.htaccess : One directory goes to https, everything else goes http - .htaccess

This seems simple enough, but the documentation and search results on mod_rewrite are a bit lacking. In the interest of saving time, can someone explain to me the best way to direct my traffic?
If the url is /show/checkout I want https://servername.com/show/checkout. If the url is anything else, I want it to go to http://servername.com/show/whatever.
I've got mod_rewrite enabled. I am able to send all traffic to https, but I haven't succesfully filtered out /show/checkout traffic. This doesn't work because there is some insecure images/scripts that are causing security warnings in some browsers.
Thanks!
Current .htaccess that sends all traffic to https:
Order allow,deny
Allow from all
Deny from 65.208.151.
Options -Indexes
AddHandler fastcgi-script .fcgi
AddDefaultCharset UTF-8
AddDefaultCharset ISO-8859-1
DirectoryIndex index.cgi
RewriteEngine on
RewriteRule ^/(.*)$ http://myserver.com/$1 [R,L]
RewriteRule ^show/product/(.*)$ ?content=product;title=$1 [QSA,L]
RewriteRule ^show/(.*)/(.*)$ ?content=$1;nth=$2 [QSA,L]
RewriteRule ^show/(.*)$ ?content=$1 [QSA,L]
RewriteRule ^place/order$ ?email=order [QSA,L]
RewriteRule .htm$ /

This rule:
RewriteRule ^/(.*)$ http://myserver.com/$1 [R,L]
doesn't do anything, since URI's used to match on won't start with a /. Not just that, this rule is simply a redirect loop.
Remove that and try adding this:
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_REFERER} !show/checkout
RewriteCond $1 !^show/checkout
RewriteRule ^(.*)$ http://servname.com/$1 [L]
RewriteCond %{HTTPS} off
RewriteCond $1 ^show/checkout
RewriteRule ^(.*)$ https://servname.com/$1 [L]

Related

Redirect http to https and www to non-www in .htaccess

First of all, I know there are lots of answers on this, but I don't actually find one that works. This is what I have in the .htaccess file right now, and I want to mention that it worked previously, but it does not anymore.
Redirect 301 /unt-de-cacao-de-plaja/filtre/producator/crisnatur/ /ingrijire-corporala/unt-cacao/unt-de-cacao-pentru-plaja-100g
Options +FollowSymlinks
# Prevent Directoy listing
Options -Indexes
# Prevent Direct Access to files
<FilesMatch "(?i)((\.tpl|\.ini|\.log|(?<!robots)\.txt))">
Require all denied
## For apache 2.2 and older, replace "Require all denied" with these two lines :
# Order deny,allow
# Deny from all
</FilesMatch>
# SEO URL Settings
RewriteEngine On
# If your opencart installation does not run on the main web folder make sure you folder it does run in ie. / becomes /shop/
RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=extension/feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=extension/feed/google_base [L]
RewriteRule ^system/download/(.*) index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
# FORCE HTTPS AND NON WWW
RewriteEngine on
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
As a mention, I will have a lot of Redirect 301 from old pages to the new ones since the entire structure has been changed.
And the links that I am redirecting inside my website come with "www" like:
https://www.example.com/unt-de-cacao-de-plaja/filtre/producator/crisnatur/
and needs to be redirected to:
https://example.com/ingrijire-corporala/unt-cacao/unt-de-cacao-pentru-plaja-100g
Redirect to https and non-www
To instead redirect all requests to https and non-www, use the following code instead of the previous:
Canonical HTTPS/non-WWW
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule (.*) https://example.com/$1 [L,R=301]
</IfModule>
As before, place this code in the root .htaccess of your site. Here is what it's doing:
Checks if mod_rewrite is available
Checks if HTTPS is off, or if the request includes www
If either condition matches, the request qualifies and is redirected
to the https/non-www address
OR
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
A few issues, in order of importance:
You have your canonical HTTP to HTTPS and www to non-www redirects at the end of the file. By placing it at the end of the file, after your front-controller, it's simply never going to be processed for most requests. This needs to be near the start of the .htaccess file, before your front-controller.
You should avoid mixing redirects from both mod_alias (Redirect) and mod_rewrite (RewriteRule) in the same scope. Different modules execute at different times throughout the request, despite their apparent order in the config file. Since mod_rewrite is required for other redirects, you should convert the mod_alias Redirect directives to use RewriteRule instead.
For example:
RewriteRule ^unt-de-cacao-de-plaja/filtre/producator/crisnatur/$ /ingrijire-corporala/unt-cacao/unt-de-cacao-pentru-plaja-100g [R=301,L]
You should include the canonical scheme and hostname in your URL redirects in order to avoid multiple redirects when requesting an "old" URL at a non-canonical scheme ot hostname.
For example:
RewriteRule ^unt-de-cacao-de-plaja/filtre/producator/crisnatur/$ https://example.com/ingrijire-corporala/unt-cacao/unt-de-cacao-pentru-plaja-100g [R=301,L]
Depending on what you mean exactly by "a lot of Redirect 301" - you should not be doing this at all in .htaccess and instead redirecting in your server-side script, once you have determined that the request will 404. This is to prioritise normal site visiters and not your redirects (that get executed on every single request).
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
Since you stated that these directives worked previously then I assume the use of the HTTPS environment variable is OK on your system. But note that, whilst this is relatively common, it's non-standard. (It implies the server is using some kind of SSL front-end/proxy.)
Note that the order of these rules will result in a double redirect when requesting http://www.example.com/<anything> (HTTP + www). Which is necessary if you are implementing HSTS, but otherwise, you should reverse these two rules to avoid this unnecessary double redirect.

Redirect to HTTPS with URI & without www

I have the same problem as the User in this thread. I basically want to redirect all http requests to https without www using htaccess.
I have implemented a solution to this problem and it does a pretty good job.
However, it does not redirect to the corresponding URI. If I visit my website on port 80 example.com/news I will be redirected to https://example.com/index.php which is basically the root page..
I really need your help guys, I totally have no clue about htaccess..
EDIT This is what my mod_rewrite looks like..
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
The issue probably is that you first rewrite to index.php and then make an external redirection. Try changing the order of the rules. Note that the L flag only terminates the current walk through the rule set. It is restarted after that. So first do the external direction to switch to the https protocol, then do the internal rewriting if that is corrected.

Forward Slash Removal and Redirect Rules Interfering

I currently have two redirect rules that might be interfering
The first rule takes domain.com/star/name-here and uses domain.com/star.php?view=name-here and displays the data at domain.com/star/name-here
The name-here is what's pulling the data form the database to build the page.
The next rule removes all forward slashes from the end of urls for SEO reasons.
The problem happens when domain.com/star/name-here/ is entered, the data is still displayed but the URL ends up as domain.com/star/name-here?view=name-here/
Can these rules coexist?
Options +FollowSymLinks
RewriteEngine On
RewriteRule ^star/(.+)$ star.php?view=$1 [NC]
RewriteRule ^(.*)/$ /$1 [R=301,L]
It can use that:
Options +FollowSymLinks
RewriteEngine On
RewriteRule ^star/(.+)/?$ star.php?view=$1 [NC,L]
RewriteRule ^(.*)/$ /$1 [R=301,L]
You need the redirect first, and you need to make sure you're not redirecting requests for directories, otherwise mod_dir will cause a redirect loop:
Options +FollowSymLinks -Multiviews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [R=301,L]
RewriteRule ^star/(.+)$ star.php?view=$1 [NC,L]
also, a good thing to do here is to make sure multiviews is turned off.

htaccess subdomain rewrite keep www

I've set up wildcard domains locally for testing on .dev
I'm trying to rewrite the following URL:
http://location.domain.dev/
to
http://www.domain.dev/site/location
I would like any requests with www in the subdomain to always go to www.domain.dev but if any request is made to location.domain.dev, I would like to keep that request in the address bar (i.e i dont want people to see the underlying change)
I currently have the following in my .htaccess
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^([^.]+)\.domain\.dev
RewriteRule ^(.*)$ http://domain.dev/site/%1 [QSA,NC]
# Removes index.php
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?/$1 [L]
</IfModule>
Is this even possible?
You're pretty close. In order to not redirect the browser (causing the address bar to change) you need to get rid of the http://domain.dev part of the rewrite rule's target:
RewriteRule ^(.*)$ /site/%1/$1 [QSA,NC]
assuming that both *.domain.dev and www.domain.dev have the same document root. If they're different, you may have to enable mod_proxy and add a P flag so that the request gets proxied instead of redirecting the browser:
RewriteRule ^(.*)$ http://domain.dev/site/%1/$1 [QSA,NC,P]

.htaccess add trailing slash after domain

How can I re-inforce the forward slash after domain - situation like this:
http://www.domain.com
to become
http://www.domain.com/
At the moment I have something like this:
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} !^www\.domain\.com$ [NC] [AND]
RewriteCond %{HTTP_HOST} !^(.*)\.domain\.com$ [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* /index.php [L]
</IfModule>
I've tried different things, but cannot get it to work.
http://example.com and http://example.com/ are the same URL. You don't need to do anything at all. See RFC 3986 for details.
Edit: Because this is inexplicably being voted down despite being completely correct, please see section 6.2.3 in particular:
the following four URIs are equivalent:
http://example.com
http://example.com/
http://example.com:/
http://example.com:80/
Most if not all browsers add the / by default. However browsers recently decided to hide the http:// and the / after from the user (it however still sends them). The other thing is that mod_dir which is installed in pretty much all apache installations already does a 301 redirect if the / is not present. So I thing you want to solve something that isn't a problem to begin with.

Resources