I want to ensure that a small number of URLs in my application are always served over SSL; the rest should always be served over HTTP.
My current mod_rewrite ruleset goes like this:
RewriteCond %{HTTPS} off
RewriteRule ^/?account.html$ https://example.com/account.html [L]
RewriteRule ^/?checkout.html$ https://example.com/checkout.html [L]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !/account.html$
RewriteCond %{REQUEST_URI} !/checkout.html$
RewriteRule (.*) http://example.com/$1 [L]
The first file in each RewriteCond works OK (account.html in this example). The 2nd file doesn't work - the server is "redirecting in a way that will never complete".
Any ideas on how to make this work? In production there'll be more than 2 SSL-only URLs, likely 7 - 10.
Thanks
You must use R flag to redirect url
RewriteEngine On
# redirect account.html or checkout.html (if http) to https
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/(account|checkout)\.html$ [NC]
RewriteRule ^ https://%{HTTP_HOST}/%1.html [R,L]
# redirect other urls (if https) to http
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/(account|checkout)\.html$
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R,L]
Note: i used R flag, which performs a 302 redirect by default. Feel free to replace [R,L] by [R=301,L] when it works (301 redirect is a permanent redirect and is cached by browsers)
Related
I've tried several solutions but none of them seem to work. I have a Laravel application(public folder is removed) and i wanted to redirect the user to HTTPS and a non-www version of my website
Here is an example of the action i wanted to accomplish
Redirect http://example.com to https://example.com
Redirect http://www.example.com to https://example.com
Redirect https://www.example.com to https://example.com
I was able to accomplish that using the following code on htaccess
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.example.com$ [NC]
RewriteRule (.*) https://example.com [R=301,L]
Now, since the website has many links, i wanted to redirect the users without losing any text after the domain. Here is an example
Redirect https://www.example.com/electronics/laptops/hp to https://example.com/electronics/laptops/hp
I tried many variations using $ and request_uri but they keep redirecting to https://example.com/index.php. After searching for answers here, the last thing i tried looked something like this, which yielded the same result
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
RewriteRule ^ https://example.com%1%{REQUEST_URI} [L,R=301,NE]
This seems to redirect any traffic that comes as https://www.example.com/string1/string2/string3 to https://example.com/index.php
So how can i redirect traffic as intended and which is a better practice. Write two rules or combine the rules using If statements.
I would like to use htaccess only methods, no middleware.
I had the same problem
You should put this code on top of .htaccsee file after
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://yourdoamin.com%{REQUEST_URI} [L,R=301,NC]
if you put this after
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
your page redirect to yourdomain.com/index.php
To redirect www requests to non-www without losing the path or the query string this is the right format:
RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
RewriteRule (.*) https://example.com/$1 [R=301,L]
If your website is on a server without a reverse proxy, you can easily redirect non-HTTPS requests to HTTPS as following:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
In case there is a reverse proxy or a load balancer you need to check the forwarded headers, depending on the proxy configuration (eg. X-Forwared-Proto)
Try out this one
# Redirect from http to https
RewriteEngine on
# Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# (http://www.example.com/foo will be redirected to http://example.com/foo)
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
# to redirect index.php to the root
RewriteCond %{THE_REQUEST} ^.*/index\.php
RewriteRule ^(.*)index.php$ /$1 [R=301,L]
I had the same problem
You should put this code on top of .htaccsee file after
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://yourdoamin.com%{REQUEST_URI} [L,R=301,NC]
if you put this after
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
your page redirect to yourdomain.com/index.php
After spending a few hours searching the web and testing different suggestions, I found the solution.
.htaccess in the public_html
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
.htaccess in the public folder
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Redirect to https
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R,L]
# Redirect to non www
RewriteCond %{HTTP_HOST} ^www.yourdomain.com$ [NC]
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R=301,L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# This made the trick for me
# Remove index.php from the url
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]
</IfModule>
I hope this will work for others too
Hi I have a loadbalancer with and SSL certificate assigned and two webservers. The loadbalancer ports HTTP traffic to port 80 and HTTPS traffic to port 81. All requests to HTTP are redirected using apache rewrite using the HTTP:X-Forwarded-Proto header. This works fine, but now we need to ignore two particular REQUEST_URIs but I cannot seem to get this to work as expected.
The application is using a basic MVC structure and so all URIS are sent to the index.php file, but when I try to ensure the two URLs are only on HTTP, the combinations I have tried either end in the route not being found or stuck in a redirect loop.
Below is the rewrite and combinations I have tried.
RewriteEngine On
# This causes route to not be found
#RewriteCond %{REQUEST_URI} ^/uritoignore/one$ [OR]
#RewriteCond %{REQUEST_URI} ^/seconduritoignore/two$
#RewriteRule ^(.*)$ http://%{HTTP_HOST}/index.php?url=$1 [QSA,L]
# Continuous redirect loop
#RewriteCond %{REQUEST_URI} ^/uritoignore/one$
#RewriteRule ^(.*)$ http://%{HTTP_HOST}/uritoignore/one [QSA,L]
# Redirect rest of traffic to HTTPS if not already
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]
Any advice would be greatly appreciated.
Thanks
In the end I realised what was staring me in the face. I simply needed to exclude the paths from the redirection, and also the index.php to stop this from being redirected when it is rewritten at the end. The final configuration was as follows:
RewriteEngine On
# Redirect rest of traffic to HTTPS if not already
RewriteCond %{REQUEST_URI} !^/uritoignore/one
RewriteCond %{REQUEST_URI} !^/seconduritoignore/two
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]
I am trying to use a Bluehost supplied SSL wildcard certificate to switch one subdomain to HTTPS.
The web root contains many subdomains, and I only want to affect the test. subdomain.
Going into the web root, I've written the following .htaccess file:
RewriteCond %{SERVER_NAME} ^test.mydomain.com
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}$1
Yet hitting http://test.mydomain.com/admin/index.php does not redirect me to https://test.mydomain.com/admin/index.php.
Even cutting out the Condition of SERVER_NAME, it still doesn't work.
Is my rewrite rule bad?
Well, in the first place I was in the wrong .htaccess file. I needed to go to the directory for my subdomain.
Then, simply switching it from HTTP to HTTP apparently causes some kind of redirect to www. behavior.
I had to
A) Preserve the existing rules that were not intended for test.
B) Add the test. rules.
It added up to a lot.
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^test.example.com$
RewriteRule ^index\.php$ - [L]
RewriteCond %{HTTP_HOST} !^test.example.com$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{HTTP_HOST} ^test.example.com$
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTP_HOST} ^test.example.com$
RewriteCond %{REQUEST_URI} !^/test/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) /test%{REQUEST_URI}
RewriteCond %{HTTP_HOST} ^test.example.com$
RewriteRule ^(/)?$ test/admin/index.php [L]
I have already searched this site but my workaround does not work.
Basically, I need all pages to have https turned on except for 1 page that has a url like this:
domain.com/begin/index.php?pageid=130&usertype=1&building=2
If the page has the Querystring parameter pageid=130 I do not want https turned on.
My .htaccess file looks like this:
RewriteEngine On
#HTTPS OFF on pageid 130
RewriteCond %{HTTPS} on
RewriteCond %{QUERY_STRING} (^|&)pageid=(130)($|&)
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
#FORCE HTTPS ON ALL PAGES except for pageid 130
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} !(^|&)pageid=(130)($|&)
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
LOL! Small mistake but hard to spot: you still redirect to https ;). Just remove the 's'.
Otherwise may redirect for sure and stop the rewrite process = Last = L.
RewriteEngine On
# HTTPS Off on pageid 130
RewriteCond %{HTTPS} On
RewriteCond %{QUERY_STRING} (^|&)pageid=130($|&)
# (!) Remove the "s":
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [QSA,NC,L]
# Force HTTPS on all pages but the one QS 'pageid=130'
RewriteCond %{HTTPS} Off
RewriteCond %{QUERY_STRING} !(^|&)pageid=130($|&)
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [QSA,NC,L]
How can I use URL rewriting in .htaccess to redirect to different domains depending on the URL?
Examples:
http://ONE/ to http://TWO/
http://ONE/some_content to http://THREE/some_content
This ought to work if you want to redirect the client:
# http://ONE/ to http://TWO/
RewriteCond %{HTTP_HOST} =one
RewriteRule ^$ http://two/ [R,L]
# http://ONE/some_content to http://THREE/some_content
RewriteCond %{HTTP_HOST} =one
RewriteRule ^(.+)$ http://three/$1 [R,L]
If you prefer to proxy the requests, change the R flag to a P instead.