Home » Php » php – .htaccess RewriteRule causing 403 Forbidden

php – .htaccess RewriteRule causing 403 Forbidden

Posted by: admin July 12, 2020 Leave a comment

Questions:

I’m trying to install the Recess PHP framework on my web host (Dreamhost). It includes the following .htaccess:

Options FollowSymLinks
RewriteEngine On
RewriteRule ^([^.]+)$ $1.html [QSA]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ bootstrap.php [QSA,L]

This works fine on my machine (XAMPP 1.7.7 on Windows 7) but results in 403 Forbidden errors on some files my web host. All directory permissions are set to 755 and all file permissions are set to 644. PHP runs under the same user that owns the files.

The following URLs result in 403s:

  • http://test.dd.moofz.com/
  • http://test.dd.moofz.com/recess-conf.php
  • http://test.dd.moofz.com/index.php
  • http://test.dd.moofz.com/bootstrap.php
  • http://test.dd.moofz.com/MIT-LICENSE

The following URLs don’t:

  • http://test.dd.moofz.com/.gitignore
  • http://test.dd.moofz.com/httpd_logo_wide.gif
  • http://test.dd.moofz.com/README.textile
  • http://test.dd.moofz.com/the-book-of-recess.pdf

What would cause this to happen?

How to&Answers:

As it turns out, I needed to change the line:

Options FollowSymLinks

to:

Options +FollowSymLinks

Answer:

Not familiar with that framework, but it looks like either there are some lines elsewhere or it may need tweaking.

Though I admittedly am no mod rewrite expert, looks like first line is directing all requests to request_file.html, then on line 2 if the file does not exist it calls up boostrap.php on line 3.

Your problem may lie in boostrap.php, see what happens in that script and how the request is handled. A debugger may be useful at that step. Although you may get this to work, it seems to me it may not be optimal as is. For instance, I believe usually there is a ruleset that avoid havings .gif, .jpg .css directed to your routing script. Something like this:

RewriteCond $1 !^(favicon\.ico|favicon\.png|media|robots\.txt|crossdomain\.xml|css|js)

This avoids the overhead of having php handle the requests for those types of files. There would even be more things to consider for robust application production usage, just tweak your rules so everything is routed proper and things should be fine.