SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Wizard gRoberts's Avatar
    Join Date
    Oct 2004
    Location
    Birtley, UK
    Posts
    2,439
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    htaccess - protect a folder using a cookie?

    Hi all,

    Apologies to anyone who read the original version of this thread, I've had to change it due to getting a little further forward.

    Basically i have a folder on my server that needs to be protected by a cookie.

    Code .htaccess:
    <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)(\.gz)?$">
    Header set Expires "Thu, 15 Apr 2020 20:00:00 GMT"
    Header unset ETag
    FileETag None
    </FilesMatch>
    <IfModule mod_setenvif.c>
      <IfModule mod_headers.c>
        BrowserMatch MSIE ie
        Header set X-UA-Compatible "IE=Edge,chrome=1"
      </IfModule>
    </IfModule>
     
    RewriteEngine on
     
    RewriteCond %{REQUEST_URI} ^/folder(/.*)
    RewriteCond %{HTTP_COOKIE} !^gmvc=([0-9]*)$ [NC]
    RewriteRule ^(.*)$ /login/1 [R=301,L]
     
    RewriteCond $1 !^(index\.php|assets|folder)
    RewriteRule ^(.*)$ /index.php/$1 [L]

    When I go to /folder, the .htaccess redirects me to /login/1 as it should. After successfully logging in, I create a cookie called gmvc and redirect back to /folder

    My problem is, that upon redirecting back to /folder, .htaccess then sends me back to /login/1 despite the cookie actually being created.

    I'm really sorry for asking such a stupid question but I'm stuck and would really appreciate some help!

    Cheers

    Gavin


  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,604
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    Gavin,

    It would have been better to have continued your former post (to retain that information in your request).

    Expire in 9 years? Not changing anything at all, eh? IMHO, not a good idea!

    Please use [code] ... [/code] to wrap your code as that makes the code easier to comment upon.

    I find your use of the {HTTP_COOKIE} quite good and give kudos for that. However, the prior RewriteCond's ^/folder is reserved for Apache 1.x (or a subdirectory's subdirectory which I see is NOT the case from your regex), so I'm baffled as to why this works at all (unless you're using Apache 1.x, obviously, although I thought they were extinct in the wild).

    I'm also perplexed as to why you'd use Options MultiViews.

    Okay, these do not constitute a response to your question as to why your code works once but not when a cookie is set. Can you confirm that it IS set (it cannot be once anything is sent to the browser by your index.php)?

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Wizard gRoberts's Avatar
    Join Date
    Oct 2004
    Location
    Birtley, UK
    Posts
    2,439
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi DK,

    Unfortunately I wasn't having one of my finest moments yesterday. I'm moving into a new house on Monday, so was meant to spending most of my Friday evening packing etc. Instead, I was at work, busting my nuts trying to figure this out...

    Anyhoo... My biggest problem at first was Apache caching the rules. Whilst it's a great feature once it's all working, but whilst your trying to debug, having your old rules still exist even when you have removed them was rather annoying...

    So much so, I simply renamed all the .htaccess files I was playing with so they wouldn't work and went home...

    When I got home, I took another look and finally cracked it.

    I simply done the following instead:

    /htdocs
    /htdocs/.htaccess
    /htdocs/folder
    /htdocs/folder/.htaccess

    In /htdocs/.htaccess, I put my MVC routing rules:

    Code:
    <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)(\.gz)?$">
    Header set Expires "Thu, 15 Apr 2020 20:00:00 GMT"
    Header unset ETag
    FileETag None
    </FilesMatch>
    <IfModule mod_setenvif.c>
      <IfModule mod_headers.c>
        BrowserMatch MSIE ie
        Header set X-UA-Compatible "IE=Edge,chrome=1"
      </IfModule>
    </IfModule>
    
    RewriteEngine on
    
    RewriteCond $1 !^(index\.php|assets|hypertension|apple-touch-icon\.png|crossdomain\.xml|favicon\.ico|humans\.txt|robots\.txt)
    RewriteRule ^(.*)$ /index.php/$1 [L]
    then in /htdocs/folder/.htaccess, I put the following:

    Code:
    RewriteEngine on
    RewriteCond %{HTTP_COOKIE} !gmvc=1 [NC]
    RewriteRule ^(.*)$ /login/1 [R,L]
    Now it all works perfectly. I didn't realise you could actually get/set cookies and look at all other server information via mod_rewrite... It saved me having to wrap all the files i wanted to protect with PHP to check for sessions/cookies.

    As for the 9 year's comment I was trying to gzip/compress/speed up all of the assets for the site. When I ran YSlow, it advised what I needed to do and I done it.

    To be honest, the site is a brochure site, so really, it won't change at all. If anything, the only things that will change, are those not affected by the caching.

    Thank you, if I were still ripping my hair out, I know you would have been the help I needed!


  4. #4
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,604
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    Gavin,

    You're very welcome ... especially because it was nice to see another use (cookies - I prefer to let my $_SESSIONs set the cookies they need) and your use of two levels of .htaccess (one to revert back to the base level from the login (folder) subdirectory was a bit of logic I've not seen in years. Kudos to you!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •