Protected directory redirects

jimlongo · April 6, 2022, 3:28pm

I had some issues last night (526) where I had switched from a installed cert on my server to Cloudflare SSL.
Most of those were cleared up by deleting all certs from my server, and checking the page rules for the subdomain in question. It was previously set to SSL: FULL.

So now the main website and the store subdomain are both covered by Cloudflare SSL.

The remaining issue is that the admin section of the store should be a protected directory. I’ve had to remove that protection because when I put it in, the admin address redirects back to the frontend of the store.

the rules for this domain are …

http://wanlesstennis.com/*
Always Use HTTPS


https://register.wanlesstennis.com/*
Browser Integrity Check: On, SSL: Flexible, Browser Cache TTL: 4 hours, Always Online: Off, Cache Level: No Query String, Disable Apps, Disable Performance

https://members.wanlesstennis.com/*
Browser Integrity Check: On, SSL: Flexible, Browser Cache TTL: a day, Always Online: On, Cache Level: No Query String, Disable Apps, Disable Performance

There is nothing in the .htaccess for the store admin other than the password protection bit.

Is there something in the ruleset that would cause this?

Thanks.

AppleSlayer · April 6, 2022, 3:39pm

jimlongo · April 6, 2022, 4:06pm

Thanks, I fixed the 526 error as stated above largely because of those tips.

The question at hand is about the protected directory redirect.

sandro · April 6, 2022, 4:09pm

Afraid you haven’t fixed it, you only made your site insecure.

Switch back to Full Strict and actually fix your site.

jimlongo · April 7, 2022, 5:40am

Thanks for that, I installed a Origin cert and set it to Full (Strict).
Works great, thanks.

I’m still looking to address the original topic, why I get a redirect when trying to visit a password protected directory.

sandro · April 7, 2022, 5:42am

Can you post the URL where you get that redirect?

Your first page rule will certainly send a redirect, if you are on HTTP. You actually don’t need to configure this via page rule, as you have a global parameter for that.

jimlongo · April 7, 2022, 7:53pm

(removed) should ask for authorized user and password, then get to login.

sandro · April 7, 2022, 7:55pm

Well, it does ask for authentication

www-authenticate: Basic realm="osCommerce Online Merchant Administration Tool"

but at the same time, your server sends a 302, instead of a 401.

This is not Cloudflare related but you need to check your server configuration I am afraid.

jimlongo · April 7, 2022, 8:07pm

Thanks again for that advice …

for anyone who runs into this here’s a tip from the cPanel forums that worked.

cPanel forum topic on redirects in protected directory

In short, add ErrorDocument 401 default to the .htaccess file in question

system · April 10, 2022, 8:12pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.