I have been trying to force https using htaccess with the following:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
But somehow it isn't working. Only if I manually use https://domain.name I get the padlock sign else its always http.
What might be the possible reason?
Related
here is my .htaccess file:
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
The problem is when I add this rule to my .htaccess file and reload the site it said me "too many redirect" and the site doesn't work. Why? How can i change https to http? I want to do this change only for a few week but i don't know how. Thanks
EDIT:
I change the code to this:
RewriteCond %{HTTPS} on
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
but it still doesn't work
Try:
RewriteCond %{HTTPS} !^off$
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Or:
RewriteCond %{SERVER_PORT} ^443$
RewriterRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
If that doesn't work, the browser is probably stopping it from redirecting back to http. Or, the browser is redirecting back to HTTPS after the redirect to HTTP, and the loop starts there.
Anyways, it is a very bad idea to redirect https to http. If an ssl cert is your issue, you can get one from LetsEncrypt for free :) For localhost, you can create your own self signed cert, and trust it in your pc.
You should actually be redirecting from HTTP to HTTPS usually, because security is needed.
I'm having trouble getting these redirects to work under all conditions. I'm hoping I can fix it with .htaccess but there may be something mucked up with the way I'd previously tried to force redirects through my host's control panel.
Anyway, olddomain.com/whatever, with http:// or https:// and with or without www should permanently redirect to https://www.newdomain.com/whatever.
At one point I had everything except https://olddomain.com redirecting properly. Now I've broken it and I'm just getting the too many redirects error.
I believe both domains have a Let's Encrypt certificate attached to them. The old domain doesn't need to be secured if that makes a difference.
According to https://serverfault.com/a/728957, you can use this snippet to help redirect users to a https://www of the site.
RewriteEngine On
# ensure www.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Hope that helps!
We need to force HTTPS only for one specific page and one directory, i.e. /login.php and anything in the /forum directory. All other pages on the site should be forced into HTTP (even if manually requested as HTTPS).
I'm hitting roadblocks getting this to work via .htaccess... can anyone help? Thanks so much!
You can use the following rewriteRules :
RewriteEngine on
#force https for /login.php and /forum
RewriteCond %{HTTPS} off
RewriteRule ^(login\.php|forum/.*)$ https://%{HTTP_HOST}/$1 [NE,L,R]
#redirect everything else to http if requested as https
RewriteCond %{HTTPS} on
RewriteRule ^((?!login\.php|forum/.*).*)$ http://%{HTTP_HOST}/$1 [NE,L,R]
I have a problem with my .htaccess and https redirection.
First of all, I have consulted these links to find a solution but none could help me.
List of links :
.htaccess redirect http to https
ModRewrite with HTTPS
https://www.ndchost.com/wiki/apache/redirect-http-to-https
htaccess redirect to https://www
https://serverfault.com/questions/116206/how-do-i-use-htaccess-to-always-redirect-from-http-to-https
When I load the page with http, the .htaccess redirect me to https but when I load the page with https, I have an infinite loop.
Here is my .htaccess code :
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTP_HOST} ^(api|www|dev|stefano|sav)\.
RewriteCond %{REQUEST_URI} !^/(api|www|dev|stefano|sav)/
RewriteCond %{DOCUMENT_ROOT}/%1 -d
RewriteRule ^(.*)$ %1/$1 [L]
Is anybody can help me create a redirect condition (http to https) ?
You are leaving off the Rewrite Flags You need to tell it force the redirection with R flag and optional provide status code which is recommended 301, 302 etc.
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
By the way, every example you linked to shows the answer using the R flag, not sure why you didn't use exact examples :)
Solution if behind devices like load balancer.
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I have been fighting with this same problem for hours. It seems that I needed the solution for systems behind a load balancer. Perhaps this is because I am using Cloudflare with my site.
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
After adding the above lines to my .htaccess file, I deleted the cache on Cloudflare and the site loads as it should.
I am using .htaccess to redirect all requests (except to subdomains) from HTTP to HTTPS. This code works for me just fine:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !=m.example.com
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
However, it does not prevent the user from manually attempting to access the subdomain using the HTTPS (The SSL that I have does not cover subdomains and shows trust error when used for sub-domains).
Now, I am wondering:
1-How can I redirect all HTTPS requests to subdomain back to HTTP?
2-How can I modify this code to dynamically apply the subdomain restrictions to other subdomains (not only m.example.com)
1) If the certificate doesn't include m.example.com, you can never send the redirect, since the browser will refuse to make a connection. So there is no way of doing this.
2) So all you want the htaccess to do is redirect the naked domain to https. To do this use:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^example.com$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
I case the certificate also includes www.example.com use
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}