.htaccess with -Indexes falls into infinite redirect loop when given a directory

Question

This is my .htaccess file:

# NO LISTING OF INDEXES
Options -Indexes

<IfModule mod_rewrite.c>
  RewriteEngine On

  # NIX THE www BECAUSE IT IS NO LONGER 1996 AND YOU'RE COOLER THAN THAT
  RewriteCond %{HTTPS} !=on
  RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
  RewriteRule ^(.*)/$ http://%1/$1 [R=301,L]

  # NIX TRAILING SLASHES BECAUSE SEO IS A VENGEFUL GOD AND WHATNOT
  RewriteRule ^(.*)/$ $1 [R=301,L]

  # SEND ALL NON-FILE REQUESTS TO index.php FOR FIGURING OUT
  RewriteBase /
  RewriteRule ^index\.php$ - [L]
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule . /index.php [L]
</IfModule>

# ERROR DOCS
ErrorDocument 400 /error/400
ErrorDocument 401 /error/401
ErrorDocument 403 /error/403
ErrorDocument 404 /error/404
ErrorDocument 500 /error/500

If I try to access a folder (/images/ or /images or some other real folder in my site structure) it falls into a redirect loop.

I tried adding RewriteCond %{REQUEST_FILENAME} !-d before the trailing slashes rule, and that "fixed" the redirect in as far as it now enforced the trailing slash on proper folders—but also passed the folder name to my script as if it were a baked URI query for my CMS to figure out.

I guess I could now try to fix this on the CMS side by checking if the URI is a folder that someone is trying to illegally list, but ideally there would be a graceful .htaccess solution to redirect folder listing calls to one of those forbidden pages I so helpfully declare there. Does anyone know of one?

I'm pretty sure you shouldn't be using the `R=301` portion of your RewriteRules. The 301 HTTP status code is intended for cases where the requested resource has permanently moved. Stripping off the *www*, for example, doesn't strike me as a valid reason to use that status code. — Jonah Bishop, Sep 04 '12 at 20:17
Hmm. It never struck me as a conceptually bad thing to do in the cases where I am pretty sure what content the user is looking for (trailing slashes and the www subdomain are just decoration), but I don't want search engine spiders to be confused about duplicate content. I'm effectively saying THAT THING YOU'RE LOOKING FOR LIVES OVER HERE. — Hoatzin, Sep 04 '12 at 20:21

score 1 · Answer 1 · answered Sep 05 '12 at 17:02

1

Not sure if it will make a difference but I usually start with this at the top before any conditional rules

RewriteEngine On
Options +FollowSymlinks
RewriteBase /

Your rewrite base starts later. Maybe move that up.

answered Sep 05 '12 at 17:02

jpwdesigns

21
2

score 1 · Answer 2 · answered Sep 05 '12 at 17:10

Comment out/remove this line:

RewriteRule ^(.*)/$ $1 [R=301,L]

You don't really need it since you already have Options -Indexes at the top to show forbidden error when somebody tries to list your directory content. Other than that make some minor adjustments in your code like this:

# NO LISTING OF INDEXES
Options +FollowSymLinks -MultiViews -Indexes

<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteBase /

  RewriteCond %{HTTPS} !=on
  RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
  RewriteRule ^(.*)/$ http://%1/$1 [R=301,L]

  # SEND ALL NON-FILE REQUESTS TO index.php FOR FIGURING OUT
  RewriteRule ^index\.php$ - [L,NC]

  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-l
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^ index.php [L]
</IfModule>

# ERROR DOCS
ErrorDocument 400 /error/400
ErrorDocument 401 /error/401
ErrorDocument 403 /error/403
ErrorDocument 404 /error/404
ErrorDocument 500 /error/500

Thanks for the general optimizations but I don't want to get rid of that particular line. That line eats the trailing slash. I don't want `/controller/action/foo` and `/controller/action/foo/` to show duplicate content and get indexed as two different things or whatever unspeakable SEO horrors are guaranteed to befall me otherwise. Either way, this doesn't seem to have made it so that linking to a folder will throw up an error. It still gives it back to my CMS. Maybe I should just give up and consider this a feature? — Hoatzin, Sep 05 '12 at 20:43
Actually you don't need a separate rule for just removing trailing slash. You can achieve that using `DirectorySlash Off` directive. — anubhava, Sep 05 '12 at 20:53

.htaccess with -Indexes falls into infinite redirect loop when given a directory

2 Answers2