Protected directory redirects

I had some issues last night (526) where I had switched from a installed cert on my server to Cloudflare SSL.
Most of those were cleared up by deleting all certs from my server, and checking the page rules for the subdomain in question. It was previously set to SSL: FULL.

So now the main website and the store subdomain are both covered by Cloudflare SSL.

The remaining issue is that the admin section of the store should be a protected directory. I’ve had to remove that protection because when I put it in, the admin address redirects back to the frontend of the store.

the rules for this domain are …*
Always Use HTTPS*
Browser Integrity Check: On, SSL: Flexible, Browser Cache TTL: 4 hours, Always Online: Off, Cache Level: No Query String, Disable Apps, Disable Performance*
Browser Integrity Check: On, SSL: Flexible, Browser Cache TTL: a day, Always Online: On, Cache Level: No Query String, Disable Apps, Disable Performance

There is nothing in the .htaccess for the store admin other than the password protection bit.

Is there something in the ruleset that would cause this?


Thanks, I fixed the 526 error as stated above largely because of those tips.

The question at hand is about the protected directory redirect.

Afraid you haven’t fixed it, you only made your site insecure.

Switch back to Full Strict and actually fix your site.

Thanks for that, I installed a Origin cert and set it to Full (Strict).
Works great, thanks.

I’m still looking to address the original topic, why I get a redirect when trying to visit a password protected directory.

Can you post the URL where you get that redirect?

Your first page rule will certainly send a redirect, if you are on HTTP. You actually don’t need to configure this via page rule, as you have a global parameter for that.

1 Like

(removed) should ask for authorized user and password, then get to login.

Well, it does ask for authentication

www-authenticate: Basic realm="osCommerce Online Merchant Administration Tool"

but at the same time, your server sends a 302, instead of a 401.

This is not Cloudflare related but you need to check your server configuration I am afraid.

Thanks again for that advice …

for anyone who runs into this here’s a tip from the cPanel forums that worked.

cPanel forum topic on redirects in protected directory

In short, add ErrorDocument 401 default to the .htaccess file in question

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.