I have two sites on the same hosting. Each one is in a different folder and each one has its own domain.
Site1. It has https.
Site2. It has not https, only http.
If I put a .htaccess in the root of Site1 folder the addresses of site2 also are redirected to its address in https. In the Site2 I have no .htaccess
This is the code that I have in the .htaccess:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Why does it happen and how to redirect from http to https only on Site1?
You can add a condition to make this rule specific to site1:
RewriteCond %{HTTP_HOST} ^(?:www\.)?site1\. [NC]
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Change site1 to your actual site name and don't forget to test in a new browser to avoid old cache.
Related
I have this .htaccess rule
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
This covers the parent domain but not the subdomain.
My subdomain has the same public folder as of parent domain.
example.com is redirected to https://example.com
But subdomain.example.com is not redirected to https://subdomain.example.com
As I said above that both points to same public folder so I want the above rule to handle both.
But I don't want to write my domain or subdomain name in htaccess rule. It shall cover any domain and any subdomain
You can do this with the HTTP_HOST header:
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
So you get it from the request rather than using the server name for the virtual host. Also simplifying the regex since you’re not using the capture.
Goto your subdomain folder
Create .htaccess file in this folder
and paste this code:
just copy and paste this code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I want to redirect all http request to https. The problem I am experiencing is that it redirect all add on domains too. I want to redirect only primary domain. Here is my htaccess code -
This will enable the Rewrite capabilities:
RewriteEngine On
This checks to make sure the connection is not already HTTPS:
RewriteCond %{HTTPS} !=on
This rule will redirect users from their original location, to the same location but using HTTPS. The leading slash is made optional so that this will work either in httpd.conf
or .htaccess context:
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
What can I do to make sure it only redirects on the primary domain?
If you want to redirect a specific domain from http to https you can use the following :
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com$ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://% {SERVER_NAME}/$1 [R,L]
This will redirect http://example.com/ to https://example.com/ .
I am trying to make sure that if HTTPS is used outside of the secure subdomain it gets redirected to HTTP.
This is what I have in the root .htaccess file:
# Redirect HTTPS requests for non-SSL pages back to HTTP. (Note that shared objects
# such as images are excluded from this rule)
RewriteCond %{HTTPS} =on
# my.EXAMPLE.com is the secure subdirectory.
RewriteCond %{HTTP_HOST} !^my.EXAMPLE.com [NC]
RewriteCond $1 !\.(gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://www.EXAMPLE.com/$1 [R=301]
Put simply:
if HTTPS
if not in my.example.com
if NOT an image/css/js file
redirect to HTTP
But this is not working as expected, instead if I try to access a page outside of the my.example.com sub-directory via HTTPS I get a 404 Not Found error. Accessing the same page via HTTP has no problems, it works fine.
Any idea why this rule may not be working?
EDIT
Here's the entire .htaccess file:
# Don't display .htacess files in directory listings.
IndexIgnore .htaccess
Options +FollowSymLinks
RewriteEngine on
# Password protected for now
AuthType Basic
AuthName "EXAMPLE"
AuthUserFile "/home/EXAMPLE/.htpasswds/public_html/passwd"
require valid-user
# Redirect HTTPS requests for non-SSL pages back to HTTP. (Note that shared objects
# such as images on both HTTP and HTTPS pages are excluded from this rule)
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^my\.EXAMPLE\.com$ [NC]
RewriteCond %{REQUEST_FILENAME} !\.(gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://www.EXAMPLE.com/$1 [R=301]
# Redirect non-www requests to www
RewriteCond %{HTTP_HOST} ^EXAMPLE.com$
RewriteCond %{HTTP_HOST} !^my\.EXAMPLE\.com [NC]
RewriteRule ^(.*)$ "http\:\/\/www\.EXAMPLE\.com\/$1" [R=301]
# Prevent direct access to the WHMCS folder must be accessed through secure subdomain
RedirectMatch 301 ^/WHMCS/(.*)$ https://my.EXAMPLE.com/$1
ErrorDocument 404 /404.php
Try this :
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^my\.EXAMPLE\.com$ [NC]
RewriteCond %{REQUEST_FILENAME} !\.(gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://www.EXAMPLE.com/$1 [R=301]
The problem is that if you don't have an SSL vhost setup for www.example.com, and point its document root to the same place that the non-SSL vhost for www.example.com is, when someone goes to https://www.example.com/, your htaccess file is never read. I'm willing to bet that you need to put your HTTPS->HTTP rules in the htaccess file of your SSL vhost (where my.example.com's document root is).
What you have seems to be:
http://www.example.com/ -> /home/EXAMPLE/ (or whatever your document root is)
https://my.example.com/ -> /home/EXAMPLE/subfolder/
So without a vhost setup for https://www.example.com, the htaccess file in /home/EXAMPLE/ is never accessed when you go to the SSL example.com.
I am using .htaccess to redirect all requests (except to subdomains) from HTTP to HTTPS. This code works for me just fine:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !=m.example.com
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
However, it does not prevent the user from manually attempting to access the subdomain using the HTTPS (The SSL that I have does not cover subdomains and shows trust error when used for sub-domains).
Now, I am wondering:
1-How can I redirect all HTTPS requests to subdomain back to HTTP?
2-How can I modify this code to dynamically apply the subdomain restrictions to other subdomains (not only m.example.com)
1) If the certificate doesn't include m.example.com, you can never send the redirect, since the browser will refuse to make a connection. So there is no way of doing this.
2) So all you want the htaccess to do is redirect the naked domain to https. To do this use:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^example.com$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
I case the certificate also includes www.example.com use
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
The following forces non-www domains and sends https requests to http and is working fine for example.com. How can I use a wildcard for the domain?
RewriteCond %{HTTP_HOST} !^example\.com$
RewriteCond %{SERVER_PORT}s ^(443(s)|[0-9]+s)$
RewriteRule (.*) http%2://example.com/$1 [R=301,L]
I have two domains, example.com and example2.com. Both use the same code base and point to the same folder. If a visitor comes to the site via example2.com, the URL needs to remain example2.com and not shift to example.com.
Try this rule:
RewriteCond %{HTTP_HOST} .+\.([^.]+\.[^.]+)$
RewriteCond %{HTTPS}s%1 ^on(s)(.+)|
RewriteRule ^ http%1://%2%{REQUEST_URI} [R=301,L]