Can't redirect http requests to https - .htaccess

Hello I want to redirect my http requests to https. I add some code to .htaccess but still I can access to my website with http. What's wrong and what should I do?
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule . /index.html [L]
</IfModule>
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteOptions inherit
Header set content-Security-Policy: upgrade-insecure-requests

With your shown attempts, could you please try following htaccess rues set. Since you are using inherit option for Rules, so in case you want to apply https in all URLs then better put your htpps rules in your BASE(very first level folder wise) htaccess file and we need not to put them here, if you want to only apply https to URLs which are covered here then use following style rules.
Please make sure to clear your browser cache before testing your URLs.
<IfModule mod_rewrite.c>
RewriteOptions inherit
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule . /index.html [L]
</IfModule>
Header set content-Security-Policy: upgrade-insecure-requests

The following code redirect any URL of your domain to HTTPS version and set HSTS:
#Redirect HTTP a HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#HSTS
<if "%{HTTPS} == 'on'">
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
</if>

Related

HSTS setup in .htaccess

I am trying to pass the test on https://hstspreload.org/ - However I am getting the following error below:
Error: Subdomain `www.test.com` is a subdomain. Please preload `test.com` instead. (Due to the size of the preload list and the behaviour of cookies across subdomains, we only accept automated preload list submissions of whole registered domains.)
(test.com was added to hide the domain)
My .htaccess file looks as following for HTTPS and HSTS:
RewriteEngine On
RewriteCond %{REQUEST_URI} /(.+)/$
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ https://www.test.com/%1 [R=301,L]
RewriteCond %{REQUEST_URI} !(.+)/$
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.+)$ https://www.test.com/$1/ [R=301,L]
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [OR,NC]
RewriteCond %{https} off
RewriteRule ^(.*)$ https://www.test.com/$1 [R=301,L]
<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
</IfModule>
Try to set the HTTPS rule before the www rule.
This worked for me :
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Htaccess redirect to https while having another condition from vue-router

I would like to merge both of these server configurations:
1) Vue-router docs (to display paths correctly)
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
</IfModule>
2) I would also like to redirect user to use https://, I found solution online:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
How do I connect both of these so I can use them in my .htaccess file?
You can use the following rules :
<IfModule mod_rewrite.c>
RewriteEngine on
#enforce https
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
#rewrite non-existent uris to /index.html
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
</IfModule>
Change R to R=301 in the http to https rule if you want to make the redirection permanent (browser and search engine cached) .

How to avoid "too many redirects" error in .htaccess?

I have the following code in my .htaccess file.
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
#RewriteCond %{HTTPS} off
#RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteBase /
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ /index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
I want to redirect the domain from http to https. But when I try to do that I am getting the error "too many redirects" error.
We recommend putting a simple Redirect statement in your main config file, in the http vhost, rather than using .htaccess files for this. There are nunerous reasons for this which are covered in more detail in the httpd FAQ.
Redirect / https://example.com/
We also recommend using FallbackResource for the front controller stuff
FallbackResource /index.php

404 on all routes after applying SSL on Laravel 5 Project

I've Deployed my project on the server. It's working fine on the http but when I apply SSL certificate, and try to access URLs with https it shows 404 error.
I'm trying to find the solution since hours but no success. Here's my .htaccess file.
.htaccess
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
RewriteBase /
# Redirect Trailing Slashes...
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://serveravatar.com/%$1 [R,L]
</IfModule>
I am unable to find the Mistake. I also tried editing AppServiceProvider but no success!
What #SArnab said is correct, move it before your standard rules. Also, a better way of writing the rule would be:
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

htaccess Redirect All Traffic to https

I'm a beginner when it comes to doing stuff with htaccess so please be patient with my dumb question. I know that this has been addressed a lot (here, here, and here for example) but it doesn't seem to work for my situation. My browser displays a "redirect loop" error with this code in my htaccess file:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes...
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Trying to redirect to https
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>
I know that this probably has something to do with the RewriteCond and the RewriteRule before I redirect to https, but I don't really know what I'm doing here and I don't know what to change.
Update:
Some more info that might be helpful:
When I remove the "redirect to https" code and manually type https://my.site.com it loads just fine.
Also, the redirect-to-https thing worked great before I accidentally deleted the .htaccess file in my directory.
The app that I'm trying to redirect resides in a subfolder of another app which also has an .htaccess file. Here's the code for that app:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteEngine On
</IfModule>
This is what firebug says:
Change order of your rules and keep 301 rules before other internal rewrite rule:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes...
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Trying to redirect to https
RewriteCond %{HTTPS} off
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>

Resources