I'm moving a site to cloud hosting that provides SSL but at a subdomain. My question is can a secure page (with no certificate - so it displays untrusted) be redirected to the right place?
https://www.domain.com to https://web242.secure-secure.co.uk/domain.com
This is what I've attempted (placed in the root) so far but it doesn't do anything:
RewriteEngine on
RewriteBase /
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !web242.secure-secure.co.uk
RewriteRule ^(.*)$ https://web242.secure-secure.co.uk/domain.com/$1 [R=301,L]
It doesn't work with this in either (although I'm not sure where to try it):
RewriteCond %{HTTP:X-Forwarded-SSL} on
Thanks
Related
I know it has been asked many times here, but can't find the right configuration for my setup.
Requirements:
http://www.example.com & https://www.example.com (& example.com) have to redirect to https://test.example.com . (Notice it is a subdomain)
https://sub_1.example.com is to be EXCLUDED and not redirected. (Notice the subdomain has an 'underscore')
What I Have:
RewriteEngine On
RewriteBase /
# EXCLUDE following sub-domains.
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^sub_1\.example\.com$ [NC]
RewriteCond %{HTTP_HOST} !^test\.example\.com$ [NC]
# REDIRECT to
RewriteRule (.*) https://test.example.com/$1 [R=301,L]
>> ISSUE:
My https://sub_1.example.com is in fact an API that feeds a mobile app. When I use the above code, the mobile fails. So it seems that the sub-domain is not properly excluded and protected from the re-direct.
Would appreciate some help in cleaning it up.
FIXED !!
Needed to add an exception before the existing rules, since I needed to exclude https://sub_1.example.com/api
RewriteCond %{HTTP_HOST} ^sub_1\.example\.com [NC]
RewriteRule ^api - [L]
I have follwing htaccess for redirecting to www, https and index.html to /:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteBase /
RewriteRule ^index\.html$ / [NC,R,L]
On the website I use a wordpress blog on /blog, which gives this error if I try to access it:
ERR_TOO_MANY_REDIRECTS
I can fix this by swaping the rule order, first comes redirect to www and then https, but then the redirect to www does not work
Okay I found the issue. As a programmer you really should check from time to time what people who have some access to site settings are doing.
In the wordpress login for the admin in settings -> general a custom domain was entered which was https://example.com/blog etc. which means wordpress blog redirected back to the version without www.
The fix is to add www to the wordpress setting.
Force "https" and "www" redirect
I am trying to see if there is a way to redirect url to https://www.example.com
For example, if people are entering the url http://example.com/subfolder, then it should redirect to https://www.example.com/subfolder.
This is a Wordpress website. If I go to Settings => General => I see WordPress Address(URL) and Site Address (URL) are grayed out so I can't enter any url. Both shows as http://example.com
I went to phpMyAdmin=> option table to change the WordPress Address (URL) and Site Address (URL) to https://www.example.com but I still see the http://example.com on my wordpress general setting panel.
I looked at the wp-config file and found the following code that appears to be preventing me from entering custom url.
define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST']);
define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST']);
define('WP_CONTENT_URL', '/wp-content');
define('DOMAIN_CURRENT_SITE', $_SERVER['HTTP_HOST']);
It seems like the WordPress Address(URL) and Site Address(URL) are enforced by the codes here.
My hosting provider recommanded using htaccess to enforce the ssl by putting the code below:
#Force SSL on entire site
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule ^(.*)$ https://(YOURDOMAIN)/$1 [R,L]
But this guide doesn't really tell us how to enforce www as well.
I found another guide here .htaccess - how to force "www." in a generic way? that explains how to enforce domain.com to www.domain.com. This one supposedly also check https and implement to the rewrite rule.
RewriteEngine On
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Now, someone else is recommanding the following code below, claiming that the first one above will only work if you want all sub-domains forwarded to www.yourdomain.com. I am just confused which one I need to choose?
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I am trying to see which option would be the best solution to implement the force redirect? Or should I get rid of those four define() codes from wp-config file so I can setup redirect with wordpress general setting?
I've used different codes provided here on other questions' solutions and on the internet. I'm really not savvy with htaccess. Bought and confirmed working SSL Certificate, but I'm new to applying these redirects.
Goal:
I need to rewrite http to https on the following directories.
http://mydomain.com/products-page/checkout
http://mydomain.com/products-page/your-account
http://mydomain.com/wp-login
I'm on shared hosting via Dreamhost. I have a dedicated IP, if that helps.
Initial code I was using recommended to me by a Dreamhost representative:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} wp-login
RewriteRule ^(.*)$ https://mydomain.com/wp-login/$1 [R,L]
Try these rules in the htaccess file in your document root.
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} ^(/wp-login|/products-page/checkout|/products-page/your-account)
RewriteRule ^(.*)$ https://mydomain.com/$1 [R,L]
The first condition checks if the request isn't HTTPS, the second checks if the request starts with either /wp-login, /products-page/checkout, or /products-page/your-account, and if both apply, then the rewrite simply takes the entire URI and redirects to https://.
I have an SSL certificate for the 'www' subdomain of a web site we'll call example.com.
Therefore I can force SSL, but if the user doesn't enter 'www.example.com' into their browser, the SSL certificate appears invalid.
I wish to accomplish this with mod_rewrite rules in an .htaccess file at the root of the web site.
No matter what URI the user enters, (e.g. example.com, www.example.com, https://example.com, example.com/folder/file.html, etc.), I want to force the HTTPS and the www subdomain, keeping whatever URI they provided, of course.
I was playing around with the .htaccess file and some rules, as I've already done some research, but I don't have much experience with mod_rewrite or .htaccess. I think I found the SVN revision that almost worked for me, but not quite. Here it is:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTP_HOST} ^example.com [nc]
RewriteRule ^(.*)$ https://www.example.com/$1 [r=301,nc]
Try not to laugh too hard at my file; it is mostly derived from examples I found online.
Any pointers are appreciated! =)
Try this:
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteRule ^ https://www.example.com%{REQUEST_URI} [R=301]