Laravel .htaccess with forced HTTPS - laravel

I use this .htaccess file in root directory of my Laravel website on hosting, so the visitors dont see /public/ in URL address:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^my-domain.com$ [NC,OR]
RewriteCond %{HTTP_HOST} ^www.my-domain.com$
RewriteCond %{REQUEST_URI} !public/
RewriteRule (.*) /public/$1 [L]
But so far I couldnt find a simple solution to add forced HTTPS redirection. Any suggestions please?

Force domain to use https using .htaccess
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,NE]

modify your .htaccess with this code:
<IfModule mod_rewrite.c>
Options -Indexes
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?$1 [L,QSA]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s(.*)/index\.php [NC]
RewriteRule ^ %1 [R=301,L]
</IfModule>

This will help you
You should try below in .htaccess
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://www.my-domain.com/$1 [R=301,L]

Related

laravel is getting a folder as url .. https://domain-name/uploads/ckeditor

I am facing an issue that Laravel is getting my folder as a URL while in crawling. I have using redirection but still the error is present.
<IfModule mod_rewrite.c>
RewriteEngine On
# Removes index.php from ExpressionEngine URLs
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?url=$1 [PT,L]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
</IfModule>
I have tried this i htaccess

Remove/Redirect public/index.php from url to prevent duplicate urls

Hello i am facing issue to remove the public/index.php from url. Remove/Redirect index.php from url to prevent duplicate urls
This link really helps me to remove index.php form url but i am not able to remove public/index.php from url. Here is my below htacces code
RewriteEngine On
#REmove index.php from url starts
RewriteCond %{THE_REQUEST} /index\.php [NC]
RewriteRule ^(.*?)index\.php[^/] /$1? [L,R=302,NC,NE]
RewriteCond %{THE_REQUEST} /index\.php [NC]
RewriteRule ^(.*?)index\.php(?:/(.*))?$ /$1$2? [L,R=302,NC,NE]
#Remove index.php from url ends
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ public/ [L]
RewriteRule (.*) public/$1 [L]
</IfModule>
But when i add this below code to remove public/index.php in htaccess its not working :-
RewriteCond %{THE_REQUEST} /public/index\.php [NC]
RewriteRule ^(.*?)public/index\.php[^/] /$1? [L,R=302,NC,NE]
RewriteCond %{THE_REQUEST} /public/index\.php [NC]
RewriteRule ^(.*?)public/index\.php(?:/(.*))?$ /$1$2? [L,R=302,NC,NE]
Example urls that should be redirected:
mydomain.com/public/index.php/something should be redirected to mydomain.com/something (something could be anything - can contain any characters)
mydomain.com/public/index.php should be redirected to mydomain.com
mydomain.com/index.php?anything should be redirected to mydomain.com?anything (anything can contain any characters)
Pleae help me how to resolve this issue.
You may use this rule inside public/.htaccess:
RewriteEngine On
RewriteCond %{THE_REQUEST} /public/index\.php(?:[/?](\S+))?\sHTTP [NC]
RewriteRule ^ /%1 [L,R=301,NE]
RewriteCond %{THE_REQUEST} /public/(\S*)\sHTTP [NC]
RewriteRule ^ /%1 [L,R=301,NE]
# other rules below this line
Additionally use this code in site root .htaccess:
RewriteEngine On
# remove /index.php
RewriteCond %{THE_REQUEST} /index\.php [NC]
RewriteCond %{REQUEST_URI} ^(.*/)index\.php$ [NC]
RewriteRule ^ %1 [L,R=301,NE]
RewriteRule ^ public%{REQUEST_URI} [L]

laravel htaccess force www

I have this .htaccess from laravel 6
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# force www ???
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
and what I want is to force from non-www to www
I have tried several combinations but is not working (i get "redirected you too many times")
What I have tried
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteCond %{HTTPS}s on(s)|offs()
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [NE,L,R]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
How to force www ???
Try Also
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.yourwebsite.com/$1 [L,R=301]
RewriteCond %{HTTP} off
RewriteRule ^(.*)$ http://www.yourwebsite.com/$1 [L,R=301]

Laravel .htaccess redirect all in one (1.public 2.https 3.www→non-www)

I have laravel application where .htaccess is redirecting to Laravel's /public folder.
Today I've added the SSL support, and I successfully updated .htaccess to also redirect http to https.
In addition to that I need it to re-write the www to non-www. There are plenty of examples how to do it individually. But I cannot find how to do it in conjunction with the first 2 requirements. Please help.
my current htaccess:
<IfModule mod_rewrite.c>
RewriteEngine On
# for HTTPS
RewriteCond %{HTTPS} !^on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
#/ end of HTTPS
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
I updated your existing .htaccess
RewriteCond %{HTTPS} !^on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [R=301,QSA,NC,L]
RewriteRule ^(.*)$ public/$1 [L]
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Start with www
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=301]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>

Laravel: how to force HTTPS?

I'm starting to develop a new big app, and I'm using Laravel this time, and it's the first time.
I need to force HTTPS for all pages, it's not important if from code or by .htaccess, but I'm not able to find a simple tutorial.
The official docs dosn't speak about this problem.
For info, my acutal .htaccess is
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
My question is specific to Laravel 5, because I ve no idea on where and how modify this .htaccess file. And also I'am asking you if this is the right way for Laravel or if Laravel has something specific to setup to handle HTTPs.
So please do not close my question and try to be more adherent to the Laravel specific topic.
If you can post a simple way to modify this file AND/OR What to modify in Laravel config to properly handle https.
But in short yes, I want to force every call to transit on HTTPS.
You need adding this to your .htaccess file:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://YOURWEBSITEDOMAIN/$1 [R,L]
See this:
http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file
Try adding this code in your .htaccess file.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
When you want to Render all URLs with https the simplest method is to
use the code below in the boot() function of app/Providers/AppServiceProvider.php:
\URL::forceScheme('https');
You could try searching here first. There's tons of questions for the same issue with answers.
https://stackoverflow.com/a/4399158/5892849
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Add this to the boot method in AppServiceProvider
if($this->app->environment('production'))
{
$this->app['request']->server->set('HTTPS','on');
}
Change your domain in .htaccess by:
RewriteCond %{HTTP_HOST} mydomain.com [NC]
RewriteRule ^(.*)$ https://mydomain/$1 [R,L]
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Added to Force HTTPS
RewriteCond %{HTTP_HOST} mydomain\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://mydomain/$1 [R,L]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
This worked for me:
# Check if HTTPS is enabled
#RewriteCond %{HTTPS} ^on$ [NC]
#RewriteCond %{QUERY_STRING} !https-is-on [NC]
#RewriteRule (.*) /?https-is-on [R,L]
# Redirect all HTTP to HTTPS requests
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Remove index.php from the url
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]
This worked for me
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^(.*)$ public/$1 [L]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} !^public [L,R=301]
</IfModule>
Try changing the "APP_URL" in the .env file from
APP_URL = http://example.com
to
APP_URL = https://example.com
This is my config, with other configs from the topic I had a cyclic redirect.
(also redirects www to without www)
RewriteEngine On
RewriteBase /
#redirect from www to non-www(https)
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
past this code in htaccess file
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
This .htaccess will remove /public/ from your URL and force https://
Put this .htaccess in your root folder without renaming server.php file to index.php this .htaccess will do everything
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteRule ^(.*)$ public/$1 [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Send Requests To Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
In my experience, I solved this issue to add the code to .htaccess.
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]
Hopefully, it would be helpful for you.
Good luck.
I faced the same issue, "forcing HTTPS for my app" when I deployed to Heroku. Apparently, when I tried to force HTTPS connection using htaccess file it did not work. I forced the connection using
APP_URL = https://example.com/
and
ASSET_URL = https://example.com/
This also solved my issue with the CSS and js files "blocked mixed-content"

Resources