I have the following .htaccess
# force https and wwww ( works as expected )
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]
# force cache busting via incrementable value (00x)
RewriteRule ^launch-test/?$ /launch-test-004/ [NC,R=301,L]
# call the appropriate script
RewriteRule ^launch-test-004/?$ /wid-test/php/start.php [NC]
The problem I'm facing is that the 2nd rule (the one used for cache busting) reverts HTTPS back to HTTP, which makes urls unsecure.
Any reason for that?
Doing this solved the problem:
# force https and wwww ( works as expected )
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]
# force cache busting via incrementable value (00x)
RewriteRule ^launch-test/?$ https://%{HTTP_HOST}/launch-test-004/ [R=301]
# call the appropriate script
RewriteRule ^launch-test-004/?$ /wid-test/php/start.php [NC]
Unfortunately, it was unsuccessful at serving as a cache busting method but it's not the point of this question anyway.
Related
First of all, I know there are lots of answers on this, but I don't actually find one that works. This is what I have in the .htaccess file right now, and I want to mention that it worked previously, but it does not anymore.
Redirect 301 /unt-de-cacao-de-plaja/filtre/producator/crisnatur/ /ingrijire-corporala/unt-cacao/unt-de-cacao-pentru-plaja-100g
Options +FollowSymlinks
# Prevent Directoy listing
Options -Indexes
# Prevent Direct Access to files
<FilesMatch "(?i)((\.tpl|\.ini|\.log|(?<!robots)\.txt))">
Require all denied
## For apache 2.2 and older, replace "Require all denied" with these two lines :
# Order deny,allow
# Deny from all
</FilesMatch>
# SEO URL Settings
RewriteEngine On
# If your opencart installation does not run on the main web folder make sure you folder it does run in ie. / becomes /shop/
RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=extension/feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=extension/feed/google_base [L]
RewriteRule ^system/download/(.*) index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
# FORCE HTTPS AND NON WWW
RewriteEngine on
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
As a mention, I will have a lot of Redirect 301 from old pages to the new ones since the entire structure has been changed.
And the links that I am redirecting inside my website come with "www" like:
https://www.example.com/unt-de-cacao-de-plaja/filtre/producator/crisnatur/
and needs to be redirected to:
https://example.com/ingrijire-corporala/unt-cacao/unt-de-cacao-pentru-plaja-100g
Redirect to https and non-www
To instead redirect all requests to https and non-www, use the following code instead of the previous:
Canonical HTTPS/non-WWW
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule (.*) https://example.com/$1 [L,R=301]
</IfModule>
As before, place this code in the root .htaccess of your site. Here is what it's doing:
Checks if mod_rewrite is available
Checks if HTTPS is off, or if the request includes www
If either condition matches, the request qualifies and is redirected
to the https/non-www address
OR
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
A few issues, in order of importance:
You have your canonical HTTP to HTTPS and www to non-www redirects at the end of the file. By placing it at the end of the file, after your front-controller, it's simply never going to be processed for most requests. This needs to be near the start of the .htaccess file, before your front-controller.
You should avoid mixing redirects from both mod_alias (Redirect) and mod_rewrite (RewriteRule) in the same scope. Different modules execute at different times throughout the request, despite their apparent order in the config file. Since mod_rewrite is required for other redirects, you should convert the mod_alias Redirect directives to use RewriteRule instead.
For example:
RewriteRule ^unt-de-cacao-de-plaja/filtre/producator/crisnatur/$ /ingrijire-corporala/unt-cacao/unt-de-cacao-pentru-plaja-100g [R=301,L]
You should include the canonical scheme and hostname in your URL redirects in order to avoid multiple redirects when requesting an "old" URL at a non-canonical scheme ot hostname.
For example:
RewriteRule ^unt-de-cacao-de-plaja/filtre/producator/crisnatur/$ https://example.com/ingrijire-corporala/unt-cacao/unt-de-cacao-pentru-plaja-100g [R=301,L]
Depending on what you mean exactly by "a lot of Redirect 301" - you should not be doing this at all in .htaccess and instead redirecting in your server-side script, once you have determined that the request will 404. This is to prioritise normal site visiters and not your redirects (that get executed on every single request).
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
Since you stated that these directives worked previously then I assume the use of the HTTPS environment variable is OK on your system. But note that, whilst this is relatively common, it's non-standard. (It implies the server is using some kind of SSL front-end/proxy.)
Note that the order of these rules will result in a double redirect when requesting http://www.example.com/<anything> (HTTP + www). Which is necessary if you are implementing HSTS, but otherwise, you should reverse these two rules to avoid this unnecessary double redirect.
I'm trying to create an .htaccess file that does the following:
1 Allows the EC2 health check URL to be hit without redirecting to https
2 Redirects all non-https traffic to https
3 Redirect calls to / to /auth/app/public/app (using https)
Items 2 and 3 work fine, but quickly the healthcheck fails and the server no longer responds. Here's the content of my .htaccess file:
RewriteEngine On
#one attempt that didn't work
#RewriteCond %{HTTP_HOST} !^my\.domain\.com$ [NC]
#RewriteCond %{REQUEST_URI} !^/healthcheck.html$
#RewriteRule ^ http://my.domain.com/$1 [R=301,L]
#another attempt that didn't work
#RewriteCond %{HTTP_HOST} !$ [NC]
#RewriteCond %{REQUEST_URI} !^/healthcheck.html$
#RewriteRule ^(.*)$ /$1 [L,QSA]
#this works
RewriteRule ^$ https://my.domain.com/auth/app/public/app/ [L]
#this works
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://my.domain.com%{REQUEST_URI} [L]
The first two commented-out attempts are from examples I found at https://serverfault.com/questions/470015/how-should-i-configure-my-elb-health-check-when-using-namevirtualhosts-and-redir
and https://serverfault.com/questions/470015/how-should-i-configure-my-elb-health-check-when-using-namevirtualhosts-and-redir/597541#597541
Please let me know if you have any suggestions how I can get this working.
Thank you for the reply. Before I read that, I found another post that provided a solution that is working for me. I simply added another condition to not apply the https redirect rule if the url was that of my health check page. Here is the working version of my .htaccess file:
RewriteEngine On
RewriteRule ^$ https://my.domain.com/auth/app/public/app/ [L]
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{REQUEST_URI} !^/healthcheck\.html$
RewriteRule ^ https://my.domain.com%{REQUEST_URI} [L]
I have a situation where I need to force every single page in my site to redirect to HTTP except for two specific URLs which need to force redirect to HTTPS.
The two pages that need to redirect to HTTPS pages are:
/microsoft-moc-on-demand-video-training/moc-registration-page/
/courses/register/
The code I've been using in my .htaccess file looks like this:
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/courses/register/
RewriteCond %{REQUEST_URI} !^/microsoft-moc-on-demand-video-training/moc-registration-page/
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule ^(/courses/register/|/microsoft-moc-on-demand-video-training/moc-registration-page/)/ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Unfortunately this doesn't seem to be working. The entire site does redirect to HTTP (so part of the code works), but those two exceptions (which should redirect to HTTPS) do not do that, they stay as HTTP links.
Any idea what I'm doing wrong here?
The problem is that for RewriteRule, there is no initial / in the requested path. Therefore, you're trying to match something that isn't present.
You also had an extra / at the end of each option in the first capture group, which when combined with the final / would require a path such as /courses/register//.
The following code should suit your needs:
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/courses/register/
RewriteCond %{REQUEST_URI} !^/microsoft-moc-on-demand-video-training/moc-registration-page/
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule ^(courses/register|microsoft-moc-on-demand-video-training/moc-registration-page)/ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I've done enough research to figure out that to redirect sitewide all of my https pages to their http equivalent, I need to use this code...
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
My issue is, there are a handle of pages that I still want to remain as https. For the sake of example, let's say I want page1.php, page2.php, and page3.php to REMAIN as .https, with everything else on the site redirecting. Anyone know how to do this?
Try something like this:
RewriteEngine On
# Force page1,2,3.php onto HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(page1|page2|page3)\.php https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA]
# Redirect other HTTPS requests to plain HTTP
RewriteCond %{HTTPS} on
RewriteCond ${REQUEST_URI} !(page1|page2|page3)\.php
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA]
I'm currently using htaccess to force all requests to use www. So:
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
to redirect example.com/page to www.example.com/page.
However, this htaccess file is being used by several international versions of example.com. What code do I want that can also do the following:
example.de/page -> www.example.de/page
and
example.co.uk/page -> www.example.co.uk/page
etc.
Potentially, there could be dozens of versions of example.com, so I'm looking to avoid having to remember to edit htaccess every time we add a new country.
You can use server variables in your substition, so this should be doable with
RewriteRule ^(.*)$ http://www.${HTTP_HOST}/$1 [L,R=301]
Right: think I've actually got it cracked. (Or at least it looks like it works):
RewriteCond %{HTTP_HOST} ^example\.(.*)$ [NC]
RewriteRule ^(.*)$ http://www.example\.%1/$1 [R=301,L]
seems to do the trick.
Test if the current host name does not begin with www. and add it if missing:
RewriteCond %{HTTP_HOST} !^www\.
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]