Why RewriteRule behaves different if request URL has a trailing slash and when not?

Question

My intention is to serve a website from a subfolder without changing the document root to point at that folder (since I cannot because it is on a shared hosting).

For this purpose I added this to my .htaccess in the docroot:

<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} ^(www\.)?example.com$ RewriteRule !^subfolder/ /subfolder%{REQUEST_URI} [L] </IfModule> 

Since this is a WordPress site I have the standard WP .htaccess in /subfolder/, that is:

<IfModule mod_rewrite.c> RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> 

It works well in most cases, but not when I try to use a URL that points at a folder without a trailing slash.

Symptom one:

If I open https://example.com/wp-admin it redirects me to https://example.com/wp-login.php?redirect_to=https://example.com/subfolder/wp-admin/&reauth=1, which is wrong, but if I open https://example.com/wp-admin/ (with trailing slash) it redirects me to https://example.com/wp-login.php?redirect_to=https://example.com/wp-admin/&reauth=1 which is good. This internally all comes down to in the first case $_SERVER['REQUEST_URI'] gets the value of: /subfolder/wp-admin/, but in the second case it is /wp-admin/. Obviously I want the second to be the case even if I type the URL without a trailing slash.

Symptom two:

But to minimise the components involved in the hope of narrowing down the issue I added a /subfolder/test/index.html file to the server. Now if I open https://example.com/test it redirects my browser to https://example.com/subfolder/test/ which is not the desired behaviour, but if I open https://example.com/test/ (note the trailing slash added) the browser ends up on the address https://example.com/test/, the desired behaviour. The contents of the /subfolder/test/index.html file is served in both cases.

My goal is indeed how to make it work without trailing slashed URLs, but my primary question is about why is this happening? For example I could try to put in place another redirect to redirect every request matching a folder to a triling-slashed URL variant if not having a trailing slash, probably it'll be my workaround, but that still does not give me the understanding of what is going on and prevent me from similar issues in the future as well.

Answer 1

This is because of mod_dir and the DirectorySlash. When requesting a directory without the trailing slash, mod_dir attempts to "fix" the URL by appending a trailing slash with a 301 redirect. Unfortunately, in your scenario, the 301 redirect is occurring after the internal rewrite to /subfolder/... so the "subfolder" is exposed in the external redirect.

For example, requesting /wp-admin (no trailing slash)

1. The root .htaccess file internally rewrites the request to /subfolder/wp-admin
2. /subfolder/wp-admin matches a physical filesystem directory so mod_dir issues a 301 external redirect to /subfolder/wp-admin/, exposing the subfolder to the client.

If, however, you request /wp-admin/ (with a trailing slash) then the root .htaccess rewrites the request to /subfolder/wp-admin/. This maps to a physical directory and already has a trailing slash so no further redirect occurs.

It's the same redirect as when requesting any filesystem directory without the trailing slash. (eg. request /subfolder/test directly and you will be redirected.) The trailing slash on directories is required by Apache in order to correctly process .htaccess files that might be in that directory and serve DirectoryIndex documents (also handled by mod_dir).

Solution

Manually append the trailing slash to the original request if it would map to a physical directory in /subfolder.

For example:

# /.htaccess (root .htaccess file) RewriteEngine On # Check if a request that omits the trailing slash maps to a directory in /subfolder # If yes then issue a redirect to append a trailing slash to the requested URL # The 2nd condition excludes requests that look-like files RewriteCond %{HTTP_HOST} ^(www\.)?example\.com\.?$ [NC] RewriteCond $1 !\.\w{2,4}$ RewriteCond %{DOCUMENT_ROOT}/subfolder/$1 -d RewriteRule (.+[^/])$ /$1/ [R=301,L] # Rewrite all requests to /subfolder RewriteCond %{HTTP_HOST} ^(www\.)?example\.com\.?$ [NC] RewriteRule (.*) subfolder/$1 [L] 

Assuming you have multiple domains and only example.com should be rewritten to the /subfolder. Otherwise, the HTTP_HOST condition on both rules can be removed.

UPDATE (in response to comments): ^(www\.)?example\.com\.?$ - The regex in the first condition matches an optional trailing dot. This is to allow for fully-qualified-domain-names (FQDN) that explicitly include the trailing dot. When the trailing dot is omitted - as in most cases - a FQDN is assumed (in this case). Both resolve to the same resource on your server, since a FQDN is assumed. However, the Host header varies (with/without the trailing dot). You could simply remove the trailing \.?$ part of the regex, providing you have no conflicts with other domains. However, in your case, if you fail to account for an optional trailing dot then example.com. would potentially serve content from the root/main domain (since the rules would fail).

The 2nd condition (RewriteCond $1 !\.\w{2,4}$) is just an optimisation to avoid requests that look-like files (ie. have file extensions) from being tested. (Filesystem checks are relatively expensive.)

No need to check that the request does not already start with /subfolder/ since if the request did start with /subfolder/ then the mod_rewrite directives in the /subfolder/.htaccess file would (by default) catch the request and completely override the mod_rewrite directives in the parent directory.

No need for the RewriteBase directive, or <IfModule> wrapper since these directives are mandatory.

Aside (additional)

HOWEVER, this is still not complete. A user could potentially access /subfolder/ directly. To prevent this, you can add a rule/redirect to the top of the /subfolder/.htaccess file that redirects the user back to root (only if this directory has been requested directly). For example:

# /subfolder/.htaccess # Redirect any direct requests back to root RewriteCond %{ENV:REDIRECT_STATUS} ^$ RewriteRule (.*) /$1 [R=301,L] # Remaining WordPress directives follow... # : 

The REDIRECT_STATUS environment variable is empty on direct requests and set to 200 (as in 200 OK HTTP status) when the request is internally rewritten from root to the subdirectory.

On casual glance, the RewriteRule (.*) /$1 directive might look like it is rewriting to back itself (a loop) until you realise this .htaccess file is in a subdirectory and the RewriteRule pattern matches a relative URL-path (relative to the directory that contains the .htaccess). So, it redirects /subfolder/<anything> to /<anything>, since only <anything> is captured in the $1 backreference.

Although, strictly speaking the WordPress code block should also be modified to prevent requests being "unnecessarily" rewritten back to /index.php in the document root (to then be forwarded again to the /subfolder). This involves removing the RewriteBase directive and the slash prefix on the RewriteRule substitution string. For example:

<IfModule mod_rewrite.c> RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] #RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . index.php [L] </IfModule> 

However, if you are allowing WordPress to modify this section of the .htaccess file then you should probably avoid this last step. (Although it is arguably preferable to prevent WordPress from managing the file for you.)

Answer 2

As already pointed out by @MrWhite, it's mod_dir that redirects you to /subfolder/wp-admin/ after your root .htaccess rewrite rules rewrite the /wp-admin request URI to /subfolder/wp-admin.

I don't recommend turning off DirectorySlash, as it affects how DirectoryIndex is handled.

Instead, you can take over mod_dir's responsibility and append the trailing slash yourself when a request without a slash matches an existing directory inside the subfolder directory:

<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} ^(www\.)?example.com$ RewriteCond %{REQUEST_URI} !^subfolder/ RewriteCond %{DOCUMENT_ROOT}/subfolder%{REQUEST_URI} -d RewriteRule [^/]$ %{REQUEST_URI}/ [L,QSA,R=301] RewriteCond %{HTTP_HOST} ^(www\.)?example.com$ RewriteRule !^subfolder/ /subfolder%{REQUEST_URI} [L] </IfModule> 

For any WordPress route, your .htaccess file in the subfolder directory, together with your root .htaccess, will cause a double rewrite: /route → /index.php → /subfolder/index.php. It's better to adjust it as follows:

<IfModule mod_rewrite.c> RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase /subfolder/ RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^ index.php [L,QSA] </IfModule> 

Answer 3

The URL with a slash will behave differently to one without. But you are incharge of which URLs are used internally to reference pages and which URLs get published.

On mine

• example.com/foo maps to example.com/foo.php
• example.com/foo/ maps to example.com/foo/index.html if it exists otherwise index.php

The point is, it isnt a problem. Select the urls that make sense