I need help to understand how to do HTTP redirects to HTTPS when using apache-fpm in DDEV.
T3 site config.yaml
base: 'https://sample-project.ddev.site/'
ddev config.yaml
name: sample-project
webserver_type: apache-fpm
router_http_port: "80"
router_https_port: "443"
use_dns_when_possible: true
that works fine when calling in safari https://sample-project.ddev.site/
but when calling in safari sample-project.ddev.site it does not work I get an T3 oops
so I have inserted in .htaccess (equivalent to my hosting server)
RewriteCond %{HTTPS} !off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}/$1 [L,R=301]
now safari moans too many redirects and I wonder where these redirects come from and why, no redirects in T3 backend are set, no further changes to .htaccess vs the original T3 .htaccess
I was expecting ddev to simply redirect sample-project.ddev.site to https://sample-project.ddev.site/
Please use this redirect. Since ddev-router is terminating HTTPS, it sets X-Forwarded-Proto, but the ddev-webserver (where you are putting the rule) is actually getting the traffic via HTTP.
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Related
I got the following code in my .htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^example.de [NC]
RewriteRule ^(.*)$ https://www.example.de/$1 [L,R=301,NC]
</IfModule>
If I call the url without "www" everything works fine! But with "www" it ends with http 500 error!
So on my development Server erverything works fine, with and without www!
On Ionos Server I can do what I want I guess.
I got https://www.expample.de in my Siteconfiguration of TYPO3 9.5 but it doesnt matter. Does anybody know a solution?
I think this is maybe not a .htaccess problem?!
Fix for IONOS hosted TYPO3 installations where adding www to the URL gives a 500 error:
Go to your install tool, /typo3/install.php should be accessible with www in the URL.
Go to Settings and open Configure Installation-Wide Options
Under [SYS][trustedHostsPattern] where SERVER_NAME is set by default, add your domain, for example. .*\.domain\.com (There are other examples given in the install tool).
Save these changes, the website is now accessible with www.
On my web I am using HTTPS connection and in my .htaccess I specified the redirect from http to https like this:
RewriteCond %{HTTP:HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} ^example.com
RewriteRule (.*) https://www.example.com/$1 [R=301,QSA,L]
This is working fine, so if someone enters the page with http, it will redirect to https.
But I want to exclude from this redirect one specific folder, let's say 'application'.
If I put it above the statement, the Rewriterule will redirect it. If I put it after, then the web is already redirected to https and I don't want to call redirect to http again.
So how can I exclude one folder?
The reason is, I have very often a TLS handshake taking more than 30 seconds on my web.
And the files in that application folders are API php files, which are only called from my mobile app, so they will never be shown in browser.
As there are serious connection issues from mobile app due to TLS problems, I want to call these files via http only to avoid TLS connection. I don't care about security in these files, however I want to keep the rest of my web with https.
Well, I think I found some solution. I used that folder as an exception via !application:
RewriteCond %{HTTPS} !on
RewriteCond %{THE_REQUEST} !application [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Still testing, but seems working fine. Hope I am doing it the right way.
I've got a site (example.com) and a blog (externalblog.com) which is hosted externally and reverse-proxied using ISAPI rewrite. So if you go to www.example.com/blog you're actually on externalblog.com, but the URL is masked.
I've got this working with a number of sites, but the issue is when the parent site uses HTTPS, whereas the blog is only HTTP. When visitors attempt to follow old links, the blog posts will show normally under the https version of the url, but the stylesheets are all broken and a "no certificate" warning is shown.
I need an htaccess rule that will do 2 things:
Forward anyone attempting to access an https version of a blog post only (ie anything within www.example.com/blog) to the http version instead.
Forward anyone attempting to visit example.com/blog (without the www) to http://www.example.com/blog instead of the https version, which it currently does.
However I've like the rules to only affect www.example.com/blog and nothing else on example.com. My current rule for ISAPI rewrite on example.com is as follows:
RewriteRule ^blog(.+)$ http://www.externalblog.com$1 [R=301,L]
This works correctly and is based on an article online called "using reverse proxying to pull a wordpress blog into your domain" – I can't add any more links here due to not having enough reputation.
Any help would be much appreciated.
EDIT: I tried the following
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} ^[A-Z]+\s/blog [NC]
RewriteRule ^blog(.+)$ http://www.externalblog.com$1 [R=301,L]
This works as far as rewriting https to http – but reverse proxy URL masking no longer kicks in.
Your explanation is rather unclear, so sorry if my answer will be unrelated. I suppose you are trying to force everything under www.example.com/blog to be HTTPS, instead of HTTP? Then try this rule:
RewriteEngine On
# HTTP to HTTPS redirect rule
RewriteCond %{HTTPS} off [NC]
RewriteCond %{HTTP:Host} ^www\.example\.com$ [NC]
RewriteRule ^(blog/.*)$ https://www.example.com/$1 [NC, R=301, L]
# No www. to www. redirect rule
RewriteCond %{HTTP:Host} ^example\.com$ [NC]
RewriteRule ^(blog/.*)$ https://www.example.com/$1 [NC, R=301, L]
# Your proxy rule goes here, I suppose it looks like:
RewriteRule ^blog(/.*)$ http://www.externalblog.com$1 [NC, P]
I am working on a Drupal site for which the client has requested that we remove the 'www.' from the URL. This is super easy and I've done it before; I simply comment out the suggested lines in the Drupal-generated .htaccess file like so:
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment the following:
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
Those of you familiar with Drupal's .htaccess will know that the environment variable protossl is set towards the top of the file like so:
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
This is working perfectly on my local environment, but when I deployed the change to the production site it breaks. www.mysite.com redirects to mysite.com as expected, but https://www.mysite.com also redirects to mysite.com instead of https://mysite.com. It seems that the %{HTTPS} variable is returning 'off' even when it should be 'on'.
I can go directly to https://mysite.com and it works perfectly. The site's Apache access logs show 'https://' where I expect it to be, as do all of my HTTP requests. The site is running on a RackSpace server using a load balancer (only one node in the balancer). The SSL certificate is on the RackSpace load balancer. I have tried the following steps and none have had any results:
Replace RewriteCond with RewriteCond %{ENV:HTTPS} on [NC]
Replace RewriteCond with RewriteCond %{SERVER_PORT} ^443$
Multiple variations and combinations of the above RewriteCond's
Added $conf['https'] = TRUE; to settings.php
This is driving my coworkers and I crazy. Can anyone help?
anubhava has saved the day! The solution was to use the %{HTTP:X-Forwarded-Proto} variable just as he suggested. I updated the protocol detection bit of my .htaccess to look like this:
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
# The default proto detection provided by Drupal does not work on our
# production server because it sits behind a load-balancing server.
# This additional RewriteCond makes sure we can detect the forwarded proto
RewriteCond %{HTTP:X-Forwarded-Proto} https [OR]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
I'm gonna call this a crunchwrap supreme, 'cause it is good to go!
I need to do a url rewrite maintaining following condition:
rewrite http://domain.net (or http://www.domain.net) to http:// ip:port/folder
redirect any other request like http://domain.net/logout?query=1 to http:// ip:port/folder/logout?query=1 (preserve query string and all)
mask the rewrite so that novice users cannot detect the ip (the address where they are redirected to) from the browser url bar
as for masking, a visible redirection like http:// domain.net:port/folder is also acceptable.
What I tried so far: The following results in 500 error.
RewriteCond %{HTTP_HOST} ^(*.)?domain\.net$
RewriteRule ^(/)?$ http:// ip:port/folder/$1 [L,R,QSA]
The following works without the masking:
RewriteCond %{HTTP_HOST} !^www\.domain\.net [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) http:// ip:port/folder/$1 [L,R,QSA]
You can do this only if ip:port and domain.net refers to the same server. Otherwise you have to use some script that pulls the remote content from ip:port for a request to domain.net, if you want to hide ip:port.
Otherwise you can proxy the request to another server using the [P] flag.
See: http://httpd.apache.org/docs/current/rewrite/flags.html#flag_p