Codeigniter 3 + multilingual + https - .htaccess

I have a website with both english and french
My htaccess rules works perfectly, but I would like to force https.
I have been trying few examples here and there, but I think because I am using a bilingual system, it doesn't work as expected.
Here is my htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# If your default controller is something other than
# "welcome" you should probably change this
# RewriteRule ^(app(/index)?|index(\.php)?)/?$ / [L,R=301]
RewriteRule ^(.*)/index/?$ $1 [L,R=301]
RewriteCond $1 !^(index\.php|images|assets|robots\.txt)
RewriteCond %{REQUEST_URI} !(\.css|\.js|\.png|\.jpg|\.eot|\.ttf|\.svg|\.woff|\.woff2|\.gif|robots\.txt)$ [NC]
RewriteRule ^(.*)$ /index.php/$1 [L]
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#add this one as first rule
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
# If your default controller is something other than
# "welcome" you should probably change this
# RewriteRule ^(app(/index)?|index(\.php)?)/?$ / [L,R=301]
RewriteRule ^(.*)/index/?$ $1 [L,R=301]
RewriteCond $1 !^(index\.php|images|assets|robots\.txt)
RewriteCond %{REQUEST_URI} !(\.css|\.js|\.png|\.jpg|\.eot|\.ttf|\.svg|\.woff|\.woff2|\.gif|robots\.txt)$ [NC]
RewriteRule ^(.*)$ /index.php/$1 [L]
</IfModule>
# Note: It’s also recommended to enable HTTP Strict Transport Security (HSTS)
# on your HTTPS website to help prevent man-in-the-middle attacks.
# See https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</IfModule>

Related

Can't redirect http requests to https

Hello I want to redirect my http requests to https. I add some code to .htaccess but still I can access to my website with http. What's wrong and what should I do?
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule . /index.html [L]
</IfModule>
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteOptions inherit
Header set content-Security-Policy: upgrade-insecure-requests
With your shown attempts, could you please try following htaccess rues set. Since you are using inherit option for Rules, so in case you want to apply https in all URLs then better put your htpps rules in your BASE(very first level folder wise) htaccess file and we need not to put them here, if you want to only apply https to URLs which are covered here then use following style rules.
Please make sure to clear your browser cache before testing your URLs.
<IfModule mod_rewrite.c>
RewriteOptions inherit
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule . /index.html [L]
</IfModule>
Header set content-Security-Policy: upgrade-insecure-requests
The following code redirect any URL of your domain to HTTPS version and set HSTS:
#Redirect HTTP a HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#HSTS
<if "%{HTTPS} == 'on'">
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
</if>

htaccess 301 redirect to root and remove query string

I am trying to redirect various pages with query strings in htaccess.
An example of the URL to be redirected is:
/item.htm?item_id=ACPEMEG465P-VE&product
I want to use a wildcard to catch anything alphanumeric after item_id*.
I want to redirect to the root domain and remove the query string. So after reviewing several guides, I have come up with:
RewriteCond %{QUERY_STRING} item_id(.*)$
RewriteRule ^item\.htm$ /? [L,R=301]
...But this doesn't seem to do anything - I'm just getting a 404. Can anyone tell me where I've gone wrong? I'm on Apache 2.4.6
Here is the htaccess:
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# security measures
Header always set X-Frame-Options "sameorigin"
Header always set Referrer-Policy "same-origin"
Header always set Feature-Policy "geolocation 'self'; camera 'none'; microphone 'none'"
# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
RewriteCond %{QUERY_STRING} item_id(.*)$
RewriteRule ^item\.htm$ /? [L,R=301]
# BEGIN rlrssslReallySimpleSSL rsssl_version[3.3.4]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
#wpmu rewritecond companydomain.com
RewriteCond %{HTTP_HOST} ^companydomain\.com [OR]
RewriteCond %{HTTP_HOST} ^www\.companydomain\.com [OR]
#end wpmu rewritecond companydomain.com
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
# END rlrssslReallySimpleSSL
I have removed sections for compression, mod_mime, mod_headers and mod_expires as they are not relevant
Your new redirect rules comes after this rule:
RewriteRule . index.php [L]
This rule is rewriting all non-files and non-directories to /index.php and also updating REQUEST_URI variable to /index.php. Due to this your new rule:
RewriteCond %{QUERY_STRING} item_id(.*)$
RewriteRule ^item\.htm$ /? [L,R=301]
Will not execute because REQUEST_URI is not /item.htm anymore.
Once you move this rule to the top it works because REQUEST_URI is still /item.htm.

Avoid multiple redirects in contao

I have analyzed my website with the portal web.dev from Google. This told me that I have too many redirects if I call the URL without www and with http:
It goes first to https and without www, then to http with www and only then to https and www.
This is my htacces file:
<IfModule mod_headers.c>
# Allow access from all domains for webfonts (see contao/core-bundle#528)
<FilesMatch "\.(ttf|ttc|otf|eot|woff2?|font\.css)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
<files serviceaccount.json>
Order allow,deny
Deny from all
</files>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
RewriteCond %{HTTP:Authorization} .
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^app\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ - [L]
RewriteRule ^ %{ENV:BASE}/app.php [L]
</IfModule>
I don't see at all where these redirects are implemented. I also found this variant to redirect directly. Even if I put them in the htaccess file, the redirects remain as described above.
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(.*)$ [NC]
RewriteRule (.*) https://www.%1/$1 [R=301,L]
</IfModule>
Can you tell me how all these redirects come about and why the last code snippet doesn't work?
Some of those redirects might be done by your Hoster. Also, in newer Contao versions, Contao automatically redirects to https in the front end, if HTTPS is enabled in the respective website root's settings in the back end.
In any case, you should implement the redirects yourself, e.g. in your web/.htaccess. For example:
# Redirect to www subdomain
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Note: the www redirect would redirect any domain that does not start with www. to www.. If you have a multidomain setup with different subdomains, you will need to adjust the www. redirect accordingly.

http redirects to https, not working 100%

The code below works fine other than no http urls are getting redirected with full url to the https... they get thrown to root with a 301. Even http urls with section.php are getting redirected correctly to the full https url.
See here, how the http redirect doesn't work.
http://www.jamavarrestaurants.com/s/6/mayfair-private-dining-with-private-room
Working here, but we don't want section.php in the url.
http://www.jamavarrestaurants.com/section.php/6/mayfair-private-dining-with-private-room
NOTE: Just to confuse matters we have copied the section.php file which contains the SEF checks and URL structure and made a copy "s.php" which gets used now or should. Same for products.php, article.php and discount.php
Any help would be very much appreciated.
#Header append X-FRAME-OPTIONS "SAMEORIGIN"
RewriteEngine On
RewriteBase /
## HTTP > HTTPS (only works for this format
http://www.jamavarrestaurants.com/section.php/3/1/mayfair-restaurant )
## see: http://www.codexworld.com/redirect-non-www-to-www-http-to-https-
using-htaccess-file/
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.jamavarrestaurants.com%{REQUEST_URI} [NE,L]
## RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
# RewriteRule ^index\.php$ https://www.jamavarrestaurants.com/ [R=301,L]
#
## Added beciause the catch all 404 redirect was sending to /index
# RewriteRule ^index?$ https://www.jamavarrestaurants.com [L,R=301,NC]
#
### JSHOP CORE REWRITE RULES ###
################################
#<IfModule mod_rewrite.c>
Options +SymlinksIfOwnerMatch +MultiViews
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*?).php/(.*?) $1.php?$2
## special rewrite rules for shortened urls ##
RewriteRule ^section.php/(.*) /s/$1 [R=301,L]
RewriteRule ^section/(.*) /s/$1 [R=301,L]
#
### To remove section page if 1 which is default for most (unless products
span more)
RewriteRule ^s.php/(.*)/1/(.*) /s/$1/$2 [R=301,L]
#RewriteRule ^s/(.*)/1/(.*) /s/$1/$2 [R=301,L]
#
RewriteRule ^product.php/(.*) /p/$1 [R=301,L]
RewriteRule ^product/(.*) /p/$1 [R=301,L]
RewriteRule ^article.php/(.*) /a/$1 [R=301,L]
RewriteRule ^article/(.*) /a/$1 [R=301,L]
RewriteRule ^discount.php/(.*) /d/$1 [R=301,L]
RewriteRule ^discount/(.*) /d/$1 [R=301,L]
#</IfModule>
###########################
# The rest
############################
Refactor and reorder your rules. Replace your .htaccess with this:
Options +SymlinksIfOwnerMatch +MultiViews
RewriteEngine On
RewriteBase /
## HTTP > HTTPS (only works for this format
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/+(\S*)\sHTTP [NC]
RewriteRule ^ https://www.jamavarrestaurants.com/%1 [NE,L,R=301]
## special rewrite rules for shortened urls ##
RewriteRule ^section(?:\.php)?/(.*)$ /s/$1 [R=301,L]
### To remove section page if 1 which is default for most (unless produccts span more)
RewriteRule ^s\.php/(.*)/1/(.*) /s/$1/$2 [R=301,L]
RewriteRule ^product(?:\.php)?/(.*)$ /p/$1 [R=301,L]
RewriteRule ^article(?:\.php)?/(.*)$ /a/$1 [R=301,L]
RewriteRule ^discount(?:\.php)/(.*)$ /d/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*?)\.php/(.*)$ $1.php?$2 [L,QSA]
Make sure to completely clear your browser cache before testing this change.
curl test output:
curl -kI -A "Chrome" 'http://www.jamavarrestaurants.com/s/5/mayfair-food-and-wine-menus'
HTTP/1.1 301 Moved Permanently
Date: Mon, 20 Mar 2017 21:40:31 GMT
Server: Apache
Location: https://www.jamavarrestaurants.com/s.php/5/mayfair-food-and-wine-menus
Content-Type: text/html; charset=iso-8859-1

Safely move my blog?

My blog is currently located at:
example.com/blog
with posts being something like:
example.com/blog/my-post
I want to edit my htaccess file so anyone that accesses
example.com/blog/my-post
would end up at:
example.com/my-post
How can I do this with an htaccess file?
UPDATE
Right now I have:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# www.
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
</IfModule>
That will forward any non-www traffic to www. However, I need to modify this to support /blog as well. I don't think my syntax is right:
RewriteCond %{HTTP_HOST} ^example\.com/blog$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
?
You cannot match /blog using HOST_NAME variable.
Have your htaccess like this:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# www.
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [L,R=301,NE]
RewriteRule ^blog/(.*)$ /$1 [L,NC,R=301]
</IfModule>
This assumes there is no .htaccess in /blog/ directory. However if it is there for some reason then use this rule as first rule in /blog/.htaccess:
RewriteEngine On
RewriteRule ^(.*)$ /$1 [L,R=301]

Resources