I am trying to force non-https to only one folder on the site but the rest all should be https. Here is my .htaccess code:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteRule ^reports$ http://%1/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([0-9a-zA-Z].+)$ /page.php?title=$1 [L]
ErrorDocument 404 404.php
I guess the problem you have is, that even the reports-folder gets forced to https. Is that right?
That would be, because you put that rule first. The general rule order should be: Most specific first, most general last. So your general https enforcing rule should be last. Or at least it must be after your http enforce rule.
Also you only force /reports/ to http. Everything in that directory would be https again. I think you should change it to
RewriteCond %{REQUEST_URI} ^/reports/(.*)$ [NC]
RewriteRule ^(.*)$ http://yourdomain.com/$1 [R=301,L]
If I see it correctly, you enforce everything to not start with www. Put that rule after the reports-http rule and change it to https. This will save you one redirect.
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
Than your https-enforce rule and than the rewrite to page.php if not existing file or directory.
Related
My current .htaccess looks like this:
Redirect 301 /~mysite-net/vlog http://www.example.net/vlog
Redirect 301 /~mysite-net/pp https://www.example.net/pp
Redirect 301 /~mysite-net/pp02 https://www.example.net/pp02
Redirect 301 /~mysite-net/pp03 https://www.example.net/pp03
Redirect 301 /~mysite-net/ http://www.example.net/
RewriteEngine On
RewriteRule ^([A-Za-z0-9]+).html$ https://www.example.net/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^/?(.*?)/?$ index.php?s=$1 [L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ index\.php\?s=([^\s]*)
RewriteRule ^/?(.*?)/?$ %1?%2%3 [L,R=301]
this does what intended so no problem. However, now I need to modify it so it always redirects to the SSL version of my site. It means no matter if the user types http it will always redirect them to https instead.
So I just added these lines at the bottom:
RewriteCond %{HTTP_HOST} ^example\.net [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.net/$1 [R,L]
but it's not working. What am I missing?
May be this can be work
I think you forgot to put RewriteCond %{HTTPS} !on
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
So I just added these lines at the bottom:
RewriteCond %{HTTP_HOST} ^example\.net [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.net/$1 [R,L]
There are two problems with your existing directives:
You have put them in the wrong place in your file - they need to go at the top, not the bottom. By placing them at the end of the file they will only get processed when requesting static resources, because the preceding directives will otherwise "catch" the URL.
You are trying to combine the non-www to www redirect in this directive as well, however, you have omitted the OR flag on the first condition, so it will never redirect requests for http://www.example.net/foo.
In other words, at the top of your file.
RewriteCond %{HTTP_HOST} ^example\.net [NC,OR]
RewriteCond %{SERVER_PORT} 80
RewriteRule (.*) https://www.example.net/$1 [R=301,L]
The RewriteCond %{HTTPS} !on condition mentioned in the other answer is simply an alternative to your SERVER_PORT condition.
I have a https website which has a hidden user area. From there the users has a link which links to a http site. With a referrer the site makes sure that the userers are coming from my site. Other access attemps are blocked.
Since my webstie change to https, there referrer is not working anymore.
My solution attempt so far:
Inside my htaccess I want to stop the https for only one file on the site. Where the link is. My htaccess so far.
ErrorDocument 404 /404.php
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/Mitgliederservice/Infoline/index\.php$ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
I don't understand whether you want to exclude one page or force only one page to https so , if you want to exclude one specific page use the following code :
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/path/to/yourpage\.php$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
otherwise use the following code :
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} ^/path/to/yourpage\.php$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
i am trying to amend my ht access files to redirect access to the site via the https site (rather than the old site)
the first paragraph of ht code below is the part of the access code that only permits access via the root file page.this part works perfeclty.
the second part however is the part that is suppose to re-direct everything to the HTTPS site and prevent access to the http site.This is not working and its still possible to gain access to the site via the http.
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteCond %{REQUEST_URI}::$1 ^(/.+)(.+)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
RewriteRule ^(.*)$ %{ENV:BASE}index.php [NC,L]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#Now, rewrite to HTTPS:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
i would really apprciate advise on how to amend the code.
Try and remove the L from the rewrite rule. Once the rule is met it will stop processing so it will always stop.
Change this
RewriteRule ^(.*)$ %{ENV:BASE}index.php [NC,L]
To
RewriteRule ^(.*)$ %{ENV:BASE}index.php [NC]
See how that works for you.
Edit:
If you want to just direct all traffic and non https to https and the index page the code below does the same thing. Notice I used the domain name. Replace yoursite.com with your real site. See how that works.
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTPS} !^on$
RewriteRule ^(.*)$ https://www.yoursite.com/ [R=301,L]
RewriteCond %{REQUEST_URI} !/$
RewriteCond %{REQUEST_URI} !/index.php
RewriteRule ^(.*)$ / [NC,R=301,L]
I have this rule in my .htaccess
It worked fine while I used only HTTP version.
But now I need HTTPS too.
Right now i'm always redirected to http version of my web.
I need:
If its https i need only execute last rule (last line)
If its http i need execute these three lines
RewriteCond %{HTTP_HOST} ^www\.domain\.com [NC]
RewriteRule ^(.*)$ http://domain.com/$1 [L,R=301]
RewriteRule ^(.*)$ /www/$1 [L,NE]
Can you please suggest changes into my .htaccess file?
You can use:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.domain\.com [NC]
RewriteCond %{HTTPS}s on(s)|
RewriteRule ^(.*)$ http%1://domain.com/$1 [L,R=301]
RewriteRule ^((?!www/).*)$ /www/$1 [L,NC]
I've tried all the answers to similar stack questions and nothing has worked. I need to redirect all to https://www except for example.com/blogs/* and example.com/page-name.
I currently have this:
RewriteCond %{HTTPS} =off
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
RewriteCond %{http_host} ^example.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
which redirects everything except for https://example.com, it will NOT add the www.
You can see for yourself at https://moblized.com
RewriteEngine On
RewriteCond %{HTTPS} =off
RewriteRule ^(.*)$ https://www.moblized.com/$1 [R=301,L]
RewriteCond %{http_host} ^moblized.com [NC]
RewriteRule ^(.*)$ https://www.moblized.com/$1 [R=301,L]
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} blogs
RewriteRule ^(.*)$ http://moblized.com/blogs/$1 [R,L]
# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
</IfModule>
# $Id: .htaccess,v 1.90.2.4 2009/12/07 12:00:40 goba Exp $
AddHandler php5-script .php
Thank you!
I hope I understood you correctly. You want:
redirect from example.com to www.example.com (except /blogs/ and /page-name)
redirect all pages to HTTPS (except /blogs/ and /page-name)
based on your current .htaccess under /page-name you mean /favicon.ico
Here are the rules for the above requirements -- put them into your .htaccess:
# activate rewrite engine
RewriteEngine On
# don't touch favicon.ico (always accept as is regardless of the domain or protocol)
RewriteRule ^favicon.ico$ - [L]
# don't touch /index.php (usually means already overwritten URL)
# otherwise we may enter into a loop
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^index\.php$ - [L]
# ensure trailing slash is present for /blogs -> /blogs/
RewriteRule ^blogs$ http://mobilized.com/blogs/ [R=301,QSA,L]
# /blogs/ should only be accessible via http://example.com/blogs/
RewriteCond %{HTTP_HOST} !^moblized\.com$ [NC]
RewriteRule ^blogs/(.*)$ http://mobilized.com/blogs/$1 [R=301,QSA,L]
RewriteCond %{HTTP_HOST} ^moblized\.com$ [NC]
RewriteCond %{HTTPS} =on
RewriteRule ^blogs/(.*)$ http://mobilized.com/blogs/$1 [R=301,QSA,L]
RewriteRule ^blogs/.* - [L]
# redirect to www.example.com if necessary
RewriteCond %{HTTP_HOST} ^moblized\.com$ [NC]
RewriteCond %{REQUEST_URI} !=/client-ipad-contest
RewriteRule ^(.*)$ https://www.moblized.com/$1 [R=301,QSA,L]
# redirect to HTTPS if not there already
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !=/client-ipad-contest
RewriteRule ^(.*)$ https://www.moblized.com/$1 [R=301,QSA,L]
# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?q=$1 [L,QSA]
BTW, browser most likely will show "Untrusted Certificate" warning if your customer go to https://example.com. This is because HTTPS session has to be fully established first before the request starts processing by Apache's rewrite module.
If that is problem -- then consider buying another SSL certificate (or from another vendor) which will cover both example.com and www.example.com (GoDaddy does this for sure) or get wildcard certificate which will cover all subdomains -- *.example.com (but this most likely will be much more expensive).
UPDATE: After simulating your requirements locally (sorry, I have no SSL with working Apache, so I have replaced it (in my testing) with different kind of rule/domain name) I have revised and updated the rules.
I've tested these rules locally (all pages are very simple, just include 1 image & css and a bit of text) -- everything looking good. Let me know if something does not work.