Jamit Software Forum
Welcome, Guest. Please login or register.
January 19, 2018, 01:30:38 pm

Login with username, password and session length
Search:     Advanced search
May 5th, 2010 - Jamit Software Launches the Market!
3,080 Posts in 791 Topics by 1,398,670 Members
Latest Member: KristaBand
* Home Help Search Login Register
+  Jamit Software Forum
|-+  Jamit Job Board Customers
| |-+  Configuration
| | |-+  htaccess problems
« previous next »
Pages: [1] Print
Author Topic: htaccess problems  (Read 4491 times)
steve
Jammers
Hero Member
*
Posts: 150


« on: April 02, 2010, 02:21:57 am »

when I put the following code in my htaccess:

Options +FollowSymlinks
RewriteEngine on
rewritecond %{http_host} ^mycoolsite.com [nc]
rewriterule ^(.*)$ http://www.mycoolsite.com/$1 [r=301,nc]

It keeps candidates from being able to login. It gives a wrong username/password error.

 Huh
Logged
Peter
Administrator
Hero Member
*****
Posts: 248



« Reply #1 on: May 26, 2010, 11:36:26 pm »

It doesn't make sense why the above code should cause problems. However, the settings in .htaccess can be tricky and touchy.

I use something like this:
Code:
<IfModule mod_rewrite.c>
RewriteEngine On

RewriteCond %{HTTP_HOST} ^site\.com [NC]
RewriteRule ^(.*)$ http://www.site.com/$1 [R=301,L]

</IfModule>
Logged

SECURE your site BEFORE you wish you had! Use plugins by COLOSSAL MIND!
lee
Jammers
Sr. Member
*
Posts: 86



WWW
« Reply #2 on: June 02, 2010, 09:20:35 pm »

Any one got any idea how to get the mod_rewrite working with a windows server

regards lee
Logged
lee
Jammers
Sr. Member
*
Posts: 86



WWW
« Reply #3 on: June 04, 2010, 12:23:53 am »

sorted the windows server htaccess for mod_rewrite

# Helicon ISAPI_Rewrite configuration file
# Version 3.1.0.56

RewriteEngine On

# redirects http://yoursite.com to http://www.yoursite.com
RewriteCond %{HTTPS} (on)?
RewriteCond %{HTTP:Host} ^(?!www\.)(.+)$ [NC]
RewriteCond %{REQUEST_URI} (.+)
RewriteRule .? http(?%1s)://www.%2%3 [R=301,L]

RewriteRule ^category/(.+)$ /index.php?cat_name=$1 [NC,L]
RewriteRule ^job/(.+)$ /index.php?post_permalink=1&post_id=$1 [NC,L]
RewriteRule ^profile/(.+)$ /index.php?show_emp=$1 [NC,L]
RewriteCond %{QUERY_STRING} .+

Hope this may help someone

regards lee Grin
Logged
steve
Jammers
Hero Member
*
Posts: 150


« Reply #4 on: June 05, 2010, 01:12:39 am »

I think it was a combination of the htaccess and a plugin. Not sure which plugin it was. I haven't tried to duplicate the problem.

It happened on two of my sites.
Logged
zorab
Guest
« Reply #5 on: January 09, 2011, 12:44:37 am »

And how have you fixed to problem please? as im in the same story

thx
Logged
steve
Jammers
Hero Member
*
Posts: 150


« Reply #6 on: January 09, 2011, 04:05:06 am »

To be honest I do not remember. Like my last post says it had to do with one of the plugins. This was back in an early version of jamit also.

I think when I had the problem I decided it had to do with the mod-rewrite so I turned off the mod-rewrite and it went away. Well, I hadn't always had that problem so I figured it had more to do with a plugin. So, I turned the mod-rewrite back on and started disabling plugins. After a few plugins were disabled it went away. I don't remember which plugin it was. Probably one that requires the mod-rewrite or relies on the mod-rewrite to do its job.

Sorry I couldn't be of more help. Is this happening to you also?
Logged
zorab
Guest
« Reply #7 on: January 09, 2011, 07:32:45 am »

Ok so i found the wrong thing
When u r doing a 301 redirect in .htaccess from non WWW to WWW you need to update your Paths and Location in the Main Config. adding a WWW.
This help users to access their accounts.
This should be the main issue and did a good job for me otherwise i dont know.

Thx
 
« Last Edit: January 09, 2011, 07:43:25 am by zorab » Logged
Peter
Administrator
Hero Member
*****
Posts: 248



« Reply #8 on: October 07, 2011, 04:09:21 am »

In addition to what you already have in your .htaccess, I recommend adding this to improve security of your site, prevent SQL injection attacks. Only make sure to remove any duplicate entries.

(Back up your existing .htaccess before you make any changes.)

Code:
ServerSignature Off

#ETag Configuration
FileETag none

# Creates error 403 for unauthorized access to a directory
Options All -Indexes

# secure htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>

<Files config.php>
order allow,deny
deny from all
</Files>


<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteBase /

# Block access to "hidden" directories whose names begin with a period
RewriteRule "(^|/)\." - [F]

# block access to readme files
RewriteRule "(README|UPGRADE|install|security)\.txt" - [F,NC]

# block access to screeenshots
RewriteRule "screenshot\.(png|gif|jpg|jpeg)" - [F,NC]

# block SQL injection
RewriteRule "(\'|\`|&#49&#39&#32&#79&#82&#32&#39&#49&#39&#61&#39&#49|&#x31;&#x27;&#x20;&#x4F;&#x52;&#x20;&#x27;&#x31;&#x27;&#x3D;&#x27;&#x31;|%31%27%20%4F%52%20%27%31%27%3D%27%31)" - [F,NC]

# block SQL injection through User Agent
RewriteCond %{HTTP_USER_AGENT} "(\'|\`|\*|\?|<|>|script|eval|base64_decode)" [NC]
RewriteRule .* - [F,NC]


# FILTER REQUEST METHODS
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]

# QUERY STRING EXPLOITS
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
RewriteCond %{QUERY_STRING} http\:  [NC,OR]
RewriteCond %{QUERY_STRING} https\:  [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(execute|exec|sp_executesql|request|select|insert|union|declare|create|alter|order|char|cast|convert|meta|script|truncate).* [NC]
RewriteRule ^(.*)$ - [F,L]

</IfModule>

Logged

SECURE your site BEFORE you wish you had! Use plugins by COLOSSAL MIND!
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.051 seconds with 17 queries.