I have a https website which has a hidden user area. From there the users has a link which links to a http site. With a referrer the site makes sure that the userers are coming from my site. Other access attemps are blocked.
Since my webstie change to https, there referrer is not working anymore.
My solution attempt so far:
Inside my htaccess I want to stop the https for only one file on the site. Where the link is. My htaccess so far.
ErrorDocument 404 /404.php
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/Mitgliederservice/Infoline/index\.php$ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
I don't understand whether you want to exclude one page or force only one page to https so , if you want to exclude one specific page use the following code :
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/path/to/yourpage\.php$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
otherwise use the following code :
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} ^/path/to/yourpage\.php$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
Related
I know that there exists several posts asking about the exact same thing. I asked the same question again, since I've read each and every one of them, and tried the solutions. Maybe they worked for the O.Ps'es codes, but unfortunately didn't work for mine.
I really need to disable HTTPS on a single PHP page called play.php, so that the page is accessible via direct HTTP, or redirect to HTTP if directly requested via HTTPS.
I need to change https://example.com/play/blabla to http://example.com/play/blabla, while the rest of the site is forced HTTPS.
Here is my full .htaccess code:-
Header set Access-Control-Allow-Origin "*********"
ErrorDocument 404 /pagenotfound.php
ErrorDocument 403 /pagenotfound.php
Options -MultiViews
RewriteEngine on
RewriteBase /
Options +FollowSymLinks
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteRule ^search/(.*)$ viewgames.php?search=$1 [L,QSA,NC]
RewriteRule ^category/(.*)$ viewgames.php?cat=$1 [L,QSA,NC]
RewriteRule ^users/(.*)$ users.php?action=$1 [L,QSA,NC]
RewriteRule ^play/(.*)/$ play.php?gn=$1 [L,QSA,NC]
RewriteRule ^play/(.*)$ play.php?gn=$1 [L,QSA,NC]
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^([a-z]+)/?$ $1.php [L,NC]
I have a script called play.php which is rewrited using .htaccess to /play/ i.e if someone requests example.com/play/foobar, the request will be sent to example.com/play.php?gn=foobar.
I'm very new to .htaccess. I will really appreciate your help.
[Edit] I have updated the above code to show my full .htaccess. I hope it helps. BTW, the stars (*) on the first line of code is to hide my actual website address.
Here is full .htaccess with my comments:
Header set Access-Control-Allow-Origin "*********"
ErrorDocument 404 /pagenotfound.php
ErrorDocument 403 /pagenotfound.php
Options +FollowSymLinks -MultiViews
RewriteEngine on
RewriteBase /
# it is important to keep www removal rule as first rule to avoid multiple redirects
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L,NE]
# http->https if URL is not starting with /play/ or /play.php
RewriteCond %{HTTPS} !on
RewriteRule !^play(?:\.php|/.*)?$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE,NC]
# https->http if URL is starting with /play/
RewriteCond %{HTTPS} on
RewriteRule ^play(?:/.*)?$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE,NC]
RewriteRule ^search/(.*)$ viewgames.php?search=$1 [L,QSA,NC]
RewriteRule ^category/(.*)$ viewgames.php?cat=$1 [L,QSA,NC]
RewriteRule ^users/(.*)$ users.php?action=$1 [L,QSA,NC]
RewriteRule ^play/(.+?)/?$ play.php?gn=$1 [L,QSA,NC]
# make sure to check for presence of .php file before rewrite
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^([a-z]+)/?$ $1.php [L,NC]
It is important to completely clear browser cache or use a new browser of testing the changes.
You can disable https to your play.php URI using the following RewriteRule
RewriteEngine on
RewriteCond ℅{REQUEST_URI} play\.php$ [OR]
RewriteCond ℅{REQUEST_URI} /play
RewriteCond ℅{HTTPS} on
RewriteRule ^ http://℅{HTTP_HOST}℅{REQUEST_URI} [L,NE,R]
This will redirect https://example.com/play.php to its non SSL version.
Since your rule already checks http urls , you can also add a condition to your rule to exclude the play.php from HTTPS redirection something like the following :
RewriteCond %{HTTPS} off
#redirect all to https except /play and /play.php
RewriteCond %{REQUEST_URI} !play
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
I want to redirect my entire site from http to https except for one page ( a file to be download actually ) but am having troubles
I am currently using
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
from this post ... htaccess redirect to https://www
but have not figured out how to exclude the one file I need.
it is more or less
http://www.something.com/phone/version/currentversion.txt
I tried redirecting the https version of it back to the http version, but I got an error that said something along the lines that I was in an endless loop of resolution and it would not work
any help would be appreciated
A simple mod_rewrite exception should work:
RewriteEngine On
RewriteCond %{REQUEST_URI} !/phone/version/currentversion.txt
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I have site with https
But I need specific folder should be http.
How can we achieve it ?
e.g.
my site is
https://www.mywebsite.com
I want folder1/subfolder1 should be forced to http://
e.g. http://www.mywebsite.com/folder1/subfolder1
I searched on net...but maximum search show how to force http to https
I tried .htaccess as follows :
try 1.
RewriteRule ^(/folder1/subfolder1)($|/) - [L]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
try 2.
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/folder1/subfolder1
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
But it didn't work..
You can use these rules in your site root .htaccess:
RewriteEngine On
# force https on everything except /folder1/subfolder1
RewriteCond %{THE_REQUEST} !\s/+folder1/subfolder1[/?\s] [NC]
RewriteCond %{HTTPS} !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=301]
# force http on /folder1/subfolder1
RewriteCond %{THE_REQUEST} \s/+folder1/subfolder1[/?\s] [NC]
RewriteCond %{HTTPS} on
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
Make sure to clear your browser cache or use a new browser for testing.
I am trying to force non-https to only one folder on the site but the rest all should be https. Here is my .htaccess code:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteRule ^reports$ http://%1/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([0-9a-zA-Z].+)$ /page.php?title=$1 [L]
ErrorDocument 404 404.php
I guess the problem you have is, that even the reports-folder gets forced to https. Is that right?
That would be, because you put that rule first. The general rule order should be: Most specific first, most general last. So your general https enforcing rule should be last. Or at least it must be after your http enforce rule.
Also you only force /reports/ to http. Everything in that directory would be https again. I think you should change it to
RewriteCond %{REQUEST_URI} ^/reports/(.*)$ [NC]
RewriteRule ^(.*)$ http://yourdomain.com/$1 [R=301,L]
If I see it correctly, you enforce everything to not start with www. Put that rule after the reports-http rule and change it to https. This will save you one redirect.
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
Than your https-enforce rule and than the rewrite to page.php if not existing file or directory.
So, I use a chat script called AJAX-Chat
it works fine, but only when I take away the part of my .htaccess file that makes my site always go to https://
I need a way for a SPECIFIC directory to not be https://
My .htaccess code:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Add this above your other rules:
RewriteRule ^(Directory_to_exclude)($|/) - [L]
it will exclude that directory from forced to HTTPS.
Alternate(ther are lots)
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !exclude_me [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]