Site producing heaps of 403 errors, using Simple SEO addon

[trinoz]

Hi,

I think there is something seriously wrong with the configuration of my site www.thechakrashop.com

I'm using version 1.3.9h. I have Simple SEO, Zen Lightbox, Sitemap XML and Easy Popuate installed.

When I run Xenu link checker on the site I get a riduculous amount of URLS (20,000). Some of them are obviously wrong such as (note this is one URL and in the post looks abbreviated):

http://www.thechakrashop.com/gv_faq/...eme486/PIE.php
error code: 403 (forbidden request), linked from page(s): http://www.thechakrashop.com/gv_faq/...eme486/PIE.php

I also see that Google isn't indexing my pages. I wonder why :)

I realised yesterday that the template I have (yes TM), didn't have the rel=canonical reference in the head section so I replaced that. This problem was happening before this however.

I have a .htaccess file with the following:

DirectoryIndex = index.php
#### BOF SSU
Options +FollowSymLinks -MultiViews
RewriteEngine On
# Make sure to change "zencart" to the subfolder you install ZC. If you use root folder, change to: RewriteBase /
RewriteBase /

# Deny access from .htaccess
RewriteRule ^\.htaccess$ - [F]

RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^(.+) index.php/$1 [E=VAR1:$1,QSA,L,PT]
# alternative rewrite rule, seem to work on GoDaddy hosts http://codeigniter.com/wiki/Godaddy_Installaton_Tips/
# to use it, please make sure you comment out the rewrite rule above, then uncomment the line below
# RewriteRule ^(.*)$ /index.php?$1 [L]
#### EOF SSU
# BEGIN Compress text files
<ifModule mod_deflate.c>
<filesMatch "\.(css|js|x?html?|php)$">
SetOutputFilter DEFLATE
</filesMatch>
</ifModule>
# END Compress text files

# BEGIN Expire headers
<ifModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType image/x-icon "access plus 2592000 seconds"
ExpiresByType image/jpeg "access plus 2592000 seconds"
ExpiresByType image/png "access plus 2592000 seconds"
ExpiresByType image/gif "access plus 2592000 seconds"
ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds"
ExpiresByType text/css "access plus 604800 seconds"
ExpiresByType text/javascript "access plus 216000 seconds"
ExpiresByType application/javascript "access plus 216000 seconds"
ExpiresByType application/x-javascript "access plus 216000 seconds"
ExpiresByType text/html "access plus 600 seconds"
ExpiresByType application/xhtml+xml "access plus 600 seconds"
</ifModule>
# END Expire headers

# BEGIN Cache-Control Headers
<ifModule mod_headers.c>
<filesMatch "\.(ico|jpe?g|png|gif|swf)$">
Header set Cache-Control "max-age=2592000, public"
</filesMatch>
<filesMatch "\.(css)$">
Header set Cache-Control "max-age=604800, public"
</filesMatch>
<filesMatch "\.(js)$">
Header set Cache-Control "max-age=216000, private"
</filesMatch>
<filesMatch "\.(x?html?|php)$">
Header set Cache-Control "max-age=600, private, must-revalidate"
</filesMatch>
</ifModule>
# END Cache-Control Headers

# BEGIN Turn ETags Off
<ifModule mod_headers.c>
Header unset ETag
</ifModule>
FileETag None
# END Turn ETags Off

# BEGIN Remove Last-Modified Header
<ifModule mod_headers.c>
Header unset Last-Modified
</ifModule>
# END Remove Last-Modified Header

RewriteEngine On
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^www\.
RewriteRule ^(.*)$ https://thechakrashop.com/$1 [R,QSA,L]

RewriteCond %{REQUEST_URI} ^/(stats/|missing\.html|failed_auth\.html|error/).* [NC]
RewriteRule .* - [L]

RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule .* - [L]

I had to remove the following as I found out that the create accounts page wasn't working so I tried removing elements unitl it worked again:

RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.thechakrashop\.com
RewriteRule (.*) http://www.thechakrashop.com/$1 [R=301,L]

RedirectMatch 301 ^/index\.html$ /index.php
RedirectMatch 301 ^/index\.shtml$ /index.php
RedirectMatch 301 ^/index\.asp$ /index.php
RedirectMatch 301 ^/default\.asp$ /index.php
RedirectMatch 301 ^/index\.aspx$ /index.php
RedirectMatch 301 ^/index\.cfm$ /index.php
RedirectMatch 301 ^/index\.pl$ /index.php
RedirectPermanent /default.htm /index.php

My configure.php has the following settings:

define('HTTP_SERVER', 'http://www.thechakrashop.com');
define('HTTPS_SERVER', 'https://thechakrashop.qnetau.com');

Not sure which aspect is causing these problems but clearly I have some sort of looping going on.

My objective with the .htaccess file was to direct everything to www. but because the https address is non.www I had a problem with the www. being added to the https url.I thought by specifying that in the configure.php file (in both locations) and doing the rewrite it would work. It looked like it did as all the redirects appeared correct and I no longer had canonical issues but the secure pages were not processing.

I searched for a .htacess code to exclude the https element but couldn't find a solution.

My robot txt has the following:

User-agent: *
Allow: /

Sitemap: http://thechakrashop.com/sitemapindex.xml

I notice also in my sitemap that I have urls such as:

http://www.thechakrashop.com/-c-0/sa...ite-wand-p-438

The actual URLs don't have the -c-0 in them, they have the category name.

So, a few issues that may be related:

1. ridiculous number of links and crazy long links.
2. How to redirect to www. when ssl is non.www
3. Simple SEO - the -c-0 in the link name
4. Google not indexing the site

Apologies for all this long explanation.

Appreciate any help..

My brain is looping now.

Trinoz

[RodG]

I think there is something seriously wrong with the configuration of my site www.thechakrashop.com

That's an understatement if I ever heard one.

I'm not even going to attempt to find all the possible problems, but you have at least one rewrite that doesn't make any sense.

RewriteEngine On
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^www\.
RewriteRule ^(.*)$ https://thechakrashop.com/$1 [R,QSA,L]

<snip>

My configure.php has the following settings:

define('HTTP_SERVER', 'http://www.thechakrashop.com');
define('HTTPS_SERVER', 'https://thechakrashop.qnetau.com');

The rewrite rule is stating that any URL starting with "www" should go to https://thechakrashop.com, yet you have clearly defined your https server to be 'https://thechakrashop.qnetau.com'

Which is correct for your https server?
https://thechakrashop.com or https://thechakrashop.qnetau.com

My objective with the .htaccess file was to direct everything to www.

Firstly, it seems that you are directing everything *away* from 'www', secondly, you shouldn't even be needing to do this in the first place. Zencart likes to use the URL's that you have set in the 'defines'. Attempting to change these via rewrite rules is counter-productive and unless you really know what you are doing is going to cause no end of headaches and problems.

So, a few issues that may be related:

Although they MAY be related, when it comes to faultfinding and debugging it is best to treat each item individually.

1. ridiculous number of links and crazy long links.

1. If your store has 10,000 products, it will always have at least 10,000 different links. Why is this a problem?
   
   
   
   What is wrong with 'crazy long links'? It isn't as though anyone actually has to type then in anywhere for any reason.. The following could be considered a 'crazy long link'
   http://shop.vcsweb.com/index.php?mai...roducts_id=206
   Yet I have no problems giving it to people when needed, and the people I give it to have no more problems clicking on this link than if it were, for example, www.vcsweb.com/zencart.
   
   Oh, and the *product* that this link goes to can be easily found in google searches, without any aid of "SEO optimisation" (No offense intended to those that make a business out of providing SEO solutions. I know all the arguments for and against. Please don't bother).
   
   
   

   How to redirect to www. when ssl is non.www

This isn't and shouldn't be needed. In fact any form of URL rewriting or redirection can actually negate some of the security offered by SSL in the first place.

1. Simple SEO - the -c-0 in the link name

1. SEO should not be used as a substitute for *content*
   
   

2. Google not indexing the site

[trinoz]

Rod,

Firstly thank you so much for your time.

I've reverted back to an original .htaccess file without the redirects.

just ran Xenu Sleuth again.
.ok 23030 URLs 99.52%
not found 11 URLs 0.05%
mail host ok 1 URLs 0.00%
skip type 2 URLs 0.01%
forbidden request 97 URLs 0.42%
Total 23141 URLs 100.00%

My store only has around 250 products so 23,000 pages seems excessive.

Also, that long URL had over 1000 characters. I thought it was an indication of what was happening as it's a loop of includes/templates/theme486/.. There are quite a few of them with similar loops.

This started because I ran a SEO online checker that said that my www. and non-www. links were resolving to different pages and that I could be penalized for duplicate content. Now I've removed the redirects from the .htaccess file I'm getting that message again.

http://www.thechakrashop.com and http://thechakrashop.com should resolve to the same URL, but currently do not.

Any idea how to resolve this?

This is what I have in my configure.php files:

define('HTTP_SERVER', 'http://www.thechakrashop.com');
define('HTTPS_SERVER', 'https://thechakrashop.qnetau.com');

And yes https://thechakrashop.qnetau.com - this is the correct url.

I hear you about a nice clean straight out of the box site. Unfortunately I was already behind the 8 ball with this TM template. Spent a lot of time chasing code that had been deleted or changed. Things such as the missing link rel="canonical". The TM 'support' swears that they don't alter the code but I've found masses of differing or missing code. A lot of the basic admin functions don't work in these templates so it's a good lesson.

Thanks again,

Tracy

[RodG]

My store only has around 250 products so 23,000 pages seems excessive.

I agree, but without knowing what links "Xenu Sleuth" is following it is hard to say what all these links are. For all we know it could be following a link from your store to (say) google.com and then trying to index *thier* links.
Needless to say, this would be a worst case scenario that will probably never happen in practice, but I do suspect it could easily be following links not directly related to your site.

Also, that long URL had over 1000 characters. I thought it was an indication of what was happening as it's a loop of includes/templates/theme486/.. There are quite a few of them with similar loops.

This can easily occur with badly formed rewrites, but as I was suggesting, for a 'normal' store long URL's really aren't anything to worry about.

This started because I ran a SEO online checker that said that my www. and non-www. links were resolving to different pages

Very few people appreciate this fact, but they *should* be resolving to different pages. "www.somedomain.com" and "somedomain.com" are technically different hosts.

(For the pedants - exactly when does a domain become a host? Is "www.vcsweb.com.au" a host called "www" in the vcsweb.com.au domain, or is "www.vcsweb" a host in the com.au domain?, or perhaps "www.vcsweb.com" is a host in the .AU domain?

and that I could be penalized for duplicate content.

Penalised by who? Google? Bing, Yahoo? All of them?

If somedomain1.com sells a certain kind of widget, and someone comes along selling the same widget on somedomain2.com it is quite likely that both sites will have 'duplicate content'. Are both these sites going to be 'penalized' because of this, or is it more likely they'll get equal rankings?

I've heard about this 'penalization' many times over the years, but I've never seen any real evidence to support the claim.

Now I've removed the redirects from the .htaccess file I'm getting that message again.

http://www.thechakrashop.com and http://thechakrashop.com should resolve to the same URL, but currently do not.

Frankly, this is complete and utter BS. There is not and never has been any rules, requirements, or recommendations stating that a *host* named "www" in any given domain must resolve to the domain name itself.

Personally I *abhor* the use of 'www' as a host name, and even go out of my way to avoid using it for any site under my control. Call me weird, but I can't help but laugh when people set up a host named 'www' and then proceed to use it for FTP, Email and other services not even related to Web access.
I wonder why these same people don't call their hostname "ftp" and then attach a webserver to it. It makes as much non-sense AFAIC.

Any idea how to resolve this?

Yes.

This is what I have in my configure.php files:
define('HTTP_SERVER', 'http://www.thechakrashop.com');
define('HTTPS_SERVER', 'https://thechakrashop.qnetau.com');

And those will be what *zencart* will know your store as.
They appear to be valid/legal names.

Anyway, to resolve the 'issue' and have both http://www.thechakrashop.com and http://thechakrashop.com
resolve to the same domain, the best way (by far) is to do this via the DNS rather than messing around with Apache re-writes.

You'll need to do this via the tools provided by the registrar of your domain name (often accessible via cPanel)

As an example, one of our domains names is
vcsweb.com.au

In the DNS editor it looks like:
vcsweb.com.au. 14400 IN A 184.154.169.226

The 14400 is a "Time to live" value. It determines how long the record is valid for (in seconds). The "IN" means that it is an Internet record (there are other record types, but these can be ignored for now).
The "A" signifies that this is an ADDRESS record.
The 184.154.169.226 is the actual IP address of this *host*.

Now for the 'good stuff'. You can add another 'host' to these domain records, for the sake of discussion, lets call this host 'www' Using the same format as above, enter a new record like
www.vcsweb.com.au. 14400 IN A 184.154.169.226

In this example I've used the same IP address as before, which effectively means both www.vcsweb.com.au. and vcsweb.com.au. are hosted on the same server. Needless to say, this could/would be a *different* address if 'www.vcsweb.com.au. were on *different* servers, but this isn't what you want (or need). You need the example as given.
HOWEVER, there is an even better way. Suppose for example you DO set up with

vcsweb.com.au. 14400 IN A 184.154.169.226
and
www.vcsweb.com.au. 14400 IN A 184.154.169.226

Then at some future time you relocate your server to another host - you'll need to change both addresses to point to the new server IP address. OK, no big deal, there are only two entrys to change, BUT, some domains could have dozens of entries, eg;
ftp.vcsweb.com.au. 14400 IN A 184.154.169.226
mail.vcsweb.com.au. 14400 IN A 184.154.169.226
smtp.vcsweb.com.au. 14400 IN A 184.154.169.226
etc, etc....

Changing all of them can be a real chore, so what we do is use a different type of record, which we call "CNAME" (short for canonical name, or 'alias'.

We can now enter our DNS data like
vcsweb.com.au. 14400 IN A 184.154.169.226
www.vcsweb.com.au. 14400 IN CNAME vcsweb.com.au
ftp.vcsweb.com.au. 14400 IN CNAME vcsweb.com.au
etc, etc.

Now if/when we change servers we only need to edit one IP address and all the CNAME hosts will inherit the same IP address change.

So, what does this mean to you? Well, by having a CNAME entry for your 'www' named host means that any and all domain lookups, whether it be for 'yourdomain.com' or 'www.yourdomain.com' will always point to the exact same host. IOW, they will both 'resolve to the same domain' (technically, the IP address of same host).

Now, as long as the hosting server has been set to respond to both www.yourdomain.com and yourdomain.com people will be able to access your site using *either* name. Zencart itself will then pick up on the request, read its configure.php file, and direct subsequent requests (to products, etc) using the URL provided in the configure.php file (whether it be with, or without the 'www').

I can appreciate that I have given a LOT of information to take in (in fact I've given a lot more than you need as you'll probably find your 'www' is already set up as a CNAME with your registrar, and that your webhost has already been preconfigured to respond to both 'www' and non 'www' requests), but I have provided this information in the interests that if more people had a better idea of how all these things fit together there will (ultimately) be a lot less mis-information that only seems to lead people down paths they don't need to go (such as using Apache re-writes for things it was never designed for) and that awful bit of misunderstanding that 'www' actually *means* something more than being just being another hostname.

Cheers
Rod