Force SSL for eCommerce on Site - .htaccess

I have a series of subdomains like the following on my site:
site.website.com/shop
site2.website.com/shop
For all of my domains where I have my store I'd like this to be forced over SSL. Is there a wildcard for subdomains? How can I do this?


You can do something like this with your .htaccess:
RewriteEngine On
# force https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
# force www for main site
RewriteCond %{HTTP_HOST} ^domain\.com$ [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
# remove www for app site
RewriteCond %{HTTP_HOST} ^www\.(app\.domain\.com)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L,NE]
RewriteCond %{THE_REQUEST} \s/+app[/\s] [NC]
RewriteRule ^ / [R=301,L]
RewriteCond %{HTTP_HOST} ^app.domain.com$
RewriteCond %{REQUEST_URI} !^/app/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /app/$1
RewriteCond %{HTTP_HOST} ^app.domain.com$
RewriteRule ^(/)?$ app/index.php [L]

Related

.htaccess redirect non-www and non-http to https://www

I'm trying to redirect:
http://example.extension
https://example.extension
http://www.example.extension
to
https://www.example.extension
using:
RewriteCond %{HTTP_HOST} ^example.extension$ [OR]
RewriteCond %{HTTPS_HOST} ^example.extension$ [OR]
RewriteCond %{HTTP_HOST} ^www.example.extension$ [NC]
RewriteRule (.*) https://www.example.extension$1 [R=301,L]
http://example.extension is redirected to https://www.example.extension, however, I receive the error:
The page isn’t redirecting properly
From this answer, if I change my .htaccess rules to:
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.example.extension%{REQUEST_URI} [R=301,L,NE]
the same symptom occurs, even after clearing the browser cache.
Also, I have some sub-domains I don't want to redirect to www, like:
https://my.example.extension
https://forum.example.extension
I need http://*.example.extension redirected to https://*.example.extension
Other than the rewrite rules I am requesting help with, the only other content in .htaccess is Wordpress related:
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
# END WordPress
# BEGIN MainWP
# END MainWP
Help appreciated.

There is no variable called HTTPS_HOST.
Replace your rule with this rule:
RewriteEngine On
# main domain: add www and turn on https in same rule
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(example\.extension)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L,NE]
# sub domain
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
Make sure to clear your browser cache completely.

With CloudFlare, You must use CloudFlare Page Rules:
https://support.cloudflare.com/hc/en-us/articles/200170536-How-do-I-redirect-all-visitors-to-HTTPS-SSL-
But you can use:
RewriteEngine On
#main domain
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteCond %{HTTP_HOST} ^(?:www\.)?(example\.extension)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L,NE]
#sub-domains
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]

htaccess which allows both http and https - change to allow/redirect to https only

I have inherited the following htaccess, and am having issues getting it to always redirect to https.
Currently it allows for both http://www and https://www, but I'm wanting it to always redirect to https://www (subdomains should always redirect to https://subdomain.example.com)
All my attempts so far have caused 500 errors, so I'm obviously missing something.
AddDefaultCharset UTF-8
RewriteEngine On
Options +FollowSymLinks
RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
RewriteCond %{HTTPS}s on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^([^.]+)\.example.com$ [NC]
RewriteCond %{REQUEST_URI} !sub/
RewriteRule (.*) /sub/$1 [L]

You can tweak your rules as:
AddDefaultCharset UTF-8
Options +FollowSymLinks
RewriteEngine On
# handle sub-domains
RewriteCond %{HTTP_HOST} ^(?!www\.)[^.]+\.example\.com$ [NC]
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
# handle main domain
RewriteCond %{HTTP_HOST} ^example\.com$ [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,R=301,NE]
RewriteCond %{HTTP_HOST} ^(?!www\.)[^.]+\.example\.com$ [NC]
RewriteCond %{REQUEST_URI} !^/sub/ [NC]
RewriteRule (.*) sub/$1 [L]

I have 3 rules on .htaccess that is not function at same time Friendly URLs, Force HTTPS and Not WWW

Friendly URLs
RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^(.*)$ ?url=$1
Forcing 'https://'
RewriteEngine On
RewriteCond %{HTTP:CF-Visitor} !'"scheme":"http"'
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}$1 [L]
Suppressing www. at the beginning of URLs
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
I'm using CloudFlare and when I activate all, it's return a loop.

Have your rules like this:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\. [NC,OR]
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=302,L,NE]
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^(.*)$ ?url=$1 [L,QSA]
Make sure to test this after clearing your browser cache.

Disable SSL for one page

I have a Drupal site that is using SSL for every page. I have the htaccess file configured to force SSL.
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule ^(.*)$ https://domain.org/$1 [R,L]
I now want to disable SSL for just one page. The blog rss feed, because feedburner will not parse https pages. The link is http://domain.org/blog/rss.xml. I have tried multiple things and the only one that even sort of works is below. However it just creates a redirect loop.
RewriteCond %{ENV:HTTPS} on [NC]
RewriteRule ^blog/rss.xml(.*)$ http://domain.org/blog/rss.xml [R,L]
Here is an update of what I tried based on previous answers. It still does not work. Everything seems normal except when I try to go to the blog/rss.xml address (either https or http) it just redirects to the https version of the homepage.
RewriteEngine on
RewriteBase /
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule "(^|/)\." - [F]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule !^blog/rss\.xml https://%{HTTP_HOST}%{REQUEST_URI} [R=302,NC,NE,L]
RewriteCond %{ENV:HTTPS} on [NC]
RewriteRule ^(blog/rss.xml)$ http://%{HTTP_HOST}/$1 [R,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]

Keep your rules like this:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301,NE]
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule !^blog/rss\.xml https://%{HTTP_HOST}%{REQUEST_URI} [R=302,NC,NE,L]
RewriteCond %{ENV:HTTPS} on [NC]
RewriteRule ^(blog/rss.xml)$ http://%{HTTP_HOST}/$1 [R,L]

.htaccess WildCard SSL for sub-domain

I setup .htaccess file for my domain and sub-domain. If I write manually https then both working fine but I want to force so that no one can open without https.
Also I want WWW with my main domain and Sub-domain without WWW. Below is my .htaccess code,
RewriteEngine On
RewriteCond %{HTTP_HOST} ^app.domain.com$
RewriteCond %{REQUEST_URI} !^/app/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /app/$1
RewriteCond %{HTTP_HOST} ^app.domain.com$
RewriteRule ^(/)?$ app/index.php [L]
And Is it possible to redirect user to sub-domain if they type www.domain.com/app/

You can insert these 2 rules:
RewriteEngine On
# force https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
# force www for main site
RewriteCond %{HTTP_HOST} ^domain\.com$ [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
# remove www for app site
RewriteCond %{HTTP_HOST} ^www\.(app\.domain\.com)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L,NE]
RewriteCond %{THE_REQUEST} \s/+app[/\s] [NC]
RewriteRule ^ / [R=301,L]
RewriteCond %{HTTP_HOST} ^app.domain.com$
RewriteCond %{REQUEST_URI} !^/app/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /app/$1
RewriteCond %{HTTP_HOST} ^app.domain.com$
RewriteRule ^(/)?$ app/index.php [L]

Resources