I am trying to force my site to redirect from https to http, most of the tutorials out there do the opposite (force http to https), the few one's that I have come across haven't worked for me so far.
This is what my .htaccess file looks like right now
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Use this to force HTTPs:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Make sure you clear your cache before testing this.
Use this to force to http:
RewriteEngine on
RewriteCond %{HTTPS} on
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
You do exactly the opposite, namely if it comes from HTTP
RewriteCond %{SERVER_PORT} 80
redirect to HTTPS
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Remove these two lines and replace with the following.
First, you should not check for the port, but for %{HTTPS}, which is more reliable, e.g.
RewriteCond %{HTTPS} on
next redirect to HTTP (note the missing s)
RewriteRule ^(.*)$ http://www.example.com/$1 [R,L]
When everything works as it should, you may replace R with R=301. Never test with R=301.
Related
I'm trying to get my site to redirect to HTTPS, and I can only seem to get it partially working.
Here's what my .htaccess currently looks like:
Options +FollowSymLinks
IndexIgnore */*
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* /index.php [L]
The problem is, is that it's not retaining the URL (virtual path that gets parsed by index.php), so for example, http://blah.com/mypage redirects to https://blah.com
What am I doing wrong?
I also need to ensure www is in place as well, but one step at a time :)
You can use this:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^blah.com$
RewriteRule ^$ https://blah.com/mypage [L,R=301]
RewriteEngine On
RewriteCond %{HTTP_HOST} ^https://blah.com$
RewriteRule ^$ https://blah.com/mypage [L,R=301]
So my file works - I just didn't clear my cache. Major oops on my end.
Here's the .htaccess file for those curious:
Options +FollowSymLinks
IndexIgnore */*
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* /index.php [L]
I have been using the following .htaccess for some time now to redirect non-https to https:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
This week however an SEO expert told me this gives 2 redirects for links like this:
www.example.com/test
The first to http s ://www.example.com/test
The second to http s ://www.example.com/test /
Apparantly this is bad for SEO so I have tried adding a / to the last line, this doesn't work for files, e.g.
www.example.com/test.php => https://www.example.com/test.php/
I have done some searching but I can't seem to find a solution for both issues. Can anyone point me in the right direction?
How about adding a check for the directory in the rule (one for directories and one for files):
<IfModule mod_rewrite.c>
RewriteEngine on
# for directories without trailing slashes
RewriteCond %{HTTPS} !=on [NC]
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_URI} [^/]$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}/ [R=301,L]
# for everything else
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
However, there's a good chance this won't work since the redirect from /test to /test/ isn't happening via Rewrite, but via mod_dir's DirectorySlash directive. If you really want to just make this one redirect (I don't think the impact is that serious), then you can turn DirectorySlash off and have that redirect happen via mod_rewrite instead:
DirectorySlash Off
<IfModule mod_rewrite.c>
RewriteEngine on
# for directories without trailing slashes
RewriteCond %{HTTPS} !=on [NC]
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_URI} [^/]$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}/ [R=301,L]
# for everything else
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Add trailing slashes for directories that have them missing
RewriteCond %{HTTPS} on [NC]
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_URI} [^/]$
RewriteRule ^(.*)$ %{REQUEST_URI}/ [R=301,L]
</IfModule>
I have a very simple question that for some reason I cannot figure out, and hours of searching has not helped either. Using an .htaccess file, how can I redirect just /login.php and /index.php to https, and then redirect any other page to just http? I currently use this code to redirect to https, but it redirects every page:
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*) https://www.ruxim.com/$1 [R]
thank you very much.
The %{SERVER_PORT} variable depends on the UseCanonicalPhysicalPort in your config. If it's not setup, then you may not be able to match against that variable, easier to use %{HTTPS} instead.
RewriteCond %{HTTPS} off
RewriteRule ^/?(login|index)\.php https://www.ruxim.com%{REQUEST_URI} [L,R]
RewriteCond %{HTTPS} on
RewriteRule !^/?(login|index)\.php http://www.ruxim.com%{REQUEST_URI} [L,R]
If you don't need the redirect to non-https, then you don't need the second rule.
Try something like this;
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_FILENAME} =index.php [OR]
RewriteCond %{REQUEST_FILENAME} =login.php
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
I'm note 100% sure if the [OR] will comply suddenly in the middle.
Please apply following conditions to secure only /login.php and /index.php pages. Other pages will be work on HTTP path (non-secure pages).
RewriteEngine On
RewriteBase /
# force https for /login.php and /index.php
RewriteCond %{HTTPS} =off
RewriteRule ^(index|login)\.php$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# don't do anything for images/css/js (leave protocol as is)
RewriteRule \.(gif|jpe?g|png|css|js)$ - [NC,L]
# force http for all other URLs
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/(index|login)\.php$
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I've tried all the answers to similar stack questions and nothing has worked. I need to redirect all to https://www except for example.com/blogs/* and example.com/page-name.
I currently have this:
RewriteCond %{HTTPS} =off
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
RewriteCond %{http_host} ^example.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
which redirects everything except for https://example.com, it will NOT add the www.
You can see for yourself at https://moblized.com
RewriteEngine On
RewriteCond %{HTTPS} =off
RewriteRule ^(.*)$ https://www.moblized.com/$1 [R=301,L]
RewriteCond %{http_host} ^moblized.com [NC]
RewriteRule ^(.*)$ https://www.moblized.com/$1 [R=301,L]
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} blogs
RewriteRule ^(.*)$ http://moblized.com/blogs/$1 [R,L]
# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
</IfModule>
# $Id: .htaccess,v 1.90.2.4 2009/12/07 12:00:40 goba Exp $
AddHandler php5-script .php
Thank you!
I hope I understood you correctly. You want:
redirect from example.com to www.example.com (except /blogs/ and /page-name)
redirect all pages to HTTPS (except /blogs/ and /page-name)
based on your current .htaccess under /page-name you mean /favicon.ico
Here are the rules for the above requirements -- put them into your .htaccess:
# activate rewrite engine
RewriteEngine On
# don't touch favicon.ico (always accept as is regardless of the domain or protocol)
RewriteRule ^favicon.ico$ - [L]
# don't touch /index.php (usually means already overwritten URL)
# otherwise we may enter into a loop
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^index\.php$ - [L]
# ensure trailing slash is present for /blogs -> /blogs/
RewriteRule ^blogs$ http://mobilized.com/blogs/ [R=301,QSA,L]
# /blogs/ should only be accessible via http://example.com/blogs/
RewriteCond %{HTTP_HOST} !^moblized\.com$ [NC]
RewriteRule ^blogs/(.*)$ http://mobilized.com/blogs/$1 [R=301,QSA,L]
RewriteCond %{HTTP_HOST} ^moblized\.com$ [NC]
RewriteCond %{HTTPS} =on
RewriteRule ^blogs/(.*)$ http://mobilized.com/blogs/$1 [R=301,QSA,L]
RewriteRule ^blogs/.* - [L]
# redirect to www.example.com if necessary
RewriteCond %{HTTP_HOST} ^moblized\.com$ [NC]
RewriteCond %{REQUEST_URI} !=/client-ipad-contest
RewriteRule ^(.*)$ https://www.moblized.com/$1 [R=301,QSA,L]
# redirect to HTTPS if not there already
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !=/client-ipad-contest
RewriteRule ^(.*)$ https://www.moblized.com/$1 [R=301,QSA,L]
# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?q=$1 [L,QSA]
BTW, browser most likely will show "Untrusted Certificate" warning if your customer go to https://example.com. This is because HTTPS session has to be fully established first before the request starts processing by Apache's rewrite module.
If that is problem -- then consider buying another SSL certificate (or from another vendor) which will cover both example.com and www.example.com (GoDaddy does this for sure) or get wildcard certificate which will cover all subdomains -- *.example.com (but this most likely will be much more expensive).
UPDATE: After simulating your requirements locally (sorry, I have no SSL with working Apache, so I have replaced it (in my testing) with different kind of rule/domain name) I have revised and updated the rules.
I've tested these rules locally (all pages are very simple, just include 1 image & css and a bit of text) -- everything looking good. Let me know if something does not work.
Firstly, I would like to remove the www. from my domain name
http://www.example.com => http://example.com
I would also like for certain directories to be secure (https), while the rest remain http
http://example.com/login => https://example.com/login
Obviously it needs to work for all conditions, for example if someone types in:
http://www.example.com/login => https://example.com/login
Also when people navigate away from the login page it returns to http. Currently in the .htaccess is the following which is done automatically by the software I am using and I suppose needs to be there for it to work:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* ./index.php
Any ideas on how I can achieve dream control all these things?
Thanks in advance!
===================
#Gumbo Following your advice this is my complete .htaccess
RewriteEngine On
# remove www from host
RewriteCond %{HTTP_HOST} ^www\.(.+)
RewriteCond %{HTTPS}s/%1 ^(on(s)|offs)/(.+)
RewriteRule ^ http%2://%3%{REQUEST_URI} [L,R=301]
# force HTTPS
RewriteCond %{HTTPS} =off
RewriteRule ^(login)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# force HTTP
RewriteCond %{HTTPS} =on
RewriteRule !^(login)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* ./index.php
Options -Indexes
Navigating to http://example/login still goes to http://example/index.php when it should go to https://example/login Do I have the order wrong?
Try these rules:
# remove www from host
RewriteCond %{HTTP_HOST} ^www\.(.+)
RewriteCond %{HTTPS}s/%1 ^(on(s)|offs)/(.+)
RewriteRule ^ http%2://%3%{REQUEST_URI} [L,R=301]
# force HTTPS
RewriteCond %{HTTPS} =off
RewriteRule ^(login|foo|bar|…)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# force HTTP
RewriteCond %{HTTPS} =on
RewriteRule !^(login|foo|bar|…)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
You also might want to add some additional conditions to only change the protocol on GET and HEAD requests but not on POST requests.
This code works for me:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
remove www (tested):
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{HTTP_HOST} ^www\.yoursite\.com$ [NC]
RewriteRule ^(.*)$ http://yoursite.com/$1 [L,R=301]
redirect (not tested):
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{THE_REQUEST} \/login/?.*\ HTTP [NC]
RewriteRule ^(.*)$ https://yoursite.com/login [L,R=301]
After reading this all post time line i have get success for following error: My website(c4dprime.com) was attached https: in mozilla firefox browser. Google and internet explore are show domain address as http: (The real problem in firefox) I did not want https: for my domain in any browser because one unknow redirect attached with my domain by https: (Cause for this error)after Installing following plugins in wordpress,(Easy redirect for ssl).... I have told to every one do not use any low level plugins for wordpress.
Anyway! After reading many articles and tutorials at this topic via google search engine. Now i am happy to say i have solve this problem from this post tips. Remember one thing about me i am new to in this form and wordpress.
This tip is help full for me
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{HTTP_HOST} ^www\.yoursite\.com$ [NC]
RewriteRule ^(.*)$ http://yoursite.com/$1 [L,R=301]
After edit or some changes in my .htaccess file following code i have use now with solved this error.
AddHandler c4d-prime .com
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteBase /
RewriteRule ^$ http://www.c4dprime.com/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress