Forcing SSL only on the main domain on cPanel - .htaccess

I currently have 3 domains on my cPanel account with HostGator. I am trying to force the main domain to use HTTPS, but all other domains to use HTTP. When I add the following to the main directories .htaccess file, it forces it upon all sub-directories too.
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Is there any way to not make it do this on the other domains?

You just need another RewriteCond and check for the HTTP_HOST so that the RewriteRule is not applied to domains that don't need to have https:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^no-https-needed.example.com$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Related

How to redirect all traffic to https but a specific folder?

This is what I'm using right now to redirect all traffic to https:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I would like to have this configuration but exclude one particular folder. The reason I'm doing this is that I have installed an add-on domain on the current hosting account and while the main domain has an SSL certificate installed, the one that I have recently added doesn't.
Adding the addon domain creates a folder inside the root folder of the primary domains and because I'm redirecting all traffic through the htaccess configuration, it also tries to access the https version of the new addon domain.
You can exclude a folder using a RewriteCond:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} !/someFolder/ [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
You need to add a condition into it, so use this instead:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/foldername
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Clear your cache before testing this.
If I read your question correctly, you would like to redirect all traffic that hits your site to https://, except for a single folder, right?
If that's the case, this should work:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/<folder-name>/
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Just replace with the name of the folder you want to exclude.

Add-On Domain Redirects to HTTPS

I have a GoDaddy shared hosting account with one main domain that uses SSL and now an add-on domain that I do not want to use SSL. I would like to redirect non-https to https for the main domain BUT NOT for the add-on domain. Both sites use Wordpress.
To be clear, the main domain should use https, the add-on domain should not use https.
The problem I am experiencing is addondomain.com is redirecting to https://addondomain.com.
I know the problem can be fixed through my .htaccess file, and I have made several attempts, but each one ends with the add-on domain redirecting back to the main domain. Any insight as to what I need to change on my .htaccess file would be very much appreciated!
Here is what my .htaccess file looks like:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
If you want to redirect just the maindomain to https, just add the following condition to your rule :
RewriteEngine On
##if host=="*maindomain.com"##
RewriteCond %{HTTP_HOST} ^(www\.)?maindomain\.com$
##and scheme ==http(https off)##
RewriteCond %{HTTPS} off
##then redirect the site to https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

.htaccess redirect http to https for only some addon domains

I have a multiple addon domains on my hosting account. I would like to redirect non-https to https for the main domain AND ONLY ONE of the addon domains.
The problem I am experiencing is www.firstaddondomain.com is not redirecting to https://www.firstaddondomain.com. Instead it does not appear to be redirecting at all. It stays at www.firstaddondomain.com.
Note: I do not want to redirect all http to https. I have another addon domain that I do not want redirected to https.
Here is what my .htaccess file looks like:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?maindomain\.com$ [NC]
RewriteRule ^$ https://www.maindomain.com/$1 [R,L]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?firstaddondomain\.com$ [NC]
RewriteRule ^$ https://www.firstaddondomain.com/$1 [R,L]
UPDATE:
Thanks for your answer, anubhava. My first addon domain is actually a .org domain, so my updated .htaccess file is slightly different from your answer.
Here is my updated .htaccess file
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?firstaddondomain\.org$ [NC]
RewriteRule ^ https://www.firstaddondomain.org%{REQUEST_URI} [R=302,L,NE]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?maindomain\.com$ [NC]
RewriteRule ^ https://www.maindomain.com%{REQUEST_URI} [R=302,L,NE]
Your regex isn't capturing $1
Both rules can be combined into one
You can use:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(maindomain|firstaddondomain)\.com$ [NC]
RewriteRule ^ https://www.%1.com%{REQUEST_URI} [R=302,L,NE]
Make sure this rule is your very first rule and placed in DocumentRoot/.htaccess of both domains.
May vary depending on your hosting conditions, however in Godaddy shared hosting environments & withOUT a Wildcard SSL, ie- a single domain SSL cert., This is the only config that managed to exclude an add-on domain from a force HTTPS redirect:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?ADDON_DOMAIN\.com$ [NC]
RewriteRule .* - [L]# This is essential in order to ensure no further conditions are applied after navigating to the add-on domain #
RewriteCond %{HTTPS} off# Now that you've defined your exclusion AND made certain its logic is independent from all other URI Requests, Must re-establish this condition once more #
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

htaccess redirect to HTTPS

I've been trying to figure out a way to redirect only one domain to HTTPS but haven't found a good solution. I was able to redirect all requests to https by using the HTTPS!=on condition but I host multiple domains and only one has SSL.
This gave me some success.
RewriteCond %{HTTP_HOST} ^(127\.0\.0\.1|localhost)$
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
But it doesn't seem to redirect URLs like www.mydomain.com/order/ and mydomain.com/order/
Basically it works only for the main page currently at www.mydomain.com or mydomain.com.
What am I missing?
Your problem is this:
RewriteCond %{HTTP_HOST} ^(127\.0\.0\.1|localhost)$
That says, "Only use the next RewriteRule if the host is 127.0.0.1 or localhost, exactly." If you host mydomain.com on that same server, it won't match. You need to add the name of the domain you want to redirect. Example:
RewriteCond %{HTTP_HOST} ^(www\.)?mydomain\.com$
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Mod Rewrite - multiple condition

I have a certain sub-domain which requires an SSL connection for all pages on that subdomain.
This is my current .htaccess script:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]
I have a single page on the subdomain which must not have SSL access (causes issues with accessing files on another server without a certificate).
My mod_rewrite knowledge is very limited. I've done a search but can't find what I need.
My question is, the page which must not have https is called 'tutorial.php'. Is there a way to redirect all pages except tutorial.php to https?
I guess in pseudo-code, the RewriteCond would be similar to:
RewriteCond %{SERVER_PORT} 80 AND {WEB_PAGE}!='tutorial.php'
Thanks
Try this:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !/tutorial\.php
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]
RewriteCond %{HTTPS} on
RewriteRule ^tutorial\.php$ http://%{HTTP_HOST}/tutorial.php [R,L]

Resources