Exclude specific browsers (Puffin and Photon) from HTTP/HTTPS rewrite in .htaccess - .htaccess

So my site is going secure. Except one directory (/da) has old Flash content (that I cannot edit) that simply refuses to work under SSL. So, I pieced a few StackOverflow user solutions (THANK YOU!) together, wrote a HTTP --> HTTPS rewrite where I carve out an exception for the /da directory and got that much working just fine.
The only issue is with mobile browsers which play Flash content (such as Puffin and Photon). For some reason, they don't like the rewrite code and continue to open the /da directory under HTTPS... thus the Flash content doesn't work.
I thought that I could just exclude those browsers from the rewrite, but I can't get that piece to work. Please see below and let me know what I'm doing wrong. It's the "Puffin|BonEcho" line which I'm trying to get to work. Am I doing it wrong?
Or is there a better solution? Is there a way to get Puffin and Photon to comply with the HTTP/HTTPS rewrite script?
Thanks!
RewriteEngine On
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
# Force HTTPS for anything which isn't /da
RewriteCond %{HTTPS} =on
RewriteCond %{THE_REQUEST} ^[A-Z]+\s/da [NC]
RewriteCond %{HTTP_USER_AGENT} !"Puffin|BonEcho" [NC,OR]
RewriteRule ^(da) http://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
# Force HTTP for anything which is /da
RewriteCond %{HTTPS} !=on
RewriteCond %{THE_REQUEST} !^[A-Z]+\s/da [NC]
RewriteRule !^da https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
# Remove index.php from URLs
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1

Related

.htcaccess rules not working properly

I encountered a small issue while trying to make my site redirect all http requests to https. Before I start, however, I should warn you that I'm rather new to this, so please show mercy ;)
Here's my htcaccess file:
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^.*$ ./index.php
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://nordicraft.net/%{REQUEST_URI} [NC]
To start off, I'm runing my site on shared hosting, and the everything to the first RewriteRule was in the file the first time I opened it. I have no idea what the -d and -f conditions mean or what are they supposed to do, so I left them untouched. The only things I added were the last RewriteCond and RewriteRule.
Now, the issue is, it works as intended ONLY when accessing the main page, that is, simply entering nordicraft.net in the address bar. It redirects me to the https version, as intended. Also, it does the same thing if I explicitly try to access the index.php file. However, if I try accessing any other website feature, like the forums, it redirects me to https://${REQUESt_URI}. In my case, https://forum. You can view the site in real time at http://nordicraft.net.
Any ideas what is causing this, or possible fixes? Thanks!
Try with:
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://nordicraft.net%{REQUEST_URI} [NE,L]
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^ /index.php [L]

htaccess rewrite for MSIE to non https

I want to convert my site to SSL. The certificates etc are all in place and tests great on all browsers except early IE.
I'm trying to get around this by leaving the site as 'non-HTTPS' for those (few?) who still use IE.
I've tried several possible solutions without success - I thought this one would work but it doesn't...
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} .*MSIE.*
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}[R,L]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Any help would be appreciated
Just in case anyone else is looking for a solution to this particular issue. After much trial & error (more error and it was a trial) i found that this works:
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} "MSIE [6-9]" [NC]
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{SERVER_PORT} 443
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I wanted this so that visitors who use old IE browsers could still visit the site and not be put off by Certificate error messages generated by IE

Redirect only certain requests to controller file using RewriteRule

I've created a controller file which handles redirecting users to the proper url, I want to direct certain traffic to this controller and not affect the rest. http://website.com/shows.php?id=review-1 is an example of the url I want to send to the controller.
What I've concocted thus far is the following RewriteRule which causes a site-wide server 500 Server Error.
RewriteCond %{THE_REQUEST} ^GET\s/shows\.php\?
RewriteCond %{QUERY_STRING} (?:^|&)id=review-[0-9]+(?:&|$) [NC]
RewriteRule ^ /controller.php [QSA,L]
Removing the -[0-9]+ from the %{QUERY_STRING} condition gets rid of the site-wide 500 Server Error, but doesn't work. The following RewriteRule that I'm trying to replace works just fine.
RewriteCond %{THE_REQUEST} ^GET\s/shows\.php\?
RewriteCond %{QUERY_STRING} (?:^|&)id=review-1(?:&|$) [NC]
RewriteRule ^ /review/1/super-baseball-2020/? [R=301,L,NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([a-z0-9]+)/([0-9]+)/([a-z0-9-]+)?/?$ /shows.php?id=$1-$2 [QSA,L,NC]
The end result is that a user who goes to http://www.website.com/shows.php?id=review-1 will end up at http://www.website.com/controller.php?id=review-1 which will deal with handling the 301 redirect.
I still don't know why you're trying to make simple things into complex ones ;)
6 minutes to find+test. Here's what should work:
RewriteCond %{QUERY_STRING} (^|(.)+&)(id=review-([0-9]+))($|&.*) [NC]
RewriteRule /shows.php /controller.php?%3 [QSA,L]
PS: Like Devin, I don't get/know why (?:^|&) works...
Interesting. Doesn't' look wrong, but I couldn't get the line
RewriteCond %{QUERY_STRING} (?:^|&)id=review-[0-9]+(?:&|$) [NC]
to compile in mod_rewrite until I took out the non-capturing indicators
RewriteCond %{QUERY_STRING} (^|&)id=review-[0-9]+(&|$) [NC]
seems to compile ok on my system, does that work for you?
I think you need to ascertain what's causing the 500 error. I suspect the redirect is working, but the page you're being redirected to is failing.

Force subset of webpages as HTTPS

I would like to force a subset of webpages to https and all other webpages as http.
In htaccess I use the following script that I found in another post, but that wasn't working...
RewriteCond %{HTTPS} off
RewriteRule ^(login|signup)\.php https://%{HTTP_HOST}%{REQUEST_URI} [R,L,QSA]
RewriteCond %{HTTPS} on
RewriteCond ${REQUEST_URI} !(login|signup)\.php
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,QSA]
HTTP is forced as it should be, HTTPS is forced as it should be, but eg https://mywebsite.com/signup produces an infinite loop error in my browser. Any ideas what goes wrong?
I changed to code to the following which seems to work, but now the SSL is only partially implemented due to secure and insecure items on the webpage. I checked the URLS to e.g. images, style sheets and external javascript files bit these are all relative and shouldn't pose a problem... If someone knows how to deal with this I'd be glad to hear it.
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/login$ [OR]
RewriteCond %{REQUEST_URI} ^/signup$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !login$
RewriteCond %{REQUEST_URI} !signup$
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Try adding this line somewhere on top of your .htaccess:
Options +FollowSymLinks -MultiViews
Maybe you have some other rules that do this redirect -- it would be good if you provide whole contents of your .htaccess file.
You may have redirect inside the actual php script.
In any acse -- if you can edit Apache's config files (httpd.conf or httpd-vhost.conf) then you can enable rewrite debugging (RewriteLoglevel 9) and see what exactly is going on -- this is the best option (if you can).

complex mod_rewrite. Any idea?

I want to :
- switch from http to https if http is used
- redirect the subdomain to index?o=subdomain except www
- redirection the subdirectory to index?u=user
Example :
http://www.mydomain.com will be redirected to https://www.mydomain.com
http://subdomain.mydomain.com will be redirected to https://www.mydomain.com/index?o=subdomain
https://subdomain.mydomain.com will be redirected to https://www.mydomain.com/index?o=subdomain
http://subdomain.mydomain.com/user will be redirected to https://www.mydomain.com/index?o=subdomain&u=user
https://subdomain.mydomain.com/user will be redirected to https://www.mydomain.com/index?o=subdomain&u=user
Is mod_Rewrite the best to do that ? Any idea ?
Thanks in advance
I don't have time to test it right now, but you can try this and see if it works. There may be some potential for some things to go wrong, so if you have trouble with it I'd be happy to work out any kinks later. Also, I think that I covered everything you wanted to do, but let me know if I left something out.
RewriteEngine On
# Force redirect to HTTPS
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{HTTP_HOST}/$0 [R=301,L]
Edit: I've updated the ruleset below. I thought about your question though, and aren't you going to have issues attempting to serve up your subdomains over TLS/SSL? That aside, one of the following should do what you want (without errors this time, I hope):
If you wanted internal redirection:
RewriteCond %{HTTP_HOST} !=mydomain.com
RewriteCond %{HTTP_HOST} !^www
RewriteCond %{REQUEST_URI} !^/index
RewriteCond %{HTTP_HOST}%{REQUEST_URI} ^([^\.]+)[^/]*/([^/]+)?
RewriteCond %1&u=%2 ^([^&]+)(&u=.+)?
RewriteRule ^.*$ /index?o=%1%2
If you wanted external redirection:
RewriteCond %{HTTP_HOST} !=mydomain.com
RewriteCond %{HTTP_HOST} !^www
RewriteCond %{REQUEST_URI} !^/index
RewriteCond %{HTTP_HOST}%{REQUEST_URI} ^([^\.]+)[^/]*/([^/]+)?
RewriteCond %1&u=%2 ^([^&]+)(&u=.+)?
RewriteRule ^.*$ https://www.mydomain.com/index?o=%1%2 [R=301,L]

Resources