Hi tmtmtm and welcome to WebmasterWorld [webmasterworld.com]

The "Forbidden" message is more likely related to the typical permission settings of cgi-bin which is not usually a publicly accessible directory. It can also be related to Options settings (whether to inherit or not).

Thank you not2easy,

has anyone an idea regarding to why the webbrowser switches to https:// for urls without /cgi-bin/.
And why that fails for all urls containing /cgi-bin/ ?

.htaccess file in Document_Root / under c:/xampp/htdocs.

Thank you for your answers in advance.
yours, tmtmtm

My .htaccess - File:

RewriteEngine On

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.+)$ "https://%{HTTP_HOST}/$1" [R=301,L]

#Workaround for cgi-bin. But still no effect on Urls containing /cgi-bin/.
RewriteRule ^cgi-bin https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteRule ^index(\.php|\.html|\.htm)$ "/cgi-bin/forum.cgi" [L,NC]

RewriteRule ^caseindexci(\d*)pnc(\d*)pn(\d*)kat(\d*)ne(\d*)[^\.]*.html(#?\d*)$ "/cgi-bin/forum.cgi/case?caseid=$1&pagenumcase=$2&pagenum=$3&kat_id=$4&ne=$5$6" [L,NC,QSA]

RewriteRule ^mainindexpn(\d*)kat(\d*).html(#?\d*)$ "http://localhost/cgi-bin/forum.cgi?pagenum=$1&kat_id=$2$3" [L,NC,QSA]

It appears that your cgi-bin is not configured to Inherit as mentioned above, which can be done via httpd.conf or .htaccess.

Some of these settings seem to require more understanding of how things work, and how you expect them to work. Using XAMPP is not the same as contracting with a host where things are ready to use. You need to know what settings control the resources you would like to activate. It helps to understand what your goals are when getting suggestions so we don't advise things that might be inadvisable. The place where you downloaded XAMPP should have that basic information available. ;)

You should be rewriting to https: for port 80 also. Because I can't guess what the environment is I hesitate to add more suggestions. I'm pretty sure you do not want to locate a forum inside your cgi-bin, but I'm guessing.

Thank you, not2easy.

I added this to my .htaccess-File for further testing:

RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.+)$ "https://%{HTTP_HOST}/$1" [R=301,L]

Rewriting to port 80 gives the same results: No https : / / -rewrites for urls containing /cgi-bin/.
Yes, I want to locate a forum in my cgi-bin.

What did you mean with "It appears that your cgi-bin is not configured to Inherit as mentioned above, which can be done via httpd.conf or .htaccess. " How do I inherite the RewriteRules to cgi-bin? Can you please mention some Configuration-Code according to this? It would be a good start into the right direction. Some examples for .htaccess and httpd.conf?

Thank you so much for your tipps. Iam wishing you a nice day.

Tangentially:

RewriteRule ^(.+)$ "https://%{HTTP_HOST}/$1" [R=301,L]

is better expressed as

RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]

Asterisk * instead of plus + to cover requests for the root. Anchors aren't necessary, because Regular Expressions are greedy by default; quotation marks in the target aren't necessary at all. So that saves your server four bytes on every request ;)

Similarly

RewriteRule ^index(\.php|\.html|\.htm)$

can be simplified to

RewriteRule ^index\.(php|html?)$

... except why would you? No legitimate visitor will include “index.xtn” in their request, unless that was a visible part of the URL in some earlier iteration of the site. And even then, it would only be one specific extension, not any-and-all.

has anyone an idea regarding to why the webbrowser switches to https:// for urls without /cgi-bin/.
And why that fails for all urls containing /cgi-bin/ ? ) "https://%{HTTP_HOST}/$1" [R=301,L]

Isn't that simply the issue you described in the initial post? The RewriteRule executes as intended everywhere but /cgi-bin/

If this is happening on your local machine, what's preventing you from changing permissions? And, conversely, is this eventually going to go live on a real site? I hope you're not planning to run a publicly accessible forum from localhost.

And further:

RewriteRule ^caseindexci(\d*)pnc(\d*)pn(\d*)kat(\d*)ne(\d*)[^\.]*.html(#?\d*)$ "/cgi-bin/forum.cgi/case?caseid=$1&pagenumcase=$2&pagenum=$3&kat_id=$4&ne=$5$6" [L,NC,QSA]

RewriteRule ^mainindexpn(\d*)kat(\d*).html(#?\d*)$ "http://localhost/cgi-bin/forum.cgi?pagenum=$1&kat_id=$2$3" [L,NC,QSA]

In each case, it should be \.html (excaped . dot), though in each case it's a non-lethal error because of the immediately preceding character. More importantly, fragments # are not part of the request; they are used internally by the visitor's browser. You can redirect to a fragment, but not from one.

Thanks, lucy24.

RewriteRules: I changed everything, as you described it. And I see, that this will work out pretty well.

You say: "Isn't that simply the issue you described in the initial post? The RewriteRule executes as intended everywhere but /cgi-bin/".
No, that was not intended. It should execute with every URL on my server. Even with URLs containing /cgi-bin/.
RewriteRule (.*) [%{HTTP_HOST}...] [R=301,L] should work in any path on the server. Thats intended.
But I dont understand why its not executing for /cgi-bin/ when $1 contains any path from (.*) which suits perfectly for /cgi-bin/, too.

There must be another reason at httpd.conf -like not2easy already said- a problem with cgi-bin which is not inheriting the RewriteRules from outside directories. But I dont have any valid configuration examples on how to accomplish the inheritation of RewriteRules for /cgi-bin/.

"If this is happening on your local machine, what's preventing you from changing permissions?"
How should I set permissions under a windows environment. Under linux we have the command "chmod". But I dont know how to do this for /cgi-bin/ with windows commands on an NTFS-Filesystem. This is preventing me from changing permissions.
The permissions in <Directory> in httpd.conf are as follows:

<Directory "C:/xampp/cgi-bin">
 AllowOverride All
 Options None
 Require all granted
</Directory>

All seems to be allowed, full .htaccess-usage by "AllowOverride All".

So far, thanks so much lucy24 for your optimization-tips. But the core reason of why MOD_REWRITE is NOT working with cgi-bin must be an Apache-.conf-deeper one.
Iam open for any information regarding to this. Thanks@all. Have a nice day.

I think not2easy was talking about permissions on the server (or, currently, on your own computer), not the Apache settings.

What permission number is assigned to the cgi-bin folder? Most cgi scripts have a 755 permission - but yours may differ. If you do not understand chmod and file permissions, I suggest a visit to wikipedia for a quick explanation: [en.wikipedia.org...]

I hope there is nothing else on the machine where XAMPP is installed.

Dear not2easy,

"What permission number is assigned to the cgi-bin folder?" Answer: I dont know.
But thats what I mean. Under windows, there is no chmod. I know how chmod works. But I'm on Windows, not Linux.
I dont know which command serves similar like Linux-chmod under Windows. I dont know where to input the 755 in Windows.

"I hope there is nothing else on the machine where XAMPP is installed."
Its only my development laptop. Later on, I will host my Web-Project on a real webserver of an internet service provider (ISP).
Iam not planning to publish my webproject, by keeping my laptop permanently online as a webserver.

If anyone knows a Windows-tool like chmod for Linux, please let me know.

CU
Yours, tmtmtm

I apologize, but chmod is a task, a process that you do, it does not require a special tool. This is the reason I thought a quick wikipedia explanation could hep in this case. Apache does not run on Windows, it is running on your XAMPP install and that Apache server is where you would set your file permissions. What tool do you use to see your directory tree?

Sorry, I haven't used Windows for a very long time and when I set up a development server on Windows it used WAMP, similar but not the same. So I went and looked it up.

You might want to visit to see why XAMPP is not intended for production, but only for development: [apachefriends.org...]

XAMPP is not meant for production use but only for development environments. XAMPP is configured to be open as possible to allow the developer anything he/she wants. For development environments, this is great but in a production environment, it could be fatal.

Here a list of missing security in XAMPP:

The MySQL administrator (root) has no password.
The MySQL daemon is accessible via network.
ProFTPD uses the password "lampp" for user "daemon".
The default users of Mercury and FileZilla are known.

All points can be a huge security risk. Especially if XAMPP is accessible via network and people outside your LAN. It can also help to use a firewall or a (NAT) router. In case of a router or firewall, your PC is normally not accessible via network. It is up to you to fix these problems. As a small help there is the "XAMPP Security console".

Alright. No I'm not using XAMPP for production.
Now my RewriteRules are still not working for any Webbrowser-URLs containing "/cgi-bin/".
Im always only remaining in HTTP : / /-Mode. Although rewriting to https://
I dont know what to do on that.

RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]

Meanwhile I've tried the RewriteRule on an official WebServer of my ISP. And that one is able to switch to https:// for /cgi-bin/-URLs.
Now, I suppose that it has to do something with

httpd.conf: ScriptAlias /cgi-bin/ "C:/xampp/cgi-bin/"

because the cgi-bin-folder is not situated/created under C:/xampp/htdocs. So the RewriteRules for my DocumentRoot C:/xampp/htdocs wont work for the external path C:/xampp/cgi-bin. This must be the point of failure. Would I have created cgi-bin in C:/xampp/htdocs (C:/xampp/htdocs/cgi-bin), it might perhaps be executing my RewriteRules there. Maybe, I'm testing that in the nearest future.

Wishing you all a nice day. CU soon.

I've tested moving the folder c:/xampp/cgi-bin under c:/xampp/htdocs (c:/xampp/htdocs/cgi-bin).
Changed

ScriptAlias /cgi-bin/ "C:/xampp/htdocs/cgi-bin/"

And the result for http:/ /localhost/cgi-bin/test.cgi is as follows:

Forbidden

You don't have permission to access this resource.
Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4 Server at localhost Port 443

Now I have no more ideas for further testing.

CU
Yours, tmtmtm

2 different WebServers and Environment Variables:

1.) Internet Service Provider:
DOCUMENT_ROOT="/home/strato/http/power/rid/18/95/54631895/htdocs"
SCRIPT_FILENAME="/home/strato/http/power/rid/18/95/54631895/htdocs/cgi-bin/printenv.cgi"
SCRIPT_NAME="/cgi-bin/printenv.cgi"

2.) Localhost XAMPP-Installation:
DOCUMENT_ROOT="C:/xampp/htdocs"
SCRIPT_FILENAME="C:/xampp/cgi-bin/printenv.cgi"
SCRIPT_NAME="/cgi-bin/printenv.cgi"

As you can see above, there are differences between the upper environment variables of my WebServer-ISP (Internet Service Provider) and my localhost XAMPP-Installation.
My ISP has its cgi-bin integrated into his htdocs-folder. There, all rewrites work for Webbrowser-URLs with /cgi-bin/.
My XAMPP-Installation has its cgi-bin in another subfolder. There, all rewrites fail for Webbrowser-URLs with /cgi-bin/.

Thats the difference between working and not working MOD_REWRITE with cgi-bin-URLs.

Every try to build my cgi-bin into the localhost htdocs-folder failed with "Forbidden You dont have access..." for http: //localhost/cgi-bin/test.cgi.

If anyone can give me advice on how to successfully integrate my cgi-bin in the htdocs-folder of my Apache-Installation,
I would appreciate it very much.

CU soon.
Yours, tmtmtm

One answer is as follows:
C:\xampp\apache\conf\httpd.conf:
"Maybe the script alias directive for /cgi-bin is taking priority over the rewrite? Remove the script alias for the http site and see if it's better."

With this it makes fine https:// - URLS, but I'm receiving a Redirection-Error in my Browser. Unable to load any pages from the server.

Bye.
Yours, tmtmtm.