I had some trouble redirecting http to https. A friend helped me to find a solution, but there are still some troubles.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?thevideocards\.com
RewriteRule ^(.*)$ https://www.thevideocards.com/$1 [R,L]
This redirects http to https, http to https://www but does not https://example to https://www.example. Anybody any idea what should change to force ALL traffic to https://www.example.com ?
It's important to understand what the code you're writing means - otherwise, who knows what backdoors someone is persuading you to add.
Let's break down what you have:
# Turn on Apache's "Rewrite Engine"; this is the module that processes the next few lines
RewriteEngine On
# Condition (for following rule): match only if the connection is on port 80
# Port 80 is (by convention) used for plain-text HTTP traffic
# An alternative to this would be to check for a secure connection directly:
# RewriteCond %{HTTPS} !on
RewriteCond %{SERVER_PORT} 80
# Condition (for following rule): match only if the HTTP Host header matches a regex
# The (www\.)? means that prefix is optional,
# so it will match both www.thevideocards.com and thevideocards.com
RewriteCond %{HTTP_HOST} ^(www\.)?thevideocards\.com
# Rule (if the above two conditions also match):
# ^(.*)$ - Match any URL, and capture as $1
# https://www.thevideocards.com/$1 - Generate the replacement URL based on the captured part
# [R] - Send redirect response to browser, rather than processing internally
# [L] - Don't process any more rewrite rules for this request
RewriteRule ^(.*)$ https://www.thevideocards.com/$1 [R,L]
From the above, you should be able to create your own rule for the case you want:
Condition: host matches without the www.
Rule: redirect everything to the same URL with https://www. on the front
(Alternatively, spend 10 minutes searching and you'll probably find about a million pages talking about how to do this; but again, if you don't know what they do, how will you know which one to trust?)
Related
I am running Apache/2.2.15 on Centos 6.6 and am using a free certificate from StartCom. My home page file is /var/www/index.php so I create a file /var/www/.htaccess with the following content, as suggested here.
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e. http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context
However, entering
myWebSite.com
in the URL box brings up my site in http protocol. If I enter
https://myWebSite.com
instead, I get my site in https protocol. My goal is to get my site in https protocol by simply entering
myWebSite.com
and I cannot see why the .htaccess file is not effecting that.
It doesn't appear that your .htaccess file is being read. So make sure you have AllowOverride All in your config.
Also for your rules, I wouldn't use SERVER_NAME, that isn't always set and sometimes is not correct. I would either use HTTP_HOST variable or your actual domain name. You also should specificy 301 for your redirect because without it 302 is default. You want this to be a permanent redirect.
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !^on [OR]
# This checks to make sure the connection is not already HTTPS
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^/?(.*)$ https://example.com/$1 [R=301,L]
I also made it where it would remove the www since you don't show your are using it.
I hope you can help with this htaccess issue please? I basically have the htaccess rules working apart from in one scenario. This is the case where a user visits the site on a non HTTPS and non WWW links.
Re-Directs
User visits on http/non-WWW URL
User is redirected initially to the http/WWW URL
User is then redirected to https://www.website
You can see the behaviour here:
http://childrens-curtains.co.uk
All other scenarios work fine.
I want to try to remove the 2nd redirect from the sequence so it behaves like this:
User visits on http and is immediately redirected to the https/www version without the 2nd step (if that makes sense?)
The current scenario causes multiple re-directs, which I understand is a bad approach from an SEO perspective.
This is my htaccess redirect rule:
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [L,R=301]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context
You can try this code keepin into .htaccess file.
To add www add following code.
RewriteCond %{HTTP_HOST} ^**domainname**\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.domainname\.com$
RewriteRule ^index\.html$ "http\:\/\/www\.domainname\.com\/" [R=301,L]
To add http add following code.
RewriteCond %{HTTP_HOST} ^domainname.com [NC]
RewriteRule ^(.*)$ http://www.domainname.com/$1 [L,R=301]
Which will add both http as well as www to URL.
Thanks.
I am working on a Drupal site for which the client has requested that we remove the 'www.' from the URL. This is super easy and I've done it before; I simply comment out the suggested lines in the Drupal-generated .htaccess file like so:
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment the following:
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
Those of you familiar with Drupal's .htaccess will know that the environment variable protossl is set towards the top of the file like so:
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
This is working perfectly on my local environment, but when I deployed the change to the production site it breaks. www.mysite.com redirects to mysite.com as expected, but https://www.mysite.com also redirects to mysite.com instead of https://mysite.com. It seems that the %{HTTPS} variable is returning 'off' even when it should be 'on'.
I can go directly to https://mysite.com and it works perfectly. The site's Apache access logs show 'https://' where I expect it to be, as do all of my HTTP requests. The site is running on a RackSpace server using a load balancer (only one node in the balancer). The SSL certificate is on the RackSpace load balancer. I have tried the following steps and none have had any results:
Replace RewriteCond with RewriteCond %{ENV:HTTPS} on [NC]
Replace RewriteCond with RewriteCond %{SERVER_PORT} ^443$
Multiple variations and combinations of the above RewriteCond's
Added $conf['https'] = TRUE; to settings.php
This is driving my coworkers and I crazy. Can anyone help?
anubhava has saved the day! The solution was to use the %{HTTP:X-Forwarded-Proto} variable just as he suggested. I updated the protocol detection bit of my .htaccess to look like this:
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
# The default proto detection provided by Drupal does not work on our
# production server because it sits behind a load-balancing server.
# This additional RewriteCond makes sure we can detect the forwarded proto
RewriteCond %{HTTP:X-Forwarded-Proto} https [OR]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
I'm gonna call this a crunchwrap supreme, 'cause it is good to go!
I need to do a url rewrite maintaining following condition:
rewrite http://domain.net (or http://www.domain.net) to http:// ip:port/folder
redirect any other request like http://domain.net/logout?query=1 to http:// ip:port/folder/logout?query=1 (preserve query string and all)
mask the rewrite so that novice users cannot detect the ip (the address where they are redirected to) from the browser url bar
as for masking, a visible redirection like http:// domain.net:port/folder is also acceptable.
What I tried so far: The following results in 500 error.
RewriteCond %{HTTP_HOST} ^(*.)?domain\.net$
RewriteRule ^(/)?$ http:// ip:port/folder/$1 [L,R,QSA]
The following works without the masking:
RewriteCond %{HTTP_HOST} !^www\.domain\.net [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) http:// ip:port/folder/$1 [L,R,QSA]
You can do this only if ip:port and domain.net refers to the same server. Otherwise you have to use some script that pulls the remote content from ip:port for a request to domain.net, if you want to hide ip:port.
Otherwise you can proxy the request to another server using the [P] flag.
See: http://httpd.apache.org/docs/current/rewrite/flags.html#flag_p
I have looked around and I can't seem to find a definitive solution for this. We are having a small problem with a few or our visitors that are typing in our domain as such:
https://www.example.com - This is giving a security warning "There is a problem with this website's security certificate."
We have an SSL set up for example.com
So if someone types in http://www.example.com or www.example.com this gets redirected to https://example.com which works fine.
This is what I have currently have in my .htaccess file:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteCond %{SERVER_PORT} !^443$ [OR]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.*) [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,NC,L]
edit:
Most SSL certificates are issued for a specific hostname, e.g. www.example.com or just example.com (and there can be wildcard certificates for *.example.com too) so this might be the case.
Maybe making the www. subdomain an optional match in the last RewriteCond might help to get the user to the domain stated in the certificate:
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*) [NC]
I think the problem is not with the rewrite/redirect rules but simply with the way http servers handle ssl connection. Before even server has a chance to look into rewrite/redirect rules the SSL handshake take place and if we have a cert for example.com and we enter URL www.example.com connection will abort due to invalid certificate. Check for yourself, set up redirect condition to point URL www.example.com to example.com on SSL secured domain. At first you'll get invalid cert error, but when you add an exception to your browser you'll notice that it works.
Try this
RewriteCond %{HTTP_HOST} ^[a-z0-9-]+\.[a-z]+$
RewriteRule !"" https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NC]
instead of
RewriteCond %{HTTP_HOST} ^www\.(.*) [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,NC,L]
What you are trying to do is impossible. If a user accesses www.domain.cc over SSL, then you will get a certificate error if you do not have a valid SSL certificate - even if all you want to do is redirect them to the correct site.
You will either need a new certificate for www.domain.cc, or convince your registrar to give you a wildcard certificate for *.domain.cc, or one with multiple subjectAltName properties. See http://www.crsr.net/Notes/Apache-HTTPS-virtual-host.html
Or ask for SNA http://en.wikipedia.org/wiki/Server_Name_Indication
Firstly, you will need an SSL certificate that covers both www.xxxx.yyy and xxxx.yyy.
Your provider may cover both if you get the cert for www.xxxx.yyy, but only the xxxx.yyy if you get it for that. Read their conditions carefully.
I had read so many suggestions as to how to redirect, with all manner of ad-hoc opinions, with varying results, and mostly without any formal explanation.
Of course, that means going to the Apache .htaccess reference and working from first principles was in order.
Just to reiterate, the main requirement is to redirect all http(s) requests to https://xxxx.yyy.
As always, turn the rewrite engine on:
RewriteEngine On
For http, that is:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://xxx.yyy/$1 [L,R]
However, doing the same for https (port = 443), will force a loop, which bombs out with an error. We have to restrict the process to only working for the https and www. We do this by providing two RewriteCond statements in a row, which are treated as an implicit AND:
RewriteCond %{SERVER_PORT} 443
RewriteCond %{HTTP_HOST} ^www[.].+$
RewriteRule ^(.*)$ https://xxxx.yyy/$1 [L,R]
At the end of the RewriteRule, the [L,R] tells the rewrite engine to:
L = stop at that rule. That is, if a rule is executed because its conditions (RewriteCond) were satisfied, stop when done, else go to the next conditions/rule set.
R = issue a HTTP redirect (default code = 302) to the browser, so user or automatic action can be taken to update bookmarks, so they always use the https://xxxx.yyy in future.