Ok, so i need to forward all traffic through HTTPS besides on ONE specific page. Here is my current .htaccess code:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
ErrorDocument 404 /404.html
Options -Indexes
So basically i need to forward all traffic through HTTPS BESIDES my /r.php & /l.php & /c.php page, can this be done? I tried doing some research but haven't found too much.
EDIT:
Would this work?
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/r.php$
RewriteCond %{REQUEST_URI} !^/c.php$
RewriteCond %{REQUEST_URI} !^/l.php$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
IT IS HIGHLY RECOMMENDED TO USE A SECURE CONNECTION IF IT IS AVAILABLE TO YOU
RewriteEngine On
RewriteCond %{HTTPS} off
#Add slash(es) before special characters to escape them as literals
RewriteCond %{REQUEST_URI} !^\/r\.php$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
What this does is check if your HTTPS flag is set on the server, if it is not set, and the page is not /r.php then redirects the page to the secure HTTPS equivalant.
EDIT: The /r.php entity needs to have the / and . escaped by having these characters preceeded by backslashes \.
The RewriteCond line "escapes" the /r.php page reference from the Secure connection flag check, it is better to use the proper server flag as detailed here, rather than manual port requests because secure/insecure standard hypertext protocol ports can be ANY port on a server, and it is only convention (and not at all required) that TLS/HTTP ports are 443/80 etc.
You can add a new RewriteRule above your RewriteCond telling apache to process it as is and not applying any more RewriteRules (the L says, stop after matching this rule, (r|c|l) is a regular expression for matching r OR c OR l).
RewriteRule ^/?(r|c|l)\.php$ - [L]
See https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule for more information.
Related
We have installed a SSL for our site and I have created an .htaccess with the following code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
# mobile redirect
RewriteCond %{HTTP_HOST} ^www\mobile.example\.com [NC]
RewriteCond %
{HTTP_USER_AGENT}"android|blackberry|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
RewriteRule ^(.*)$ https://mobile.example.com/$1 [L,R=302]
</IfModule>
This code works great coming from the desktop, but the mobile part is not working. What am I missing?
...but the mobile part is not working.
You've not stated explicitly what the "mobile" part is expected to do. However, the "mobile part" in your code would seem to just be a www to non-www redirect. The HTTP to HTTPS redirect is separate to this and does not differentiate between mobile and desktop (and neither would it necessarily need to).
However, there are several issues with the directives in the "mobile part" that will prevent it from "working" (and also with the HTTP to HTTPS redirect).
The directives are in the wrong order. Both of the external redirects (HTTP to HTTPS and "mobile" www to non-www) should be before the internal rewrite (the first couple of rules)
I assume ENV:HTTPS (that references an environment variable called HTTPS) is as per instruction from your webhost. This is non-standard, although not uncommon with some shared hosts.
RewriteCond %{HTTP_HOST} ^www\mobile.example\.com [NC] - You are missing a dot after the www subdomain (assuming that is what you trying to match). So, this will never match. You are also missing a slash before the dot in the middle of the regex (to match a literal dot, not any character). The CondPattern should presumably read ^www\.mobile\.example\.com in order to match the www subdomain.
RewriteCond % {HTTP_USER_AGENT}"android|blackberry|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC] - You are missing a space after the first argument %{HTTP_USER_AGENT}<here>. Although you also appear to have an erroneous space after the %. Either way, this will fail to match. However, I would also question why you specifically need to match the mobile user-agent here? I would think you need to redirect www to non-www regardless of user-agent? Why would you permit a desktop user-agent access to www.mobile.example.com? So, this condition can perhaps be removed entirely.
Not a bug, but you probably don't need the <IfModule> wrapper, unless these directives are optional and you are porting the same code to multiple servers where mod_rewrite might not be available. See my answer to a related question on the Webmasters stack: https://webmasters.stackexchange.com/questions/112600/is-checking-for-mod-write-really-necessary
Again, not a bug, but the RewriteBase / directive in this block of code is entirely redundant.
Taking the above points into consideration, it should be written more like this:
RewriteEngine On
# HTTP to HTTPS redirect - all hosts
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
# mobile redirect
RewriteCond %{HTTP_HOST} ^www\.mobile\.example\.com [NC]
RewriteCond %{HTTP_USER_AGENT} "android|blackberry|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
RewriteRule (.*) https://mobile.example.com/$1 [R=302,L]
# Front-controller
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Like I said in the notes above, I question the use of the RewriteCond %{HTTP_USER_AGENT} directive to detect mobile-only user-agents. If all users should be redirected www to non-www (as it looks like they should) then simply remove this condition. This should also presumably be a 301 (permanent) redirect once you have confirmed that it works as intended.
Taking this a step further, don't you also want to canonicalise desktop clients as well? ie. Redirect www to non-www on all hosts?
This code works great coming from the desktop
Although there's no reason why this didn't work "great" from mobile either if you were requesting the conanical host, ie. https://mobile.example.com/.
UPDATE: What I need for the .htaccess to do is redirect all traffic - desktop and mobile etc - to the new https instead of HTTP.
By the sounds of it you only need a "simple" HTTP to HTTPS redirect. The "front-controller pattern" that you have seemingly copied from the webhost's article may be in error?
Try the following instead in the root .htaccess file.
RewriteEngine On
# Redirect all requests from HTTP to HTTPS on the same host
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
You should remove all other directives and make sure there are no other .htaccess files in subdirectories.
The REQUEST_URI server variable contains the requested URL-path. This will be required, instead of using a backreference as you had initially, if your mobile subdomain points to a subdirectory off the main domain's document root (which you hint at in comments, but not stated in the question).
You must clear the browser cache before testing and test first with 302 (temporary) redirects before changing to a 301 (permanent) redirect only once you have confirmed the redirect works as intended.
I have recently added an SSL to my sites. I have added the code to the .htaccess file to force the https. The issue is that my external links that go to pages within the site are now being redirected to the homepage. The code I am using is:
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule ^(.*)$ https://www.watsonelec.com%1 [R,L]
I think the issue is in the last line, as the rule is telling it to redirect to the homepage. What I can't seem to find is a rule that will say for it to go to the URL provided in the link but give it an https instead of the HTTP.
I did do a search for this topic, but all the code I found was similar to what I already had. Thank you for all your help.
Update
I have two sites I am trying to work this out for, watsonenerysolutions.com and watsonelec.com.
When I tried
RewriteOptions InheritDownBefore
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule ^(.*)$ https://www.watsonenergysolutions.com/$1 [R,L]
It still sent to the homepage
When I tried
RewriteOptions InheritDownBefore
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule ^ https://www.watsonenergysolution.com%{REQUEST_URI} [R,L]
I received an error message that said Safari can't open the page "https://www.watsonenergysolutions.com/index.php" because Safari can't find server "www.watsonenergysolutions.com"
%N backreferences are what you match in RewriteCond's. In your case, it is empty. That's why anything is going to the homepage.
You need to use $1 or %{REQUEST_URI}, both rules below are equivalent (the second may be faster because you don't -re-match unnecessarily)
RewriteRule ^(.*)$ https://www.watsonelec.com/$1 [R,L]
RewriteRule ^ https://www.watsonelec.com%{REQUEST_URI} [R,L]
Note 1: %{REQUEST_URI} value always begins with a leading /, while what you can match in a RewriteRule never begins with a leading /
Note 2: R flag uses a 302 redirect by default. Maybe you'll want to use a 301 ([R=301,L])
I have a wildcard subdomain (ServerAlias *.mydomain.com) to catch all subdomains requests and redirecting them to the home page while keeping the "fake" URL in the browser and passing the subdomain (city name) as a URL parameter
.htaccess in the subdomain folder:
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(.*)\.(.*)\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%2.%3/index.php?city=%1 [P,L]
</IfModule>
The problem: there is a menu with some links in every page (register.php, login.php, contact.php) and if you select any of them while being in one subdomain, the request (city.mydomain.com/login.php for example) is captured by the condition/rule
I guess I need to add a second set of condition(s)/rule but after some tests can't find the right one. I added this before the one already working:
RewriteCond %{HTTP_HOST} ^(.*)\.(.*)\.(.*)$ [NC]
RewriteCond %{REQUEST_URI} ^/(.*)\.php$ [NC]
RewriteRule ^(.*)$ http://%2.%3/%4 [P,L]
receiving the error:
Bad Gateway!
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /register.php.
Reason: DNS lookup failure for:
If you think this is a server error, please contact the webmaster.
Error 502
city.domaim.com
CentOS 5
Parallels Small Business Panel 10.2.0
Thanks in advance
You may be over complicating this by using mod_rewrite. I'd suggest simply to parse/validate the subdomain (city) and set a constant with straight PHP. For example in a config/init file. In the end, you'll have far greater control over the subdomain, especially in the case of validation.
KISS :)
The error was a naive one, I overlooked that back-references in the substitution string to RewriteCond pattern (%N), refer to the last one matched. Then, in my original rule, %2, %3 and %4 didn't make any sense
Here is the .htaccess working:
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(.*)\.(.*)\.(.*)$ [NC]
RewriteCond %{REQUEST_URI} ^/(.*)\.php$ [NC]
RewriteRule ^(.*)$ http://mydomain.com/%1.php [P]
RewriteCond %{HTTP_HOST} ^(.*)\.(.*)\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%2.%3/index.php?city=%1 [P]
</IfModule>
Besides, the [P] flag implies [L]
The lesson: RTFM! :-)
I would like to force a subset of webpages to https and all other webpages as http.
In htaccess I use the following script that I found in another post, but that wasn't working...
RewriteCond %{HTTPS} off
RewriteRule ^(login|signup)\.php https://%{HTTP_HOST}%{REQUEST_URI} [R,L,QSA]
RewriteCond %{HTTPS} on
RewriteCond ${REQUEST_URI} !(login|signup)\.php
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,QSA]
HTTP is forced as it should be, HTTPS is forced as it should be, but eg https://mywebsite.com/signup produces an infinite loop error in my browser. Any ideas what goes wrong?
I changed to code to the following which seems to work, but now the SSL is only partially implemented due to secure and insecure items on the webpage. I checked the URLS to e.g. images, style sheets and external javascript files bit these are all relative and shouldn't pose a problem... If someone knows how to deal with this I'd be glad to hear it.
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/login$ [OR]
RewriteCond %{REQUEST_URI} ^/signup$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !login$
RewriteCond %{REQUEST_URI} !signup$
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Try adding this line somewhere on top of your .htaccess:
Options +FollowSymLinks -MultiViews
Maybe you have some other rules that do this redirect -- it would be good if you provide whole contents of your .htaccess file.
You may have redirect inside the actual php script.
In any acse -- if you can edit Apache's config files (httpd.conf or httpd-vhost.conf) then you can enable rewrite debugging (RewriteLoglevel 9) and see what exactly is going on -- this is the best option (if you can).
I'm sure there is an easy answer to this question, but I've scoured through through available threads and its either not there or I'm too ignorant to recognize it starting in my face. This seems to be the answer, but I just can't configure correctly.
Question: How do I set up .htaccess so that all subdomains are forwarded to their https equivalents, while also allowing the main domain itself get ported to its https equivalent? In other words:
hxxp://subdomain1.domain.com --> hxxps://subdomain1.domain.com
hxxp://subdomain2.domain.com --> hxxps://subdomain2.domain.com
...and so on, but also...
hxxp://domain.com --> hxxps://domain.com
Current Configuration:
My .htaccess is set up to provide an unconditional forward as follows:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain.com/$1 [R,L]
To achieve what I want, I would think that there must be some way to define a wildcard and pass the result of that wildcard as the subdomain - whether, subdomain1, subdomain2 or a value of nothing - to the actual redirect.
Any help would be much appreciated.
I haven't tested this, but it should allow you to capture the subdomain as well as the request.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(.*)\.yourdomain\.com$
RewriteRule ^(.*)$ https://%1.domain.com/$1 [R,L]
This rule however, will not work for requests that do not contain a subdirectory, so you actually need two rules.
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^yourdomain\.com$
RewriteRule ^(.*)$ https://domain.com/$1 [R,L]
Goto your subdomain folder
Create .htaccess file in this folder
and paste this code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]