I have setup an SSL certificate on a domain I am testing with and the SSL works you can see here: https://naughtyrobot.co.uk/ - I also verified my domain has a valid SSL certificate here: https://www.ssllabs.com/ssltest/analyze.html?d=naughtyrobot.co.uk
I have created a .htaccess file in the root directory and it looks like this:
RewriteCond %{ENV:SSL} ^$ [OR]
RewriteCond %{HTTP_HOST} !^www\.naughtyrobot\.co.uk
RewriteRule (.*) https://naughtyrobot.co.uk/$1 [R=301,L]
I checked to ensure the root is correct by looking at: etc/apache2/sites-enabled/000-default-le-ssl.conf
But if you visit naughtyrobot.co.uk it just seems to route to the standard http://
Change your rule to this:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://naughtyrobot.co.uk%{REQUEST_URI} [R=301,L,NE]
Related
I have a website that with a domain example.info. Recently I acquired two new domains: example.com and example.org.
I had a SSL certificate on example.info, and I was redirecting all http to https like this:
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Now I want example.com to be the main url and the other two I just want to redirect to example.com.
I changed the SSL certificate from the .info to the .com and everything is good but my problem is that for example Google links me from the https://example.info and now it is failing because that url doesn't have the SSL certificate anymore. So what I want to do is to redirect https://example.info to https://example.com.
I have tried different things, but this is one of the solutions that didn't work.
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^(www\.)?example\.info$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^(www\.)?example\.info$
RewriteRule ^ https://example\.com [L,R=301]
What am I doing wrong? How can I achieve to redirect https://example.info to https://example.com and keep the redirection to https for example.com?
//// EDIT
If I can't redirect https://example.info because I don't have a valid certificate anymore, how do I prevent that when I write http://example.info it gets redirected to https?
I think the best you can do is this:
RewriteCond %{HTTP_HOST} ^(www\.)?example\.(info|org)$
RewriteRule ^ https://example\.com%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I am new to this SSL process. I host several domains on one GoDaddy server. One just got a SSL. I configured the htaccess file so that domain works for the SSL, but the other domains have security issues, so I need to add some code to keep them http instead of https. Here is my current htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://wisconsin.com/$1 [L,R=301]
You need to add a condition to specify what URL it needs to be used on. You could do that by adding the line: (Thanks to #croises for his input on this)
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(?:www\.)?wisconsin\.com [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://wisconsin.com/$1 [L,R=301]
Or you could use an if directive:
<if "%{HTTP_HOST} == 'winconsin.com'">
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://wisconsin.com/$1 [L,R=301]
</if>
Make sure you clear your cache before testing this.
I'm moving a site to cloud hosting that provides SSL but at a subdomain. My question is can a secure page (with no certificate - so it displays untrusted) be redirected to the right place?
https://www.domain.com to https://web242.secure-secure.co.uk/domain.com
This is what I've attempted (placed in the root) so far but it doesn't do anything:
RewriteEngine on
RewriteBase /
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !web242.secure-secure.co.uk
RewriteRule ^(.*)$ https://web242.secure-secure.co.uk/domain.com/$1 [R=301,L]
It doesn't work with this in either (although I'm not sure where to try it):
RewriteCond %{HTTP:X-Forwarded-SSL} on
Thanks
I am trying to make sure that if HTTPS is used outside of the secure subdomain it gets redirected to HTTP.
This is what I have in the root .htaccess file:
# Redirect HTTPS requests for non-SSL pages back to HTTP. (Note that shared objects
# such as images are excluded from this rule)
RewriteCond %{HTTPS} =on
# my.EXAMPLE.com is the secure subdirectory.
RewriteCond %{HTTP_HOST} !^my.EXAMPLE.com [NC]
RewriteCond $1 !\.(gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://www.EXAMPLE.com/$1 [R=301]
Put simply:
if HTTPS
if not in my.example.com
if NOT an image/css/js file
redirect to HTTP
But this is not working as expected, instead if I try to access a page outside of the my.example.com sub-directory via HTTPS I get a 404 Not Found error. Accessing the same page via HTTP has no problems, it works fine.
Any idea why this rule may not be working?
EDIT
Here's the entire .htaccess file:
# Don't display .htacess files in directory listings.
IndexIgnore .htaccess
Options +FollowSymLinks
RewriteEngine on
# Password protected for now
AuthType Basic
AuthName "EXAMPLE"
AuthUserFile "/home/EXAMPLE/.htpasswds/public_html/passwd"
require valid-user
# Redirect HTTPS requests for non-SSL pages back to HTTP. (Note that shared objects
# such as images on both HTTP and HTTPS pages are excluded from this rule)
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^my\.EXAMPLE\.com$ [NC]
RewriteCond %{REQUEST_FILENAME} !\.(gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://www.EXAMPLE.com/$1 [R=301]
# Redirect non-www requests to www
RewriteCond %{HTTP_HOST} ^EXAMPLE.com$
RewriteCond %{HTTP_HOST} !^my\.EXAMPLE\.com [NC]
RewriteRule ^(.*)$ "http\:\/\/www\.EXAMPLE\.com\/$1" [R=301]
# Prevent direct access to the WHMCS folder must be accessed through secure subdomain
RedirectMatch 301 ^/WHMCS/(.*)$ https://my.EXAMPLE.com/$1
ErrorDocument 404 /404.php
Try this :
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^my\.EXAMPLE\.com$ [NC]
RewriteCond %{REQUEST_FILENAME} !\.(gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://www.EXAMPLE.com/$1 [R=301]
The problem is that if you don't have an SSL vhost setup for www.example.com, and point its document root to the same place that the non-SSL vhost for www.example.com is, when someone goes to https://www.example.com/, your htaccess file is never read. I'm willing to bet that you need to put your HTTPS->HTTP rules in the htaccess file of your SSL vhost (where my.example.com's document root is).
What you have seems to be:
http://www.example.com/ -> /home/EXAMPLE/ (or whatever your document root is)
https://my.example.com/ -> /home/EXAMPLE/subfolder/
So without a vhost setup for https://www.example.com, the htaccess file in /home/EXAMPLE/ is never accessed when you go to the SSL example.com.
I have an SSL certificate for the 'www' subdomain of a web site we'll call example.com.
Therefore I can force SSL, but if the user doesn't enter 'www.example.com' into their browser, the SSL certificate appears invalid.
I wish to accomplish this with mod_rewrite rules in an .htaccess file at the root of the web site.
No matter what URI the user enters, (e.g. example.com, www.example.com, https://example.com, example.com/folder/file.html, etc.), I want to force the HTTPS and the www subdomain, keeping whatever URI they provided, of course.
I was playing around with the .htaccess file and some rules, as I've already done some research, but I don't have much experience with mod_rewrite or .htaccess. I think I found the SVN revision that almost worked for me, but not quite. Here it is:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTP_HOST} ^example.com [nc]
RewriteRule ^(.*)$ https://www.example.com/$1 [r=301,nc]
Try not to laugh too hard at my file; it is mostly derived from examples I found online.
Any pointers are appreciated! =)
Try this:
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteRule ^ https://www.example.com%{REQUEST_URI} [R=301]