I am running Apache/2.2.15 on Centos 6.6 and am using a free certificate from StartCom. My home page file is /var/www/index.php so I create a file /var/www/.htaccess with the following content, as suggested here.
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e. http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context
However, entering
myWebSite.com
in the URL box brings up my site in http protocol. If I enter
https://myWebSite.com
instead, I get my site in https protocol. My goal is to get my site in https protocol by simply entering
myWebSite.com
and I cannot see why the .htaccess file is not effecting that.
It doesn't appear that your .htaccess file is being read. So make sure you have AllowOverride All in your config.
Also for your rules, I wouldn't use SERVER_NAME, that isn't always set and sometimes is not correct. I would either use HTTP_HOST variable or your actual domain name. You also should specificy 301 for your redirect because without it 302 is default. You want this to be a permanent redirect.
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !^on [OR]
# This checks to make sure the connection is not already HTTPS
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^/?(.*)$ https://example.com/$1 [R=301,L]
I also made it where it would remove the www since you don't show your are using it.
Related
Our software uses a file on our website to check if it is valid and is hardcoded into the software, I want our site to go to https but want the directory for this file left as http.
You can add .htaccess to your website root directory with following configuration:
# This will enable the Rewrite capabilities
RewriteEngine On
# This checks to make sure the connection is not already HTTPS
RewriteCond %{HTTPS} !=on
# This checks file name is not file.txt
RewriteCond %{REQUEST_FILENAME} !file.txt
# This redirects to all requests to https
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
Please check this reference for more info.
I hope you can help with this htaccess issue please? I basically have the htaccess rules working apart from in one scenario. This is the case where a user visits the site on a non HTTPS and non WWW links.
Re-Directs
User visits on http/non-WWW URL
User is redirected initially to the http/WWW URL
User is then redirected to https://www.website
You can see the behaviour here:
http://childrens-curtains.co.uk
All other scenarios work fine.
I want to try to remove the 2nd redirect from the sequence so it behaves like this:
User visits on http and is immediately redirected to the https/www version without the 2nd step (if that makes sense?)
The current scenario causes multiple re-directs, which I understand is a bad approach from an SEO perspective.
This is my htaccess redirect rule:
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [L,R=301]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context
You can try this code keepin into .htaccess file.
To add www add following code.
RewriteCond %{HTTP_HOST} ^**domainname**\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.domainname\.com$
RewriteRule ^index\.html$ "http\:\/\/www\.domainname\.com\/" [R=301,L]
To add http add following code.
RewriteCond %{HTTP_HOST} ^domainname.com [NC]
RewriteRule ^(.*)$ http://www.domainname.com/$1 [L,R=301]
Which will add both http as well as www to URL.
Thanks.
Can any one please help me how redirect all http://example.com and http://www.example.com to https://www.example.com. I have recently purchased an ssl for my site and hence needed it to be redirected. Redirecting using .htaccess will be more useful for me. Thanks in advance.
There are a lot of solutions out there. Here is a link to the apache wiki which deals with this issue directly.
http://wiki.apache.org/httpd/RewriteHTTPToHTTPS
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*)$ https://www.example.com/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e. http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context
I've been trying to limit access to a specific subdomain via the server port, e.g. it can only be accessed from subdomain.domain.com:8443 and no other ports.
I'm currently using hostgator for my webhost, and it's already been setup such that subdomain.domain.com points to the correct subdirectory.
Now in the htaccess file, I'm currently trying this:
Options +FollowSymLinks
RewriteEngine on
RewriteBase /subdomain
RewriteCond %{SERVER_PORT} !^8443$
RewriteRule ^ - [F]
RewriteCond %{SERVER_PORT} ^8443$
RewriteRule ^(.*)$ http://%{HTTP_HOST}/subdomain/$1 [R=301,L]
As far as the blocking of other ports goes, it seems to work since accessing either subdomain.domain.com or www.domain.com/subdomain, I get a 403 forbidden page. But I can't get it to load the normal content correctly when I do access it via subdomain.domain.com:8443 or www.domain.com:8443/subdomain. Am I doing the rewrite conditions and rules correctly?
Thanks!
The R=301 tells the server to do a redirect, not a (silent) rewrite. So, when you load via 8443, the user is redirected to http://%{HTTP_HOST}/subdomain/$1 without the port 8443 specification and they are then blocked by the first rule. If you do a curl -I on subdomain.domain.com:8443 you should see the 301 redirect code rather than 200.
Remove the R=301 and remove the full domain specification in the final RewriteRule to leave:
RewriteRule ^(.*)$ subdomain/$1 [L]
This should do a silent rewrite of the content.
I am working on a Drupal site for which the client has requested that we remove the 'www.' from the URL. This is super easy and I've done it before; I simply comment out the suggested lines in the Drupal-generated .htaccess file like so:
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment the following:
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
Those of you familiar with Drupal's .htaccess will know that the environment variable protossl is set towards the top of the file like so:
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
This is working perfectly on my local environment, but when I deployed the change to the production site it breaks. www.mysite.com redirects to mysite.com as expected, but https://www.mysite.com also redirects to mysite.com instead of https://mysite.com. It seems that the %{HTTPS} variable is returning 'off' even when it should be 'on'.
I can go directly to https://mysite.com and it works perfectly. The site's Apache access logs show 'https://' where I expect it to be, as do all of my HTTP requests. The site is running on a RackSpace server using a load balancer (only one node in the balancer). The SSL certificate is on the RackSpace load balancer. I have tried the following steps and none have had any results:
Replace RewriteCond with RewriteCond %{ENV:HTTPS} on [NC]
Replace RewriteCond with RewriteCond %{SERVER_PORT} ^443$
Multiple variations and combinations of the above RewriteCond's
Added $conf['https'] = TRUE; to settings.php
This is driving my coworkers and I crazy. Can anyone help?
anubhava has saved the day! The solution was to use the %{HTTP:X-Forwarded-Proto} variable just as he suggested. I updated the protocol detection bit of my .htaccess to look like this:
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
# The default proto detection provided by Drupal does not work on our
# production server because it sits behind a load-balancing server.
# This additional RewriteCond makes sure we can detect the forwarded proto
RewriteCond %{HTTP:X-Forwarded-Proto} https [OR]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
I'm gonna call this a crunchwrap supreme, 'cause it is good to go!