I know that there exists several posts asking about the exact same thing. I asked the same question again, since I've read each and every one of them, and tried the solutions. Maybe they worked for the O.Ps'es codes, but unfortunately didn't work for mine.
I really need to disable HTTPS on a single PHP page called play.php, so that the page is accessible via direct HTTP, or redirect to HTTP if directly requested via HTTPS.
I need to change https://example.com/play/blabla to http://example.com/play/blabla, while the rest of the site is forced HTTPS.
Here is my full .htaccess code:-
Header set Access-Control-Allow-Origin "*********"
ErrorDocument 404 /pagenotfound.php
ErrorDocument 403 /pagenotfound.php
Options -MultiViews
RewriteEngine on
RewriteBase /
Options +FollowSymLinks
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteRule ^search/(.*)$ viewgames.php?search=$1 [L,QSA,NC]
RewriteRule ^category/(.*)$ viewgames.php?cat=$1 [L,QSA,NC]
RewriteRule ^users/(.*)$ users.php?action=$1 [L,QSA,NC]
RewriteRule ^play/(.*)/$ play.php?gn=$1 [L,QSA,NC]
RewriteRule ^play/(.*)$ play.php?gn=$1 [L,QSA,NC]
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^([a-z]+)/?$ $1.php [L,NC]
I have a script called play.php which is rewrited using .htaccess to /play/ i.e if someone requests example.com/play/foobar, the request will be sent to example.com/play.php?gn=foobar.
I'm very new to .htaccess. I will really appreciate your help.
[Edit] I have updated the above code to show my full .htaccess. I hope it helps. BTW, the stars (*) on the first line of code is to hide my actual website address.
Here is full .htaccess with my comments:
Header set Access-Control-Allow-Origin "*********"
ErrorDocument 404 /pagenotfound.php
ErrorDocument 403 /pagenotfound.php
Options +FollowSymLinks -MultiViews
RewriteEngine on
RewriteBase /
# it is important to keep www removal rule as first rule to avoid multiple redirects
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L,NE]
# http->https if URL is not starting with /play/ or /play.php
RewriteCond %{HTTPS} !on
RewriteRule !^play(?:\.php|/.*)?$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE,NC]
# https->http if URL is starting with /play/
RewriteCond %{HTTPS} on
RewriteRule ^play(?:/.*)?$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE,NC]
RewriteRule ^search/(.*)$ viewgames.php?search=$1 [L,QSA,NC]
RewriteRule ^category/(.*)$ viewgames.php?cat=$1 [L,QSA,NC]
RewriteRule ^users/(.*)$ users.php?action=$1 [L,QSA,NC]
RewriteRule ^play/(.+?)/?$ play.php?gn=$1 [L,QSA,NC]
# make sure to check for presence of .php file before rewrite
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^([a-z]+)/?$ $1.php [L,NC]
It is important to completely clear browser cache or use a new browser of testing the changes.
You can disable https to your play.php URI using the following RewriteRule
RewriteEngine on
RewriteCond ℅{REQUEST_URI} play\.php$ [OR]
RewriteCond ℅{REQUEST_URI} /play
RewriteCond ℅{HTTPS} on
RewriteRule ^ http://℅{HTTP_HOST}℅{REQUEST_URI} [L,NE,R]
This will redirect https://example.com/play.php to its non SSL version.
Since your rule already checks http urls , you can also add a condition to your rule to exclude the play.php from HTTPS redirection something like the following :
RewriteCond %{HTTPS} off
#redirect all to https except /play and /play.php
RewriteCond %{REQUEST_URI} !play
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
I have a site with the following working code in .htaccess to get friendly URLs:
RewriteEngine On
RewriteRule ^([^_]*)_([^_]*)\.html$ /?s=scheda&id=$1&slug=$2 [L]
RewriteRule ^([^/]*)\.html$ /?s=$1 [L]
Since I installed a SSL certificate, I need to update my .htaccess to redirect http contents to https. I found this code:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
And I tried to add it to my .htaccess:
RewriteEngine On
RewriteRule ^([^_]*)_([^_]*)\.html$ /?s=scheda&id=$1&slug=$2 [L]
RewriteRule ^([^/]*)\.html$ /?s=$1 [L]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
but I get a "Too many redirect problem" error.
What's wrong?
Thanks a lot.
This error indicates you are looping, and I can see only one rule that could loop :
RewriteRule ^([^/]*)\.html$ /?s=$1 [L]
This redirects a.html to ?s=a.html which matches this same rule.
But it shouldn't work in http too. Can you confirm ?
After some twerking I have managed to redirect my site from http to https, as well as other redirects. Glad it works, but there is only one problem! My subdomain pages redirect to the domain home page. I have tried various exclusion methods, but I can't crack it. I would appreciate you help!
(Would like to run the blog in https as well.)
RewriteEngine on
Options +FollowSymLinks
RewriteCond %{THE_REQUEST} ^.*/index\.html
RewriteRule ^(.*)index.html$ https://www.westhavenretreat.com/$1 [R=301,L]
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(.*)
RewriteRule ^.*$ https://%1/$1 [R=301,L]
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.westhavenretreat.com/$1 [L,R=301]
RewriteEngine On
RewriteCond %{HTTP_HOST} !^(.*)\.(.*)\. [NC]
I went the entire website to be accesed only with https.
In .htaccess to i written the following rule
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.my-website.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.my-website.com/$1 [R,L]
But it causes "This webpage has a redirect loop"
Anyone can guide me a fix for this.
Normally with a single site, you can use that:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^ https://www.my-website.com%{REQUEST_URI} [R=301,L]
Can we make https for only home page i.e., for
example.com or http://example.com or www.example.com or http://www.example.com
remaining all pages should start with http.
I have tried like this but it isn't worked
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} "^/$"
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} ^(.*)$
RewriteRule ^(.*) http://%{HTTP_HOST}%{REQUEST_URI}
Not really tested but should do the magic
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/?$ https://%{HTTP_HOST}/ [R,L]
RewriteCond %{SERVER_PORT} ^443$
RewriteRule !^/?$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
You can also redirect like this in a .htaccess at root level:
DirectoryIndex index.html
Redirect 301 /index.html https://www.website.com/
This is not secure. Read OWASP a9 and set the HSTS flag to make your entire website HTTPS only.
HTTP is a mistake and if you are doing this for "performance" you are a fool. HTTPS is extremely light weight.