Our website is allowing any prefix/subdomain before the domain.
So if our site is www.domain.com, then the server is allowing;
www.anything.domain.com, where 'anything' can be literally anything, and it displays whatever is on the page that actually exists.
So, www.anything.domain.com/something.php displays the content that should only be accessible via www.domain.com/something.php.
Is there any way using .htaccess to stop this from happening, or redirect it to the version that does actually exist?
Or does this need to be done on the server?
Does anyone know why this is being allowed?
Ideally, this should be configured in server configuration files (also, you can configure DNS to simply not resolve unwanted hostnames, but that is for another question probably).
If you don't have access to server configuration, you can do it in .htaccess:
# to block access if any domain except example.com or www.example.com was used
RewriteEngine On
RewriteCond %{HTTP_HOST} !=www.example.com
RewriteCond %{HTTP_HOST} !=example.com
RewriteRule ^ - [F]
or
# if any domain except example.com or www.example.com was used,
# redirect the request to www.example
RewriteEngine On
RewriteCond %{HTTP_HOST} !=www.example.com
RewriteCond %{HTTP_HOST} !=example.com
RewriteRule ^ http://www.example.com%{REQUEST_URI} [R=301]
Related
I have the following domain that does not work without the www.
wwww.mydomain.com works
mydomain.com = does not work
The root htaccess file (primary domain is something else) automatically seemed to have this code in it.
# php -- END cPanel-generated handler, do not edit
RewriteCond %{HTTP_HOST} ^mydomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.mydomain\.com$
RewriteRule ^/?$ "https\:\/\/www\.mydomain\.io\/mydomain" [R=301,L]
I added this code in the website's own htaccess file.
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
What am I doing wrong?
Currently mydomain.com goes to something quite strange (it duplicates the domain name): and has an error
https://www.example.com/example.com/
Error on page
Not Found
The requested URL was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Can I delete the code which says "do not edit". Which one is working and why/how? A fix with an explanation would be appreciated.
The issue was basically resolved by:
Adding the rewrite engine rules:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
Deleting the forwarding in the DNS management console and ONLY leaving in the forwarding in the addondomains section. So, in the cpanel - addon domains, create forwarding and delete the forwarding in the DNS section. This was the key part.
There was an additional folder outside of the public_html for this domain and that was deleted as well.
Finally, adding these rules to force https was useful:
https://www.hostinger.co.uk/tutorials/ssl/forcing-https
Also noting the helpful comment: "Which web server are you using? Look through your web server configuration files. Your problem is that you have a redirect from HTTP to HTTPS and the path URL is configured wrong."
Here is what I want to accomplish.
I have domain A which I want to update the nameservers to use the custom nameservers setup on domain B (i.e. ns1.domainb.com and ns2.domainb.com).
Then, when users go to domainA.com I want it to take them to domainB.com/domainA
How can I accomplish this? Can't I accomplish this via HTACCESS files on domainB?
When users go to domainA.com I want it to take them to
domainB.com/domainA
This solution explains how to achieve:
example.com --> domainB.com/example.com
DNS records and .htaccess
First, set the DNS of domainA.com to point to the IP address of domainB.com's server. In the root of domainB.com, create an .htaccess file with a rule to redirect/rewrite domainA.com requests to domainB.com/domainA. There are two methods and outcomes.
Method 1 - Silently rewrite the URI request
User navigates to http://example.com, browser shows http://example.com.
Set these .htaccess rules in the root of domainB.com:
RewriteEngine On
RewriteBase /
# Check that the request is NOT from domainB.com, e.g. domainA
RewriteCond %{HTTP_HOST} !domainB\.com$ [NC]
# Capture the top-level domainA name
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+?)$
# Check that we are not already requesting a valid file or directory
# This prevents inserting the subdirectory name into an already valid path
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Rewrite requests with the domainA subdirectory
RewriteRule (.*) /%1/$1 [L]
Method 2 - Explicitly force a redirect to the new location
User navigates to http://example.com, browser shows http://domainB.com/example.com.
Set these .htaccess rules in the root of domainB.com:
RewriteEngine On
RewriteBase /
# Check that the request is NOT from domainB.com, e.g. domainA
RewriteCond %{HTTP_HOST} !domainB\.com$ [NC]
# Capture the top-level domainA name
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+?)$
# Force a 301 redirect to the new URI
RewriteRule ^(.*)$ http://domainB.com/%1%{REQUEST_URI} [R=301,L]
Customization
At the time of this writing, you can test and modify (most) .htaccess rules to support your customized requirements here: http://htaccess.madewithlove.be/
Here are tips and tricks to achieve further customization: http://mod-rewrite-cheatsheet.com/
I am working on a Drupal site for which the client has requested that we remove the 'www.' from the URL. This is super easy and I've done it before; I simply comment out the suggested lines in the Drupal-generated .htaccess file like so:
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment the following:
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
Those of you familiar with Drupal's .htaccess will know that the environment variable protossl is set towards the top of the file like so:
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
This is working perfectly on my local environment, but when I deployed the change to the production site it breaks. www.mysite.com redirects to mysite.com as expected, but https://www.mysite.com also redirects to mysite.com instead of https://mysite.com. It seems that the %{HTTPS} variable is returning 'off' even when it should be 'on'.
I can go directly to https://mysite.com and it works perfectly. The site's Apache access logs show 'https://' where I expect it to be, as do all of my HTTP requests. The site is running on a RackSpace server using a load balancer (only one node in the balancer). The SSL certificate is on the RackSpace load balancer. I have tried the following steps and none have had any results:
Replace RewriteCond with RewriteCond %{ENV:HTTPS} on [NC]
Replace RewriteCond with RewriteCond %{SERVER_PORT} ^443$
Multiple variations and combinations of the above RewriteCond's
Added $conf['https'] = TRUE; to settings.php
This is driving my coworkers and I crazy. Can anyone help?
anubhava has saved the day! The solution was to use the %{HTTP:X-Forwarded-Proto} variable just as he suggested. I updated the protocol detection bit of my .htaccess to look like this:
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
# The default proto detection provided by Drupal does not work on our
# production server because it sits behind a load-balancing server.
# This additional RewriteCond makes sure we can detect the forwarded proto
RewriteCond %{HTTP:X-Forwarded-Proto} https [OR]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
I'm gonna call this a crunchwrap supreme, 'cause it is good to go!
I am trying to force HTTPS on a domain. It must be done using a method that works by domain name and not port number (due to host structure/setup).
My closest attempt was:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^mydomain.com$
RewriteRule ^.*$ https://www.mydomain.com/$1 [R=301,L]
This works when typing "mydomain.com" into the address bar, automatically redirecting to "https://mydomain.com" but when I type "www.mydomain.com" it does not work. I assume it is a syntax issue as I am very new to htaccess and have spent about 4 hours trying to create a solution from other's code.
Any chance of a pointer?
To make the setup a little more understandable.
/public_html/ - All files in this folder relate to www.mydomain.com
/public_html/subfolder - These folders contain files also relating to mydomain.com
/public_html/subdomain - These folders contain files relating to www.myotherdomain.com
My other domains are subdomains of mydomain.com for to be listed in the cpanel on the host. For example: subdomain.mydomain.com is the same as www.myotherdomain.com.
Hopefully that clears up the structure.
Your redirect happens whenever a request is made to the exact domain mydomain.com (that's what the RewriteCond is testing for). It doesn't apply to any other domains and doesn't detect HTTPS. Use this instead:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L]
I am trying to set up a website, domain
examplesproject.co.uk
with a subdomain which is for the moment called
sub.examplesproject.co.uk .
I am with Bluehost and so I have set up the subdomain and I have got the same document root both for examplesproject.co.uk and sub.examplesproject.co.uk but I want content for
sub.examplesproject.co.uk
to actually be located at
examplesproject.co.uk/sub .
So why didn't I set up the document root at examplesproject.co.uk/sub for the sub-domain? Because then, in local development I would need to treat the two domains as completely separate and that would mean no relative urls which seemed silly given that the subdomain folder is just tantalisingly inside the main domain.
However, if someone browsed to sub.examplesproject.co.uk they would get the same content as examplesproject.co.uk, which I don't want, so I set up htaccess rewrite in the root folder like so:
#rewite sub-domain to sub directory
RewriteCond %{HTTP_HOST} ^[www\.]*sub.examplesproject.co.uk [NC]
RewriteCond %{REQUEST_URI} !^/sub/.*
RewriteRule ^(.*) /sub/$1 [L]
That works, however if you browse to examplesproject.co.uk/sub you can still see the content and I don't want to have two locations for the same content. However if I rewrite this sub-directory to show the sub-domain in the browser address, then I create a loop where it keeps feeding round.
As another side-point, I want my main site to be forced to use www, so I also have the following in my root htaccess..
#force add www on main domain
RewriteCond %{HTTP_HOST} ^examplesproject.co.uk$
RewriteRule ^(.*)$ http://www.examplesproject.co.uk$1 [R=301,L]
However, I want to force the sub domain not to have a www infront i.e. http://sub.examplesproject.co.uk and NOT http://www.sub.examplesproject.co.uk. To do this I am trying the following but it doesn't seem to work for other directories within the sub-domain (if that makes sense). Anyhows this is the code which I put in the sub directory (ie at examplesproject.co.uk/sub):
#force remove www on sub-domain
RewriteCond %{HTTP_HOST} ^www.sub.examplesproject.co.uk [NC]
RewriteRule ^(.*)$ http://sub.examplesproject.co.uk/$1 [L,R=301]
Thought I'd mention in case it affects things.
So, my question is, how do I achieve a nice set-up where:
I can use relative URLs for developing and implementing my subdomain.
browsing to http://sub.examplesproject.co.uk shows the content of http://www.examplesproject.co.uk/sub
browsing to http://www.examplesproject.co.uk/sub doesn't duplicate the sub-domain by showing the content (for SEO purposes)
and also
Main domain examplesproject.co.uk is forced to use www - http://www.examplesproject.co.uk.
Sub domain sub.examplesproject.co.uk is force NOT to use www - http://sub.examplesproject.co.uk.
If anyone can help, I would be really grateful. By the way, locally I have set up virtual hosts http://examplesproject and http://sub.examplesproject using wamp and hosts file to replicate the online behaviour.
Thanks alot for reading. Answers/suggestions welcome.
Sorry about that Tim Post! I have put the content in this time! Nice one for looking at this. Hope that this helps someone.
This is the solution that worked for me (thanks to Jim (jdMorgan) at webmasterworld for this - http://www.webmasterworld.com/apache/4254301.htm)..
Put all of these rules, in this order, into the root .htaccess:
# Externally redirect direct client requests for test subdomain subdirectory paths to the test subdomain
RewriteCond %{THE_REQUEST} ^[A-Z]+\ /sub/([^\ ]*)\ HTTP/
RewriteRule ^sub/(.*)$ http://sub.examplesproject\.co\.uk [R=301,L]
#
# Externally redirect all non-canonical, non-blank, non-test-subdomain hostname requests to canonical "www" main domain
RewriteCond %{HTTP_HOST} !^(www\.examplesproject\.co\.uk)?$
RewriteCond %{HTTP_HOST} !^([^.:]+\.)*sub\.([^.:]+\.)*examplesproject\.co\.uk [NC]
RewriteRule ^(.*)$ http://www.examplesproject.co.uk$1 [R=301,L]
#
# Externally redirect non-canonical subdomain hostname requests to canonical test subdomain
RewriteCond %{HTTP_HOST} ^([^.:]+\.)*sub\.([^.:]+\.)*examplesproject\.co\.uk [NC]
RewriteCond %{HTTP_HOST} !^sub\.examplesproject\.co\.uk$
RewriteRule ^(.*)$ http://sub.examplesproject.co.uk/$1 [R=301,L]
#
# Internally rewrite sub-domain requests to subdirectory path
RewriteCond %{HTTP_HOST} ^sub\.examplesproject\.co\.uk$
RewriteCond $1 !^sub/
RewriteRule ^(.*)$ /sub/$1 [L]
Checking THE_REQUEST in the now-first rule prevents the infinite redirection loop problem you encountered.
Note that exact hostnames are now enforced due to the very-careful use of case-sensitivity and anchoring.
Nice one aiit!