New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update the defaults in htaccess, perhaps deprecate some things, cleanup #14244

Open
guyinpv opened this Issue Jan 8, 2019 · 6 comments

Comments

Projects
None yet
5 participants
@guyinpv
Copy link

guyinpv commented Jan 8, 2019

Feature request

Summary

Parts of htaccess may not be necessary any more.

Let's look at this section:

# Rewrite www.domain.com -> domain.com -- used with SEO Strict URLs plugin
#RewriteCond %{HTTP_HOST} .
#RewriteCond %{HTTP_HOST} ^www.(.*)$ [NC]
#RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
  1. In the above, why does it have to mention using a plugin? Redirecting to non-www is a common thing to do and has nothing to do with a plugin. This makes it sound like using this redirect somehow requires the plugin to work. This could be reworded, and not mention plugins at all.

  2. The style of redirect is not normal looking. Here is a standard way this is done these days:

RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]

I'm sure there is a reason for the style of redirect used, but if it can be done in 2 lines instead of 3? It's worth looking at.

Now the next section:

# or for the opposite domain.com -> www.domain.com use the following
# DO NOT USE BOTH
#
#RewriteCond %{HTTP_HOST} !^$
#RewriteCond %{HTTP_HOST} !^www\. [NC]
#RewriteCond %{HTTP_HOST} (.+)$
#RewriteRule ^(.*)$ https://www.%1/$1 [R=301,L] .
  1. Redirecting from non-www to www can also be done in two lines:
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]

I understand there could be good reasons for the way it is done, I just don't think it's clear. Maybe add some further explanatory text so people don't change it for the worse?

  1. At the very end of the code is a lone period just sitting there after [R=301,L], I'm assuming this is not supposed to be there at all? Is it a typo or bug? I imagine it could cause issues?

  2. There is a big commented section about htc files for support on Windows XP or something. This is way outdated now, all that stuff can probably just go away.

  3. There is a section about register_globals. All this can be removed or deprecated because register_globals has already been removed from PHP as of 5.4.0 anyway.

  4. Even the suggestion regarding zlib compression is iffy. The php_flag and php_value directives only work if PHP is ran as an Apache module. I don't think almost anybody does this do they? It won't work when in CGI mode, so uncommenting these just goes to server error most of the time.
    Either remove it or add notes that this will break the server if it doesn't work.

  5. In general the default htaccess is rather wordy and long and contains archaic rules that probably nobody uses any more. It could be vastly cleaned up.

  6. It also doesn't test for the rewrite engine module before turning it on. This isn't critical, but I do see it used most commonly.

  7. In the friendly URLs section, it is hardcoded to use q as the parameter. How does this play with the MODX system setting request_param_alias which is allowed to be changed? If they change htaccess do they have to change system setting, or vice versa? There are no notes about that.

  8. At the end of the file, do we have to talk about stopping "screen flicker" with "CSS rollovers". Is that really a thing? Never seen it before, never seen that this is actually a thing. Just mentioning perhaps time to retire this setting as well?

@Mark-H

This comment has been minimized.

Copy link
Collaborator

Mark-H commented Jan 8, 2019

Could you propose a newer example file? Most of this likely dates back from Evo.

@sottwell

This comment has been minimized.

Copy link
Contributor

sottwell commented Jan 8, 2019

I usually just delete everything after the rewrite rules part. I've found the sections on www - no www and the ssl section to be useful.

@guyinpv

This comment has been minimized.

Copy link

guyinpv commented Jan 8, 2019

I could, but I have the feeling some of the things in there were done for a reason. Always good to know why something was done a certain way before knocking it down. Perhaps the redirects are done that way for multiple-domains or multiple contexts or frozen URLs or I don't know what. So I don't want to blow it all out without knowing the history behind it.

Like Susan said, I really just use one of the www redirects and then the FURLs. SSL redirect can also be used but it should go first, above the FURL.

@JoshuaLuckers

This comment has been minimized.

Copy link
Collaborator

JoshuaLuckers commented Jan 8, 2019

  1. The style of redirect is not normal looking. Here is a standard way this is done these days:
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]

I'm sure there is a reason for the style of redirect used, but if it can be done in 2 lines instead of 3? It's worth looking at.

I'm more in favour of a more dynamic ruleset that doesn't require user changes when, for example, the domain of the website changes.

  1. Redirecting from non-www to www can also be done in two lines:
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]

I understand there could be good reasons for the way it is done, I just don't think it's clear. Maybe add some further explanatory text so people don't change it for the worse?

Same applies here.

@JoshuaLuckers JoshuaLuckers added this to the v3.0.0-alpha milestone Jan 8, 2019

@guyinpv

This comment has been minimized.

Copy link

guyinpv commented Jan 8, 2019

I suppose the "example.com" part can be removed, it only needs to check for www after all. But why is it checking for a single period? Why is there a lone period at the end of the www redirect? Why does it have to capture the host rather than just use the host const itself?

@Jako

This comment has been minimized.

Copy link
Collaborator

Jako commented Jan 9, 2019

You are removing the variable part in your 'standard way', which is worse.

The rules could be maybe shortened to:

# Rewrite www.domain.com -> domain.com
#RewriteCond %{HTTP_HOST} ^www.(.*)$ [NC]
#RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

But maybe the dot rule is still necessary for a direct IP access (if the webspace could be reached by this). I don't know if Apache sets the %{HTTP_HOST} variable then.

The 'opposite' rule could be maybe shortened to:

# or for the opposite domain.com -> www.domain.com use the following
# DO NOT USE BOTH
#RewriteCond %{HTTP_HOST} !^www\.(.+)$ [NC]
#RewriteRule ^(.*)$ https://www.%1/$1 [R=301,L]

Maybe the empty hostname check is still needed on some installations. I don't know why it is there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment