Disable SSL for one page - .htaccess

I have a Drupal site that is using SSL for every page. I have the htaccess file configured to force SSL.
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule ^(.*)$ https://domain.org/$1 [R,L]
I now want to disable SSL for just one page. The blog rss feed, because feedburner will not parse https pages. The link is http://domain.org/blog/rss.xml. I have tried multiple things and the only one that even sort of works is below. However it just creates a redirect loop.
RewriteCond %{ENV:HTTPS} on [NC]
RewriteRule ^blog/rss.xml(.*)$ http://domain.org/blog/rss.xml [R,L]
Here is an update of what I tried based on previous answers. It still does not work. Everything seems normal except when I try to go to the blog/rss.xml address (either https or http) it just redirects to the https version of the homepage.
RewriteEngine on
RewriteBase /
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule "(^|/)\." - [F]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule !^blog/rss\.xml https://%{HTTP_HOST}%{REQUEST_URI} [R=302,NC,NE,L]
RewriteCond %{ENV:HTTPS} on [NC]
RewriteRule ^(blog/rss.xml)$ http://%{HTTP_HOST}/$1 [R,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]

Keep your rules like this:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301,NE]
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule !^blog/rss\.xml https://%{HTTP_HOST}%{REQUEST_URI} [R=302,NC,NE,L]
RewriteCond %{ENV:HTTPS} on [NC]
RewriteRule ^(blog/rss.xml)$ http://%{HTTP_HOST}/$1 [R,L]

Related

htaccess redirecting http to https creates redirect loop

I am trying to redirect my website from http to https using .htaccess file. The error I am getting is: website.com redirected you too many times.
Here is my htaccess file:
RewriteEngine On
RewriteBase /
## hide .php extension snippet
# To externally redirect /dir/foo.php to /dir/foo
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]
RewriteRule ^ %1/ [R,L]
# To internally forward /dir/foo to /dir/foo.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.*?)/?$ $1.php [L]
# add a trailing slash
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !/$
RewriteRule . %{REQUEST_URI}/ [L,R=301]
The above works fine and does what it needs to do. The problem comes from the following:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://website.com/$1 [R,L]
RewriteCond %{HTTP_HOST} ^www.website.com [NC]
RewriteRule ^(.*)$ https://website.com/$1 [L,R=301]
I have put "website.com" instead of my own domain in the example above.
I used this :
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
instead of:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://website.com/$1 [R,L]
this fixed my problem
I am using this code to redirect to www and https, and it is working. it should be placed first in the .htaccess file. Errors with redirections can take some time to correct, redirections is cached for some time.
# BEGIN Custom redirect
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# END Custom redirect
You might want something like this:
# BEGIN Custom redirect
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# END Custom redirect

.htaccess redirect non-www and non-http to https://www

I'm trying to redirect:
http://example.extension
https://example.extension
http://www.example.extension
to
https://www.example.extension
using:
RewriteCond %{HTTP_HOST} ^example.extension$ [OR]
RewriteCond %{HTTPS_HOST} ^example.extension$ [OR]
RewriteCond %{HTTP_HOST} ^www.example.extension$ [NC]
RewriteRule (.*) https://www.example.extension$1 [R=301,L]
http://example.extension is redirected to https://www.example.extension, however, I receive the error:
The page isn’t redirecting properly
From this answer, if I change my .htaccess rules to:
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.example.extension%{REQUEST_URI} [R=301,L,NE]
the same symptom occurs, even after clearing the browser cache.
Also, I have some sub-domains I don't want to redirect to www, like:
https://my.example.extension
https://forum.example.extension
I need http://*.example.extension redirected to https://*.example.extension
Other than the rewrite rules I am requesting help with, the only other content in .htaccess is Wordpress related:
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
# END WordPress
# BEGIN MainWP
# END MainWP
Help appreciated.
There is no variable called HTTPS_HOST.
Replace your rule with this rule:
RewriteEngine On
# main domain: add www and turn on https in same rule
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(example\.extension)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L,NE]
# sub domain
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
Make sure to clear your browser cache completely.
With CloudFlare, You must use CloudFlare Page Rules:
https://support.cloudflare.com/hc/en-us/articles/200170536-How-do-I-redirect-all-visitors-to-HTTPS-SSL-
But you can use:
RewriteEngine On
#main domain
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteCond %{HTTP_HOST} ^(?:www\.)?(example\.extension)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L,NE]
#sub-domains
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]

How to avoid redirect from subdomain in htaccess file?

I am currently using this in my htaccess:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
But it has the unfortunate effect of redirecting every call to the mobile site (m.example.com) to the main page. How do I make an exception to m.example.com? I don't know how to setup RewriteRule correctly.
You can use:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^m\. [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
And make sure to clear your browser cache.

Force SSL for eCommerce on Site

I have a series of subdomains like the following on my site:
site.website.com/shop
site2.website.com/shop
For all of my domains where I have my store I'd like this to be forced over SSL. Is there a wildcard for subdomains? How can I do this?
You can do something like this with your .htaccess:
RewriteEngine On
# force https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
# force www for main site
RewriteCond %{HTTP_HOST} ^domain\.com$ [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
# remove www for app site
RewriteCond %{HTTP_HOST} ^www\.(app\.domain\.com)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L,NE]
RewriteCond %{THE_REQUEST} \s/+app[/\s] [NC]
RewriteRule ^ / [R=301,L]
RewriteCond %{HTTP_HOST} ^app.domain.com$
RewriteCond %{REQUEST_URI} !^/app/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /app/$1
RewriteCond %{HTTP_HOST} ^app.domain.com$
RewriteRule ^(/)?$ app/index.php [L]

https to http for all the pages with exception in drupal 7

I have a site running on drupal. Server is https enabled. Now, I want to run all the pages in htp with exception of few pages like:
http ://www.mysite.com/
http ://www.mysite.com/tour.html
http ://www.mysite.com/contact-us.html
exception
https ://www.mysite.com/buynow.html
https ://www.mysite.com/signup.html
How can I do that with .htaccess or by installing any module?
Thanks in advance!
I assume, that you want to redirect people to https, when they request buynow.html or signup.html. For the other pages you want them to use http. Try this .htaccess:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} (^/buynow.html)|(^/signup.html)
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/buynow.html
RewriteCond %{REQUEST_URI} !^/signup.html
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [L]
Update
New .htaccess:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule (.*) $1 [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule (.*) $1 [E=protossl:s]
RewriteRule "(^|/)\." - [F]
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} (^/buynow.html)|(^/signup.html)
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/buynow.html
RewriteCond %{REQUEST_URI} !^/signup.html
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
</IfModule>
You can also use the securepages module to achieve that.
For more information about https and security in Drupal there is a very good documentation.

Resources