• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.1 Friendly URLS Giving 404 with Amember

#1
I am using Amembers new_rewrite to protect my folders and for some reason this stops Friendly Urls working.

Can anyone shed light on this??


Code:
########### AMEMBER START #####################
Options +FollowSymLinks
RewriteEngine On
 
## allow access for any active subscription
RewriteCond %{HTTP_COOKIE} amember_nr=([a-zA-Z0-9]+)
RewriteCond /home/mydomain/public_html/empower/data/new_rewrite/%1 -f mydomain
RewriteRule ^(.*)$ - [L]
 
## if user is not authorized, redirect to login page
# BrowserMatch "MSIE" force-no-vary
RewriteCond %{QUERY_STRING} (.+)
RewriteRule ^(.*)$ http://wpmydomain.com/empower/plugins/protect/new_rewrite/login.php?v=-any&url=%{REQUEST_URI}?%{QUERY_STRING} [L,R]
RewriteRule ^(.*)$ http://wpmydomain.com/empower/plugins/protect/new_rewrite/login.php?v=-any&url=%{REQUEST_URI} [L,R]
########### AMEMBER FINISH ####################
#    Mod_security can interfere with uploading of content such as attachments. If you
#    cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#    SecFilterEngine Off
#    SecFilterScanPOST Off
#</IfModule>
 
ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default
 
<IfModule mod_rewrite.c>
    RewriteEngine On
 
    #    If you are having problems with the rewrite rules, remove the "#" from the
    #    line that begins "RewriteBase" below. You will also have to change the path
    #    of the rewrite to reflect the path to your XenForo installation.
    #RewriteBase /xenforo
 
    #    This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
</IfModule>
 

Jake Bunce

XenForo moderator
Staff member
#2
I think this part is your problem:

Code:
## allow access for any active subscription
RewriteCond %{HTTP_COOKIE} amember_nr=([a-zA-Z0-9]+)
RewriteCond /home/mydomain/public_html/empower/data/new_rewrite/%1 -f mydomain
RewriteRule ^(.*)$ - [L]
Try negating both conditions and removing the rewrite. That should feed into the "not authorized" rules below it, like this:

Code:
########### AMEMBER START #####################
Options +FollowSymLinks
RewriteEngine On
 
## allow access for any active subscription
RewriteCond %{HTTP_COOKIE} amember_nr!=([a-zA-Z0-9]+)
RewriteCond /home/mydomain/public_html/empower/data/new_rewrite/%1 !-f mydomain
# RewriteRule ^(.*)$ - [L]
 
## if user is not authorized, redirect to login page
# BrowserMatch "MSIE" force-no-vary
RewriteCond %{QUERY_STRING} (.+)
RewriteRule ^(.*)$ http://wpmydomain.com/empower/plugins/protect/new_rewrite/login.php?v=-any&url=%{REQUEST_URI}?%{QUERY_STRING} [L,R]
RewriteRule ^(.*)$ http://wpmydomain.com/empower/plugins/protect/new_rewrite/login.php?v=-any&url=%{REQUEST_URI} [L,R]
########### AMEMBER FINISH ####################
I added the red pieces.
 

Jake Bunce

XenForo moderator
Staff member
#4
And actually that last rewrite rule will be a problem too since it falls outside of the conditions and matches every URI:

Code:
RewriteRule ^(.*)$ http://wpmydomain.com/empower/plugins/protect/new_rewrite/login.php?v=-any&url=%{REQUEST_URI} [L,R]
########### AMEMBER FINISH ####################
I would be inclined to combine those rules and not check for the query string. That should work. Try this final code:

Code:
########### AMEMBER START #####################
Options +FollowSymLinks
RewriteEngine On
 
## allow access for any active subscription
RewriteCond %{HTTP_COOKIE} amember_nr!=([a-zA-Z0-9]+)
RewriteCond /home/mydomain/public_html/empower/data/new_rewrite/%1 !-f mydomain
# RewriteRule ^(.*)$ - [L]
 
## if user is not authorized, redirect to login page
# BrowserMatch "MSIE" force-no-vary
# RewriteCond %{QUERY_STRING} (.+)
RewriteRule ^(.*)$ http://wpmydomain.com/empower/plugins/protect/new_rewrite/login.php?v=-any&url=%{REQUEST_URI}?%{QUERY_STRING} [L,R]
# RewriteRule ^(.*)$ http://wpmydomain.com/empower/plugins/protect/new_rewrite/login.php?v=-any&url=%{REQUEST_URI} [L,R]
########### AMEMBER FINISH ####################
Again, I added the red pieces.
 

Jake Bunce

XenForo moderator
Staff member
#6
I can probably get it working if you are comfortable giving me your FTP login. It helps if I can get in there and test stuff and see what is going on.
 

Jake Bunce

XenForo moderator
Staff member
#8
What I posted before didn't work at all. :confused:

But I tried a different approach and it worked. I added the red piece:

Code:
########### AMEMBER START #####################
Options +FollowSymLinks
RewriteEngine On

## allow access for any active subscription
RewriteCond %{HTTP_COOKIE} amember_nr=([a-zA-Z0-9]+)
RewriteCond /home/mydomain/public_html/empower/data/new_rewrite/%1 -f 
RewriteRule ^(.*)$ - [L,S=2]

## if user is not authorized, redirect to login page
# BrowserMatch "MSIE" force-no-vary
RewriteCond %{QUERY_STRING} (.+)
RewriteRule ^(.*)$ http://mydomain.com/empower/plugins/protect/new_rewrite/login.php?v=-any&url=%{REQUEST_URI}?%{QUERY_STRING} [L,R]
RewriteRule ^(.*)$ http://mydomain.com/empower/plugins/protect/new_rewrite/login.php?v=-any&url=%{REQUEST_URI} [L,R]
########### AMEMBER FINISH ####################
That causes it to skip the next two rules.
 
#12
@Jake Bunce - It appears I'm now having the same issue, all was working fine, tried to protect a folder in amember (have now removed the rule I initially implemented) and now friendly URLs throw up 404s.

Which htaccess would I have to look in to see if the above changes will help?

Thanks in advance for any assistance you may be able to provide!

P.S. just realised this was for 1.1 not 1.2, I'm referring to XF 1.2
 
Last edited:
#15
Heya @Jake Bunce - I'd like to throw my hat into the ring for 2015 with this same issue. I reviewed this thread but looks like their .htaccess stuff has changed over the last 2 years.

Help me Obi Bunce, you're my only hope! Haha - any help appreciated. I'm going to try it out and will edit if I get it, but I am not good at these. their current htaccess is:

Code:
########### AMEMBER START #####################
Options +FollowSymLinks
RewriteEngine On

# if cookie is set and file exists, stop rewriting and show page
RewriteCond %{HTTP_COOKIE} amember_nr=([a-zA-Z0-9]+)
RewriteCond /home/myusername/sites/default/public_html/myfoldername/data/new-rewrite/%1-2 -f
RewriteRule ^(.*)$ - [S=3]

# if cookie is set but folder file does not exists, user has no access to given folder
RewriteCond %{HTTP_COOKIE} amember_nr=([a-zA-Z0-9]+)
RewriteCond /home/myusername/sites/default/public_html/myfoldername/data/new-rewrite/%1-2 !-f
RewriteRule ^(.*)$ http://mydomain.net/myfoldername/no-access/folder/id/2?url=%{REQUEST_URI}?%{QUERY_STRING}&host=%{HTTP_HOST}&ssl=%{HTTPS} [L,R]

## if user is not authorized, redirect to login page
# BrowserMatch "MSIE" force-no-vary
RewriteCond %{QUERY_STRING} (.+)
RewriteRule ^(.*)$ http://mydomain.net/myfoldername/protect/new-rewrite?f=2&url=%{REQUEST_URI}?%1&host=%{HTTP_HOST}&ssl=%{HTTPS} [L,R,B]
RewriteRule ^(.*)$ http://mydomain.net/myfoldername/protect/new-rewrite?f=2&url=%{REQUEST_URI}&host=%{HTTP_HOST}&ssl=%{HTTPS} [L,R]
########### AMEMBER FINISH ####################

EDIT: Ok, seems for some reason, mine had wiped out all of XF htaccess and ONLY left the amember htaccess info. I added back in the XF info and all (seems) well. Crossing fingers...
 
Last edited: