I enable force SSL via .htaccess. it's working fine and redirects to https://www.myappurl.com. Inside my application, I use Ajax to retrieve the category list. after SSL enabled category list not loading. it's shown without SSL URL http://www.myappurl.com. I also change APP_URL to https://www.myappurl.com in .env File
my .htacccess code
RewriteEngine On
# ensure www.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Ajax Code
$.ajax({
url: '{{url('getsateslist')}}',
type: "POST",
dataType: "json",
The secure_url() helper function generates a fully qualified HTTPS URL to the given path, change :
url: '{{ url('getsateslist') }}',
To
url: '{{ secure_url('getsateslist') }}',
See the official documentation of [secure_url()] here
Seeing as you're using X-Forwarded-Proto to determine the protocol then I'm assuming your site is behind a proxy which terminates the SSL request and the proxy itself connects to your site using HTTP then you need to enable the "trusted proxies" middleware
You can find a basic implementation on github (and it does come with the Laravel boilerplate) but you can implement your own as well.
For example if you're using an AWS load balancer you can do:
<?php
namespace App\Http\Middleware;
use Fideloper\Proxy\TrustProxies as Middleware;
use Illuminate\Http\Request;
class TrustProxies extends Middleware
{
protected $headers = Request::HEADER_X_FORWARDED_AWS_ELB;
}
This uses the package TrustedProxy which is a Laravel dependency so more information can be found there.
Related
I am switching my web/ios/android app to https. I am using AWS Elastic Beanstalk and an .ebextension configuration. In order to automatically redirect users who type the non https address, I have the following rewrite rule:
files:
"/etc/httpd/conf.d/httpd_redirect.conf" :
mode: "000644"
owner: root
group: root
content: |
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule . https://%{SERVER_NAME} [L,R=301]
The problem is I want to keep backwards compatibility with our current iOS and Android apps, which still make http ajax calls.
How do I redirect http to https for anyone who types the url, but not for the ajax calls?
Thanks!
As per War10ck's comment, I tried adding the following to make it skip over AJAX requests
RewriteCond %{HTTP:X-Requested-With} !=XMLHttpRequest
but that did not work either:
# Redirect HTTP to HTTPS
"/etc/httpd/conf.d/https_redirect.conf":
mode: "000644"
owner: root
group: root
content: |
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP:X-Requested-With} !=XMLHttpRequest
RewriteRule . https://%{SERVER_NAME} [L,R=301]
The error I am getting when trying to connect using an iOS app using PhoneGap to the server is:
[Error] XMLHttpRequest cannot load https://example.com/get_userinfo.php?&session_id=ca913df1d110b330ed405d524b0695b2. Origin http://localhost:12344 is not allowed by Access-Control-Allow-Origin.
Everything works and there are no errors if I remove the http to https redirect.
I have working apache connected with tomcat (mod_jk), I have set two virtualhosts:
myexample_8080.conf
myexample_4430.conf
I want to redirect all requests from http to https and on the home page of https://myexample.com redirect to tomcat url https://myexample.com/login
This is my first rule in myexample_8080.conf
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://myexample.com/$1 [R,L]
Everytime I ended up with redirect loop.
Solution
RedirectMatch 301 ^/*$ https://myexample.com/info
I'm running Apache 2.4 and using mod_rewrite to achieve the following - I need to proxy several different internal sites so that they appear to have been hosted on the same server. As an example, the way I'm looking to do this is to have URL's of the form http://myserver/osnews
which will proxy content from www.osnews.com and http://myserver/slashdot which will proxy content from www.slashdot.org. I have the following rewrite-rule defined in my apache conf file:
RewriteCond %{REQUEST_URI} ^/osnews(/?.*) [NC]
RewriteRule ^/osnews(.*) http://www.osnews.com$1 [P]
RewriteCond %{REQUEST_URI} ^/slshdot(/?.*) [NC]
RewriteRule ^/osnews(.*) http://www.slashdot.org$1 [P]
The problem is that this breaks all the stylesheets and images from the proxied site. I think it's because the rewritten URL's are of the form http://myserver/story/28554/Russia_unveils_homegrown_PC_microprocessor_chips instead of http://myserver/osnews/story/28554/Russia_unveils_homegrown_PC_microprocessor_chips
On the contrary, if I try something like this, it works just fine (I don't have the site as part of the original url so http://myserver will just proxy to http://www.osnews.com):
RewriteCond %{HTTP_HOST} ^myserver$ [NC]
RewriteRule ^ http://www.osnews.com%{REQUEST_URI} [P]
So, what I need direction on is how to preserve the URL http://mysite/osnews/some-resource after the proxying returns from http://osnews.com/some-resource
Thanks!
So, I have got this working using mod_proxy instead of mod_rewrite. The configuration I used (within the VirtualHost context) is:
ProxyPass /osnews.com/ http://www.osnews.com/
ProxyHTMLURLMap http://www.osnews.com /osnews.com
#LogLevel debug proxy_html:trace5
<Location /osnews.com/>
ProxyPassReverse /osnews.com/
ProxyHTMLEnable On
ProxyHTMLExtended On
ProxyHTMLURLMap ^/ /osnews.com/ R
ProxyHTMLURLMap ^/css/(.*) /osnews.com/css/$1 Rc
ProxyHTMLURLMap ^/images/(.*) /osnews.com/images/$1 Rc
RequestHeader unset Accept-Encoding
</Location>
One thing to note is that if you're using apache2 on Ubuntu (Lubuntu 15.04 in my case), the config file for mod proxy_html is not provided by default. You need to create it and then enable it using a2enmod proxy_html. This article summarizes it well: http://ckdake.com/content/2008/reverse-proxying-with-apache-and-modproxyhtml.html.
There are still some issues I see where the ProxyHTMLExtended output-filter is not mapping URLS correctly. But I expect to get those ironed out eventually.
Inside the LAN, we are good to go… folks access our intranet using http:// intranet All links and URLs work just fine and dandy (I removed index.php from links using URL Rewriting).
We are required to give access to the Intranet to certain outside folks.. we are accomplishing this using FTMG, the same way in which Outlook Web Access works.
Now, calls to https:// intranet.domain.org work, but links within the site do not work… for example:
https:// intranet.domain.org works
https:// intranet works
https:// intranet.domain.org/homepage FAILS
https:// intranet.domain.org/index.php/homepage works
https:// intranet/index.php/homepage works
(Disregard space after https://, I received errors for invalid links)
Taking away the 's' from https, and the entire site functions properly.
The dilemma should be clear… implementing the URL Rewriting is not work with https…
How do I make it work?
Note:
my config file =
$config['base_url'] = '';
my .htaccess file =
<IfModule mod_rewrite.c>
RewriteEngine on
Options +FollowSymLinks
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1
</IfModule>
<IfModule !mod_rewrite.c>
ErrorDocument 404 /index.php
</IfModule>
Perhaps this will be of some help HTTP/HTTPS, without index.php, using htaccess
hi all
i have my app configured with mod ajp to be as follows:
http://www.myapp.com/myapp
so when i request a page like mypage, the url will be
http://www.myapp.com/myapp/mypage
and i want when the user requests the page
the url is displayed as:
http://www.myapp.com/mypage
instead of
http://www.myapp.com/myapp/mypage
any ideas how to do so ?
problem solved after installing a fresh copy of tomcat
Try this rule:
RewriteRule !^/myapp/ /myapp%{REQUEST_URI} [L]
And to redirect requests of the “wrong” path:
RewriteCond %{THE_REQUEST} ^[A-Z]+\ /myapp/
RewriteRule ^/myapp/(.*) /$1 [L,R=301]