I have a website setup in codeigniter. In config.php, baseurl is
https://example.com
In htaccess, following code has been written:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://example.com/$1 [R,L]
php_value date.timezone Asia/Kolkata
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond $1 !^(index.php|resources|robots.txt)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L,QSA]
</IfModule>
<IfModule mod_headers.c>
SetEnvIf Origin "https://(www|sub1|sub2|sub3).example.com)$" ACAO=$0
Header set Access-Control-Allow-Origin "%{ACAO}e" env=ACAO
Header set Access-Control-Allow-Methods "GET"
</IfModule>
There are four variations of domains:
https://www.example.com
http://www.example.com
http://example.com
https://example.com
I want 1, 2 and 3 redirect to 4. Witht he above htaccess code, 2 and 3 are redirecting to 4.
But,
1 is not redirecting to 4
please suggest a solution.
To remove www and enforce https, replace your first redirect rule with this one:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\. [NC,OR]
RewriteCond %{HTTPS} !on
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L,NE]
RewriteCond $1 !^(index.php|resources|robots.txt)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L,QSA]
<IfModule mod_headers.c>
SetEnvIf Origin "https://(www|sub1|sub2|sub3).example.com)$" ACAO=$0
Header set Access-Control-Allow-Origin "%{ACAO}e" env=ACAO
Header set Access-Control-Allow-Methods "GET"
</IfModule>
Related
I am trying to pass the test on https://hstspreload.org/ - However I am getting the following error below:
Error: Subdomain `www.test.com` is a subdomain. Please preload `test.com` instead. (Due to the size of the preload list and the behaviour of cookies across subdomains, we only accept automated preload list submissions of whole registered domains.)
(test.com was added to hide the domain)
My .htaccess file looks as following for HTTPS and HSTS:
RewriteEngine On
RewriteCond %{REQUEST_URI} /(.+)/$
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ https://www.test.com/%1 [R=301,L]
RewriteCond %{REQUEST_URI} !(.+)/$
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.+)$ https://www.test.com/$1/ [R=301,L]
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [OR,NC]
RewriteCond %{https} off
RewriteRule ^(.*)$ https://www.test.com/$1 [R=301,L]
<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
</IfModule>
Try to set the HTTPS rule before the www rule.
This worked for me :
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Hello I want to redirect my http requests to https. I add some code to .htaccess but still I can access to my website with http. What's wrong and what should I do?
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule . /index.html [L]
</IfModule>
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteOptions inherit
Header set content-Security-Policy: upgrade-insecure-requests
With your shown attempts, could you please try following htaccess rues set. Since you are using inherit option for Rules, so in case you want to apply https in all URLs then better put your htpps rules in your BASE(very first level folder wise) htaccess file and we need not to put them here, if you want to only apply https to URLs which are covered here then use following style rules.
Please make sure to clear your browser cache before testing your URLs.
<IfModule mod_rewrite.c>
RewriteOptions inherit
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule . /index.html [L]
</IfModule>
Header set content-Security-Policy: upgrade-insecure-requests
The following code redirect any URL of your domain to HTTPS version and set HSTS:
#Redirect HTTP a HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#HSTS
<if "%{HTTPS} == 'on'">
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
</if>
I'm trying to redirect all the connections to my website from http to https using htaccess and mod_rewrite, I've tried all the possible things and still not working, I get an error like: The page is not redirecting properly
Here goes the htaccess code:
ErrorDocument 404 http://www.example.com/error.php
<IfModule mod_rewrite.c>
Options -Indexes
Options +FollowSymlinks
RewriteEngine on
RewriteBase /
RewriteCond %{HTTPS} on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteRule ^([^/]*)\.html$ /index.php?lang=$1 [L]
RewriteRule ^sites/examplesite/([^/]*)\.html$ /index.php?lang=$1 [L]
RewriteRule ^([^/]*)/examplesite/([^/]*)\.html$ /index.php?lang=$1&page=$2 [L]
RewriteRule ^([^/]*)/([^/]*)\.html$ /index.php?lang=$1&page=$2 [L]
RewriteRule ^([^/]*)/([^/]*)/([^/]*)\.html$ /index.php?lang=$1&idCat=$2&page=$3 [L]
RewriteRule ^([^/]*)/([^/]*)/([^/]*)/([^/]*)/([^/]*)\.html$ /index.php?lang=$1&cat=$2&filter=$3&pa=$4&page=$5 [L]
RewriteRule ^sites/examplesite/([^/]*)/([^/]*)\.html$ /index.php?lang=$1&page=$2 [L]
RewriteRule ^([^/]*)/([^/]*)/([^/]*)\.html$ /index.php?lang=$1&show=$2&page=$3 [L]
RewriteRule ^sites/examplesite/([^/]*)/([^/]*)/([^/]*)/([^/]*)\.html$ /index.php?lang=$1&itemID=$2&idCat=$3&page=$4 [L]
RewriteRule ^sites/examplesite/([^/]*)//([^/]*)/([^/]*)\.html$ /index.php?lang=$1&idCat=$2&page=$3 [L]
RewriteRule ^([^/]*)/([^/]*)/([^/]*)/([^/]*)\.html$ /index.php?lang=$1&idCat=$2&client_id=$3&page=$4 [L]
</IfModule>
<FilesMatch "\.(ttf|otf|eot|woff)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>
php_flag display_errors On
Regarding your main issue , from your code , this part i is what you think that will do forcing all http requests to https:
RewriteCond %{HTTPS} on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
and it is clear that you also want to add www for none www , so first , when you want to catch none https request , your should put like this line :
RewriteCond %{HTTPS} off
because it is condition like saying , if request not into https but in your code you only catch https requests themselves and force them again.
Put the following code instead of the above:
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.yourwebsite.com/$1 [R=302,L]
Test it and if it's ok change 302 with 301 to get permanent redirection
Redirect works only on the first page, http://example.com to https://example.com.
But it doesn't work on subfolders: http://example.com/news or /news/category etc. redirects me to the https://example.com/index.php (My website is on Laravel 5.5).
Any suggestions pls?
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
# ensure !www.
RewriteCond %{HTTP_HOST} ^www\.(.*)$
RewriteRule ^(.*)$ https://%1/$1 [L,R=301]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Header add Access-Control-Allow-Origin "http://glyphicons.com/"
</IfModule>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Remember to replace example.com and www.example.com with your actual domain name
I am using the following to redirect my non www. urls to use www.:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "http://www.domain.com/"
</IfModule>
However, if someone visits domain.com/abc-123 it redirects to www.domain.com and loses the remaining of the url.
Any help with this? How can i set it up so it doesn't remove the end of the url?
Miro
Just swap the order of the rules around. Since the first (WP) rule is stripping the path, by the time the second rule is applied the path will be empty.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "http://www.domain.com/"
</IfModule>