php_flag display_errors 1 php_value auto_prepend_file init.php RewriteEngine on RewriteRule ^$ /id/authenticate [R] RewriteRule ^login_openid$ /id/login_openid.php [QSA,L] RewriteRule ^authenticate$ /id/authenticate.php [QSA,L] RewriteRule ^facebook$ /id/facebook.php [QSA,L] RewriteRule ^createfromopenid$ /id/createfromopenid.php [QSA,L] RewriteRule .* - [L,R=403]
This really is my .htaccess file. Within the serverconfig I simply have
Basically request the URL
http://mydomain.com/id/authenticate I recieve a 403 Error. Basically take away the last rule, it really works. Shouldnt the
[L] flat prevent any more rules from happening?
My htaccess file is incorporated in the subfolder "id", therefore the rules work.
[L] rule works fine -- you simply don't know the way it really works.
When Apache sees the
[L] flag and rule matches (rewrite happens), Apache goes to next iteration and can start matching all rules again from top. The
[L] flag means "don't process any rules below within this iteration".
Yes, the Apache documentation isn't 100% obvious about this (meaning it may be enhanced), but provides enough info to decipher it eventually.
Apache stop rewrite cycle in couple of situations:
No rules matched up whatsoever (no rewrite happened)
"exit now" rule matched up (e.g.
RewriteRule .* - [L])
Rewrite happens, but input URL and final Web addresses are identical (happens on second-3rd iteration when "badly" written rule rewrites exactly the same Hyperlink to exactly the same URL.
RewriteRule (.*) /index.php?page=$1 [L]:
- on next iteration it'll rewrite
- as well as on 3rd iteration it will likely be
/index.php?page=index.php.. making no sense now)
Rewrite iteration limit is arrived at (automatically = 10) -- that's should you joined infinite rewrite cycle (the worthiness is controlled by LimitInternalRecursion Directive).
With all of aforementioned information I'm able to state that your present rules will work not surprisingly. What this means is you need to alter the logic and eliminate the final rule (maybe handle this moment in parent .htaccess .. or handle it in a different way -- all is dependent how the application is made, I don't want to create wild guesses).