I am deploying a yii2 project to heroku. I need to redirect all requests on https://. I added a .htaccess file to frontend/web folder (in environments heroku/frontend/web). On local its working, but on heroku it's not. What's wrong? When the app is deploying I can see that .htaccess is generating by init.php, but if I access http://www.my-finesse.com redirect is not working :(
RewriteEngine On
# If we receive a forwarded http request from a proxy...
RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR]
# ...or just a plain old http request directly from the client
RewriteCond %{HTTP:X-Forwarded-Proto} =""
RewriteCond %{HTTPS} !=on
# Redirect to https version
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Related
I am currently using the following .htaccess code to rewrite:
http://force-t.fr to https://www.force-t.fr
http://www.force-t.fr to http://www.force-t.fr
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www.force-t.fr$
RewriteRule ^(.*) https://www.force-t.fr/$1 [QSA,L,R=301]
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://www.force-t.fr/$1 [R=301,L]
Now, I need to add two exceptions :
All url starting with force-t.fr/iot/ needs to be accessible via http or https.
IE8/XP users needs to access the www.force-t.fr website in http only
(SNI is not supported by IE8/XP and my certificat is not working for them.)
I don't know how to do this and spend two hours searching without success.
I am developing a PHP based website. I made it live with HTTP URL and URL rewriting.
let suppose my domain is www.abc.com
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !(/$|\.)
RewriteRule (.*) %{REQUEST_URI}/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} !\.(pdf|js|ico|gif|jpg|png|css|rar|zip|tar\.gz)$
RewriteRule ^([^/]*)/([^/]*)$ index.php?%{QUERY_STRING}¤t_event=$1 [L]
And I access my site as http://www.abc.com/article it works fine.
Now my client installed SSL certificates on server and I want to change URL to HTTPS but accessing https://www.abc.com/article gives me 404 error.
Please guide me how can I make my above rules work with HTTP/HTTPS both.
So, here is the situation:
We are running a website which is powered by Drupal. Sometime ago, it was decided that the website should be served as SSL. The settings to redirect the site from http to https was done by a guy who is not with us anymore.
I can see in the .htaccess file the following lines
#Redirect http to https
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://docs.dev.domain.com/$1 [R,L]
mydomain.com points to the root of the LAMPP server and my site is in a folder inside the webroot (docs.dev.domain.com/mysite).
Now, it has been decided that the SSL is not needed and it has to be removed and all the pages must be served via http (301 redirect).
When I do that in the .htaccess file by using the RewriteRule to redirect a URL (e.g. https://docs.dev.domain.com/mysite/content/book) to http when a user visits https by using:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
#Redirect HTTPS to HTTP
RewriteCond %{SERVER_PORT} ^443$
#RewriteCond %{HTTPS} on
RewriteRule ^(.*)$ http://docs.dev.domain.com/mysite/$1 [R=301,L]
#even tried this - RewriteRule ^(.*)$ http://docs.dev.domain.com/$1 [R=301,L]
but it redirects every request on https to http://mydomain.com/mysite/index.php (even the urls like (https://docs.dev.domain.com/mysite/content/book/1 which should ideally be redirected to its http counterpart).
How can I remove the https so that my dynamic URLs are served via plain http?
Sorry if this is very novice problem.
This is happening because you have a routing rule before the redirect. The rewrite engine will loop until the URI comes back unchanged, and at that point, it evaluates if the URI needs to be passed onto other modules in order to handle redirecting or proxying.
That means your request is getting routed to index.php, then the rewrite engine loops, then it sees that the request (which at this point is simply /index.php) needs to be redirected, so the request gets flagged to be redirected. Then mod_rewite redirects, but by now, the URI is mangled by your routing rule.
You need to swap the order:
RewriteCond %{HTTPS} on
RewriteRule ^(.*)$ http://docs.dev.domain.com/mysite/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
Enabling SSL or disabling it in Drupal has very easy method by enabling/disabling a module. You should check the module name securepages & if it is there you just need to disable it for disabling HTTPS...
Then you can go to your YOURSITE/sites/default & look into settings.php & if $base_url is defined then just remove the 'S' from 'HTTPS'.
You are done...
I don't think that guy enabled it from .htaccess & so I gave my answer even after you solved it by Jon Lin answer..
I am using .htaccess to redirect all requests (except to subdomains) from HTTP to HTTPS. This code works for me just fine:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !=m.example.com
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
However, it does not prevent the user from manually attempting to access the subdomain using the HTTPS (The SSL that I have does not cover subdomains and shows trust error when used for sub-domains).
Now, I am wondering:
1-How can I redirect all HTTPS requests to subdomain back to HTTP?
2-How can I modify this code to dynamically apply the subdomain restrictions to other subdomains (not only m.example.com)
1) If the certificate doesn't include m.example.com, you can never send the redirect, since the browser will refuse to make a connection. So there is no way of doing this.
2) So all you want the htaccess to do is redirect the naked domain to https. To do this use:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^example.com$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
I case the certificate also includes www.example.com use
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
I am using a mod_rewrite to force two pages to use HTTPS, while all other pages should remain HTTP. Currently, I can successfully force HTTPS on the pages I need -- however, when I try to change all other pages to HTTP, my HTTPS pages become unsecure. I am guessing this is because the rule is changing the URLS for the assets which the HTTPS page is loading for some reason.
Any ideas? Here is the .htaccess file I'm working with.
(Note that the ENV:HTTPS method is required on my host)
# FORCE HTTPS (WORKS JUST FINE)
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteCond %{REQUEST_URI} ^(/index\.php|)/(donate|achdebit)/?$
RewriteRule ^(.*)$ https://www.site.org/$1 [R,NC,L]
# FORCE HTTP (IF ADDED, BREAKS THE SITE)
RewriteCond %{ENV:HTTPS} on [NC]
RewriteCond %{REQUEST_URI} !^(/index\.php|)/(donate|achdebit)/?$
RewriteRule ^(.*)$ http://www.site.org/$1 [R,NC,L]
I believe you are correct when you surmise that the second rule will force assets (css/js etc) that the secure page requests to be redirected to http. To prevent this add the following
# FORCE HTTP (IF ADDED, BREAKS THE SITE)
RewriteCond %{ENV:HTTPS} on [NC]
RewriteCond %{REQUEST_URI} !^(/index\.php|)/(donate|achdebit)/?$
#NEW# only redirect requests that are not for existing files
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ http://www.site.org/$1 [R,NC,L]
or explicity exclude assets by replacing #new above with
#only redirect requests that are not for existing files
RewriteCond %{REQUEST_URI} !\.(css|js|png|gif|etc) [NC]