Home › Forums › BulletProof Security Free › Rewrite url to remove PHPSESSID and SID parameters
- This topic has 3 replies, 2 voices, and was last updated 10 years, 6 months ago by AITpro Admin.
-
AuthorPosts
-
MouillardParticipant
Hi everybody,
I have a little knowledge in htaccess area so I love BPS security. Great plugin !
But I dont know where to write my code to remove PHPSESSID and SID parameters from urls. I’ve tried into Custom Code >Root htaccess File Custom Code >CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
Then CUSTOM CODE WP REWRITE LOOP START
Then CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
…but all these boxes give me a 500 error. (I have made others changes in this page without any problem)
My custom code is (and I precise it was working well before I install BPS):
php_flag session.use_trans_sid off php_flag session.use_only_cookies on RewriteEngine On #remove PHPSESSID RewriteCond %{QUERY_STRING} PHPSESSID=.*$ RewriteRule .* %{REQUEST_URI}? [R=301,L] RewriteEngine on RewriteCond %{HTTP_HOST} !^lesdoigtsdanslenet\.com$ [NC] RewriteRule ^(.*)$ http://lesdoigtsdanslenet.com/$1 [R=301,L]
I hope for help, thanks a lot for any answer !
AITpro AdminKeymasterTo rewrite www to non-www URLs you would incorporate your code into the WordPress Rewrite Loop start code
# WP REWRITE LOOP START RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} ^www\.domainname\.com$ [NC] RewriteRule ^(.*)$ http://domainname.com/$1 [R=301,L] RewriteRule ^index\.php$ - [L]
You would put this code in the top php handler Custom Code text box. Are you sure your Server type allows you to use php_flag directives in .htaccess files?
php_flag session.use_trans_sid off php_flag session.use_only_cookies on #remove PHPSESSID RewriteCond %{QUERY_STRING} PHPSESSID=.*$ RewriteRule .* %{REQUEST_URI}? [R=301,L]
MouillardParticipantThanks for your answer. But I’m not sure I explained correctly my situation.
I think I don’t need the code to rewrite www to non-www because I have my serveur set up (DNS).
Whtat I need, is to remove PHPSESSID from my urls. Before installing BPS, I used the code I gave to do it (I don’t really understand what it does, I just found it on Internet). That worked well, so I assume my server allows these instructions.
Then, when I installed BPS (6 month ago), I forgot to put this code into… and PHPSESSID parameter is shown in Google Analytics again.
So I try to put this code back trought BPS but failed, and get the 500 error code.
You would put this code in the top php handler Custom Code text box.
I’ve tried to put it in the first box “CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE” but still 500 error. Other idea ?
Thanks,
AITpro AdminKeymasterIt is possible then that something has changed on your Server and that this code no longer works on your Server. Most web hosts do NOT allow you to use php_flag and php_value directives in an .htaccess file so before doing anything else please contact your Host and ask them if your code is still allowed and will work on your Server. I’d say about 1 in 200 Hosts do allow php_flag to be used in .htaccess files so it is very rare. Typically / normally these settings would be added to a custom php.ini file instead.
-
AuthorPosts
- You must be logged in to reply to this topic.