in cgi mode, but I can't work out the htaccess rule to stop WP from grabbing it.

    Basically I've tried:

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_URI} ^/awstats/(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^/failed_auth.html$
    RewriteRule ^.*$ - [L]
    </IfModule>

    But I still cannot get to:

    http://skit.id.au/awstats/cgi-bin/awstats.pl?config=skit.id.au

    WP still comes up with:

    Nothing Found!
    No blog entries could be located. If this error continues then please let me know!

    To those of you that are able to get to awstats, or you using cgi mode or static pages?

  13. Skit
    Member
    Posted 8 years ago #

    Fixed, needed to chmod the directory to give web access. *slaps forehead*

  14. roniabirk
    Member
    Posted 8 years ago #

    I think this may be the problem I am experiencing with the latest update. I can no longer get to my gallery subdirectory, though I specified it in the htaccess file.

    This is my post with code and links.

    What is the chmod command to give web access?

  15. 3stripe
    Member
    Posted 8 years ago #

    Hi folks... I'm running WP2 on my root folder on Dreamhost and have the same problem accessing my stats. Can anyone help?

    I've tried the code below but no joy

    # WP Fix
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_URI} ^/stats/(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^/failed_auth.html$
    RewriteRule ^.*$ - [L]
    </IfModule>

  16. 3stripe
    Member
    Posted 8 years ago #

    I should add that if I hack this code into the # BEGIN WordPress section, it does work. But then it will get deleted next time I change my permalinks (altho I guess I shouldn't be changing them that often!)

  17. GlennCoco
    Member
    Posted 8 years ago #

    This seems to be the same problem my friend is having, except instead of Awstats, it is his osCommerce admin directory. The problem is referenced here: http://wordpress.org/support/topic/60605?replies=7#post-324096

    I'm a bit of a dummy when it comes to all of this though, so I'm not exactly sure how to fix it.

  18. GlennCoco
    Member
    Posted 8 years ago #

    Can anyone help?

  19. redchickadee
    Member
    Posted 8 years ago #

    Running WP2 on Dreamhost, but can't access my stats (http://www.crimgirl.com/stats/). I just read this thread and I can't figure out if someone found a fix or not? I tried a couple of the suggestions and get nowhere. Any other ideas?

  20. elohin
    Member
    Posted 8 years ago #

    Updated link to help info on dreamhost:
    http://wiki.dreamhost.com/index.php/Making_stats_accessible_with_htaccess

    It worked for me, however, that's just for the stats directory. Guess I will have to remember to edit .htaccess again if I make other non-wordpress directories or files.

  21. redchickadee
    Member
    Posted 8 years ago #

    Thanks elohin. I've tried that twice but it didn't work. Then I tried switching themes (from Hemingway Bright), and everything worked fine. Maybe certain themes have issues with Dreamhost? I don't know. =)

  22. stephenju
    Member
    Posted 8 years ago #

    I have the same problem of password protected directory redirected to WP 404 error page. Here's the fix I deviced:

    http://www.ju-ju.com/2006/03/17/wordpress-404-error/

  23. syncbox
    Member
    Posted 8 years ago #

    Brianarn's solution worked perfectly for me as a DH user. I **am** using /%category%/%author%/%postname%/ in my custom permalinks and am able to access the stats now without issue.

    WP2.0.2

    1) edit the .htaccess file via the Manage>Files admin page (no direct editing or ftp)
    2) use this fix:

    # WP Fix
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_URI} ^/stats/(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^/failed_auth.html$
    RewriteRule ^.*$ - [L]
    </IfModule>
    # END WP fix

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php
    </IfModule>
    # END WordPress

    3. note, I believe if you use FAlbum, that set of rules should remain at the top. I placed the above code below the rules for FAlbum

    HTH, AND THANKS! to Brianarn

    PS. I posted this solution over at the DH forums, too, so that others don't spend the hour I did, pulling out hair, etc

  24. Marcomail
    Member
    Posted 8 years ago #

    I had the same problem to enter in /cgi-bin/scripts...now i've solved using:

    # WP Fix
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_URI} ^/cgi-bin/scripts/(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^/failed_auth.html$
    RewriteRule ^.*$ - [L]
    </IfModule>
    # END WP fix

    But someone could me explain what is the second line:
    RewriteCond %{REQUEST_URI} ^/failed_auth.html$

  25. omokage
    Member
    Posted 7 years ago #

  26. fatdog789
    Member
    Posted 7 years ago #

    This is probably too late too help you guys, but I found that simply placing the Auth code before the WP section in the .htaccess file worked just fine. Also, it helps not to add the order or allow/deny bits, as those just seem to confuse Apache on DH. The auth bit works just fine without those statements.

    All real subdirectories and password protected subdirectories, and even redirected password protected subdirectories showed up fine. All non-existent pages pointed to the WP 404 page. All permalinks survived.

    Edit: Also, changing the Permalinks from within WP doesn't affect the Auth code, which is outside of the area that WP modifies.

Topic Closed

This topic has been closed to new replies.

About this Topic