Redirect Loop while using .htaccess

Hi,

I am using amember with new_rewrite module. Below is the code in the .htaccess file for protected directories.

########### AMEMBER START #####################
Options +FollowSymLinks
RewriteEngine On

## allow access for product #5
RewriteCond %{HTTP_COOKIE} amember_nr=([a-zA-Z0-9]+)
RewriteCond SERVER_PATH/data/new_rewrite/%1-5 -f
RewriteRule ^(.*)$ - [L]

## if user is not authorized, redirect to login page
RewriteCond %{QUERY_STRING} (.+)
RewriteRule ^(.*)$ http://www.MYSITE.COM/plugins/protect/new_rewrite/login.php?v=-5&url=%{REQUEST_URI}?%{QUERY_STRING} [L,R]
RewriteRule ^(.*)$ http://www.MYSITE.COM/plugins/protect/new_rewrite/login.php?v=-5&url=%{REQUEST_URI} [L,R]
########### AMEMBER FINISH ####################

When the User is not logged in the .HTACCESS redirects the user to Amember login page. However, when a user login It gives “REDIRCTED LOOP” error in my browser. At the browser address bar it shows the original URL of the protected folder like http://www.MYSITE.COM/FOLDERNAME/INDEX.HTML

Please let me know how to correct this.

viv,

That’s the basic “noobie” error that I harp on ALL THE TIME: Inappropriate use of the :kaioken: EVERYTHING :kaioken: atom. Yes, you may call it lazy regex, too, but WHY don’t you think (.*) won’t match plugins/protect/new_rewrite/login.php - TWICE???

Add another exclusion (to BOTH) via RewriteCond statements.

Regards,

DK

DK, i have just used the code which i found from amember. Can you please elborate a bit more about the solution. It will really help me to look into the problem.

Thanks

vive,

Okay, I had some problem following what your problem was so I’ll try to elaborate based on your code.

My “pet peeve” is using (.) inappropriately. (.) will match nothing AND EVERYTHING (in a URI) so it’s necessary to provide an “escape route” for Apache to stop looping, i.e., a RewriteCond which will match the redirection in a “not” regex clause such as

RewriteCond %{REQUEST_URI} !{redirection URI}

which will be ANDed with the redirection’s RewriteRule.

########### AMEMBER START #####################
Options +FollowSymLinks
RewriteEngine On

## allow access for product #5
RewriteCond %{HTTP_COOKIE} amember_nr=([a-zA-Z0-9]+)
RewriteCond [COLOR="Red"]SERVER_PATH[/COLOR]/data/new_rewrite/%1-5 -f
[COLOR="Red"]# you are supposed to enter your server's path to the data directory
# OR define %{SERVER_PATH} prior to using this RewriteCond[/COLOR]
[COLOR="Red"]#[/COLOR] RewriteRule ^(.*)$ - [L]
[COLOR="Red"]# if you're not doing anything with this EVERYTHING atom, why capture it?[/COLOR]
RewriteRule .? - [L]

## if user is not authorized, redirect to login page
# if there is something in the query string
RewriteCond %{QUERY_STRING} (.+)
RewriteRule ^(.*)$ http://www.MYSITE.COM/plugins/protect/new_rewrite/login.php?v=-5&url=%{REQUEST_URI}[COLOR="Red"]?[/COLOR]%{QUERY_STRING} [L,R]
# the ? is a reserved character so it can only be used ONCE in the redirection

[COLOR="Blue"]# this mod_rewrite block statement will loop - it needs an "out"
# like (no content in the query string)
# RewriteCond %{QUERY_STRING} !.[/COLOR]
# OR exclude the redirection (assuming DocumentRoot)
# RewriteCond %{REQUEST_URI} !^plugins/protect/new_rewrite/login\\.php$
RewriteRule ^(.*)$ http://www.MYSITE.COM/plugins/protect/new_rewrite/login.php?v=-5&url=%{REQUEST_URI} [L,R]
########### AMEMBER FINISH ####################

From that exercise, there are a couple of problems:

  1. SERVER_PATH is not defined (and that’s the wrong way to call a variable).

  2. The first (.*) is merely a waste of CPU cycles to capture it only to be discarded.

  3. The ? is a reserved character in a URI so it can only be used ONCE in the redirection. Remember, it’s also a metacharacter meaning zero or one of the preceding character but ONLY in regex!

  4. The last mod_rewrite block statement does not have the preceeding RewriteCond applied, i.e., it WILL loop because it uses (.*). I’ve suggested escape clauses but, because I don’t know your intent, you’ll have to provide a correct way out to prevent this loop.

Okay, HALF of the spotted problems deal with (.) and the loops caused. PLEASE read the tutorial linked in my signature to learn how to specify acceptable regex to prevent (.)'s loopy problems.

Regards,

DK