I am experienceing some .htaccess redirect issues.
Mainly I do not care if the user is on https unless I send them there, I have found alot of resources on how to force https, but that is not what I am trying to do.
this is a example of my htaccess:
Options -Indexes
Options -MultiViews
<filesMatch "\.(html|htm|txt|js|htaccess)$">
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</ifModule>
</filesMatch>
ErrorDocument 404 /404.php
RewriteEngine On
#RewriteCond %{HTTPS} !=on
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#Main site rules
RewriteRule ^about/?$ about.php [NC,L]
I am able to force https using:
#RewriteCond %{HTTPS} !=on
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
But then the example rule which redirects to about.php does not work.
How do I allow for https in my redirects?
I also experimented with:
Define servername www.example.com
Define SSL
But I did not understand its function or implementation.
Related
I'm trying to get:
example.com/curriculum/<curriculum name>/unit/<unit name>/
to rewrite to:
example.com/curriculum/unit/?c=<curriculum name>&u=<unit name>
so far I have:
RewriteRule ^/curriculum/([A-Za-z0-9_-]+)/unit/([A-Za-z0-9_-]+)/?$ https://www.example.com/curriculum/unit/?c=$1&u=$2
Considering that:
RewriteRule ^curriculum/([A-Za-z0-9_-]+)/?$ https://www.example.com/curriculum/?c=$1
works as expected, I assume my syntax is off, as when loading, I just get error 404, with the URL not rewritten from its original format. To clarify, /curriculum/unit does exist.
Any guidance or advice on what I need to do to make this work? Thanks!
Update
Full .htaccess file as requested:
### activate mod_expires
ExpiresActive On
### Expire .gif's 1 month from when they're accessed
ExpiresByType image/gif A2592000
### Expire everything else 1 day from when it's last modified
### (this uses the Alternative syntax)
ExpiresDefault "modification plus 1 day"
### Apply a Cache-Control header to index.html and styles.css
###Cross-Site Scripting protection
Header always set X-Xss-Protection "1; mode=block"
###Disallow websites to frame legacycars - user protection
Header always append X-Frame-Options SAMEORIGIN
<IfModule mod_headers.c>
#No Cache browser revalidates on each request and fetches new version IF contents change based on ETag or Last-Modified response
<FilesMatch "\.(html|php)$">
Header set Cache-Control "no-cache"
</FilesMatch>
#DAY Stock and Cover images expire at the end of each day, but must be checked for changes
<FilesMatch "\.(jpg|jpeg)$">
Header set Cache-Control "max-age=86400, public, must-revalidate"
</FilesMatch>
#WEEK Icons and badges expire after a week
<FilesMatch "\.(ico|png|gif|swf|svg|xml)$">
Header set Cache-Control "max-age=604800, public"
</FilesMatch>
#MONTH Site framework expires after a month, but must be checked for changes
<FilesMatch "\.(js|css|json)$">
Header set Cache-Control "max-age=2628000, public, must-revalidate"
</FilesMatch>
#Hide .credentials
<FilesMatch ".credentials.php">
Order allow,deny
Deny from all
</FilesMatch>
Options +FollowSymLinks -MultiViews
ErrorDocument 404 https://www.example.com/error/404.html
ErrorDocument 403 https:/www.example.com/error/403.html
# Turn mod_rewrite on
RewriteEngine On
#Rewrite curriculum and unit to GET vars
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^curriculum/([\w-]+)/unit/([\w-]+)/?$ curriculum/unit/?c=$1&u=$2 [L,QSA,NC]
RewriteRule ^curriculum/([\w-]+)/?$ curriculum/?c=$1 [L,QSA,NC]
# Externally redirect direct client requests for subdomain-subdirectory URLs
# to subdomain URLs without subdomain-subdirectory URL-path
Redirect permanent /sd_manage/ https://manage.example.com
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^manage(.*)$ https://manage.example.com [R=301,L]
RewriteRule ^manage/(.*)$ https://manage.example.com/$1 [R=301,L]
# Rewrite root subdomain to www
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^ https://www.example.com%{REQUEST_URI} [R=301,L,NE]
# Rewrite valid subdomains to the secure site
RewriteCond %{HTTPS} off
# RewriteCond %{HTTP_HOST} ^(www|manage)\.example\.com$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
</IfModule>
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php71” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php71 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
You may keep these 2 rewrite rules:
ErrorDocument 404 /error/404.html
ErrorDocument 403 /error/403.html
Options +FollowSymLinks -MultiViews
RewriteEngine On
# Externally redirect direct client requests for subdomain-subdirectory URLs
# to subdomain URLs without subdomain-subdirectory URL-path
RewriteRule ^sd_manage/ https://manage.example.com [L,R=301,NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?example\.com$ [NC]
RewriteRule ^manage(/.*)?$ https://manage.example.com$1 [R=301,L,NC,NE]
# Rewrite root subdomain to www
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
# Rewrite valid subdomains to the secure site
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
#Rewrite curriculum and unit to GET vars
RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ - [L]
RewriteRule ^curriculum/([\w-]+)/?$ curriculum/?c=$1 [L,QSA,NC]
RewriteRule ^curriculum/([\w-]+)/unit/([\w-]+)/?$ curriculum/unit/?c=$1&u=$2 [L,QSA,NC]
I have added the Acces Control Allow Origin header to my htaccess file, and it is being used if i check it with cURL:
curl -I https://mywebsite.nl/assets/fonts/TheanoDidot-Regular.woff2
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 17 Apr 2019 11:32:12 GMT
Content-Length: 54360
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Wed, 17 Apr 2019 09:31:50 GMT
ETag: "d458-586b68e298fde"
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Wed, 17 Apr 2019 11:32:12 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS,DELETE,PUT
But when I load this font file from another domain it still gets blocked:
Access to font at 'https://mywebsite.nl/assets/fonts/TheanoDidot-Regular.woff2' from origin 'https://myotherwebsite.nl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Do i miss something important?
My full htaccess:
# Turn on Expires and set default to 0
ExpiresActive On
ExpiresDefault A0
# Set up caching on media files for 1 year (forever?)
<filesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav)$">
ExpiresDefault A29030400
Header append Cache-Control "public"
</filesMatch>
# Set up caching on media files for 1 week
<filesMatch "\.(gif|jpg|jpeg|png|swf)$">
ExpiresDefault A604800
Header append Cache-Control "public"
</filesMatch>
# Set up 2 Hour caching on commonly updated files A7200
<filesMatch "\.(xml|txt|html|js|css)$">
ExpiresDefault A604800
Header append Cache-Control "proxy-revalidate"
</filesMatch>
# Force no caching for dynamic files
<filesMatch "\.(php|cgi|pl|htm)$">
ExpiresActive Off
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</filesMatch>
<FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET,POST,OPTIONS,DELETE,PUT"
</IfModule>
</FilesMatch>
#HSTS
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} ^www.mywebsite.nl$ [NC]
RewriteRule ^(.*)$ https://mywebsite.nl/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
RewriteBase /
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} "/assets/"
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php/$1 [L]
RewriteBase /
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
# Submitted by: ElliotHaughin
ErrorDocument 404 /index.php
Okay I already found the problem. My server is using a combination of apache and nginx. I had to add the following setting to my nginx.conf file
location ~* \.(eot|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin *;
}
For me this was possible with DirectAdmin at custom-httpd settings
I was wondering the correct syntax to check the main page (e.g. abc.com or localhost), for writing a if/else statement for the .htaccess file. Thanks.
<If "abc.com" OR "localhost">
<FilesMatch "\.(css|js|txt)$">
<IfModule mod_expires.c>
ExpiresActive Off
</IfModule>
<IfModule mod_headers.c>
FileETag None
Header unset ETag
Header unset Pragma
Header unset Cache-Control
Header unset Last-Modified
Header set Pragma "no-cache"
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Expires "Mon, 10 Apr 1972 00:00:00 GMT"
</IfModule>
</FilesMatch>
</If>
<Else>
<FilesMatch ".(css|jpg|jpeg|png|gif|js|ico)$">
Header set Cache-Control "max-age=2592000, public"
</FilesMatch>
</Else>
Do you mean something like this
<ifModule mod_rewrite.c>
RewriteEngine on
<If "%{HTTP_HOST} == 'abc.com'">
RewriteRule ^/?$ /index.php?pages=abc&file=index [NC,L,QSA]
</If>
<If "%{HTTP_HOST} == 'localhost'">
RewriteRule ^/?$ /index.php?pages=localhost&file=index [NC,L,QSA]
</If>
</ifModule>
Here is another example
RewriteEngine On
# Conditional Settings
<If "(%{HTTP_HOST} -strmatch '192.168.254.*')">
# Localhost/XAMPP
#RewriteBase /XAMPP-Sites/projectX/public_html/
# No need for a default domain
</If>
<Else>
# Live
#RewriteBase /
# Ensure this is the default domain
#RewriteCond %{HTTP_HOST} .
#RewriteCond %{HTTP_HOST} !^www\.projectX\.com [NC]
#RewriteRule (.*) http://www.projectX.com/$1 [R=301,L]
</Else>
https://forums.modx.com/thread/92638/one-htaccess-to-rule-them-all
I have inserted the following in the .htaccess of my site in order to be admitted to the HSTS preload list:
<ifModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</ifModule>
The problem is that when I submit my site, I obtain:
Warning: Unnecessary HSTS header over HTTP.
The HTTP page at
http: //fabriziorocca.it sends an HSTS header. This has no effect over
HTTP, and should be removed.
At the moment I use the following in the .htaccess in order to switch from http to https:
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
How can I solve the problem?
Thank you in advance.
Below your redirect rules add the code:
Header always set Strict-Transport-Security "max-age=31536000;
includeSubDomains; preload" env=HTTPS
I added in htaccess works perfectly for me.
RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Use HTTP Strict Transport Security to force client to use secure connections only
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" "expr=%{HTTPS} == 'on'"
env=HTTPS not works now.
Try with:
<ifModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" "expr=%{HTTPS} == 'on'"
</ifModule>
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
No...
Error: HTTP redirects to www first
http://domain.fr (HTTP) should immediately redirect to https://domain.fr (HTTPS) before adding the www subdomain. Right now, the first redirect is to https://www.domain.fr/. The extra redirect is required to ensure that any browser which supports HSTS will record the HSTS entry for the top level domain, not just the subdomain.
I am trying to make partners readable on the website i.e. http://domain.com/partners. but the pinnaclecart doesn't allow it to be readable or accessable on the browser. i created the directory partners so i could write the whole different files from the pinnaclecart.
inside .htaccess: you can see "partners" at the end.
EDIT II
RewriteEngine ON
RewriteRule ^homepage.html$ index.php
RewriteRule ^home.html$ index.php
<IfModule mod_headers.c>
Header unset ETag
FileETag None
<FilesMatch "(?i)^.*\.(ico|flv|jpg|jpeg|png|gif|js|css)$">
Header unset Last-Modified
Header set Expires "Fri, 21 Dec 2020 00:00:00 GMT"
Header set Cache-Control "public, no-transform"
</FilesMatch>
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} ^$
RewriteRule ^((.)?)$ index.php?p=home [L]
RewriteCond $1 /var/www
RewriteRule ^(.+)$ / [L]
RewriteCond $1 !^(\#(.)*|\?(.)*|admin\.php(.)*|ses\/(.)*|ecc\/(.)*|index\.php(.)*|login\.php(.)*|\.htaccess(.)*|images\/(.)*|\.htaccess\.back(.)*|3cc4da-pinnacle_zend_3\.7\.7_sdk\.zip(.)*|dump\.sql(.)*|content\/(.)*|download\.php(.)*|readme\.txt(.)*|in_case_of_install\/(.)*|robots\.txt(.)*|images\.zip(.)*|partners\/(.)*)
RewriteRule ^(.+)$ index.php?url=$1&%{QUERY_STRING} [L]
</IfModule>
<IfModule mod_deflate.c>
<FilesMatch "\.(js|css|ico|flv|jpg|jpeg|png|gif)$">
SetOutputFilter DEFLATE
</FilesMatch>
</IfModule>
Why is it not accessable on the browser?
EDIT
is there no answer to this for solutions?
As people mentioned you may wish to post more of your .htaccess file to help debugging, but I couldn't help but notice that the last part of your regex reads:
partners\/(.)
This seems odd as it will only match single letter items in that directory. So I am not 100% sure its your problem but I suspect you intended that to read:
partners\/(.)*