I was using http and recently installed ssl certificate and now images are no longer loading.
But i figured it out that it's the following line in my .htaccess.
What does this line do and how do i modify it to to allow https?
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
Do i really need this line?
Thanks.
Rule says return FORBIDDEN HTTP 403 to the image file requests. You may safely comment out/remove the directive.
Related
I like to simplify code if possible but I am not to familiar with .htaccess, I had error documents redirect rule hard coded
ErrorDocument 403 http://example.com/error/404
Then I made it
ErrorDocument 403 http://%{HTTP_HOST}/error/404
my question is so that the .htaccess does not have to be manually modified is there a way to tell it if its https or http? because the above example if i use https ill have to hard code https I would like to check automatically.
Don't use an absolute URL in the ErrorDocument directive
ErrorDocument 403 http://example.com/error/404
You shouldn't be using an absolute URL in the ErrorDocument directive to begin with! This will trigger a 302 response (ie. a 302 temporary redirect) to the target URL. So, this won't send a 403 (or 404) response back to the user-agent on the first response.
(This format of the ErrorDocument directive should only be used in very exceptional circumstances since you also lose a lot of information about the URL that triggered the response in the first place.)
To internally serve a custom error document on the same server, this should be a root-relative URL, starting with a slash (no scheme or hostname). For example:
ErrorDocument 403 /error/404
However, /error/404 is unlikely to be a valid end-point. This should represent a valid resource that can be served. eg. /error/404.html.
(And this naturally gets round the issue of having to specifying HTTP vs HTTPS.)
To answer your specific question...
because the above example if i use https ill have to hard code https
(Although, arguably, you should be HTTPS everywhere these days.)
However, to do what you are asking, you could do something like the following using the REQUEST_SCHEME server variable, for example:
ErrorDocument 403 %{REQUEST_SCHEME}://%{HTTP_HOST}/error/404
Or, if the REQUEST_SCHEME server variable is not available then you can construct this from the HTTPS server variable using mod_rewrite and assign this to an environment variable. For example:
RewriteEngine On
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ - [E=PROTO:http%1]
ErrorDocument 403 %{reqenv:PROTO}://%{HTTP_HOST}/error/404
The %1 backreference contains s when HTTPS is on and is empty otherwise. So the PROTO environment variable is set to either http or https.
This does assume that the SSL is managed by the application server and not a front-end proxy (like Cloudflare Flexible SSL etc.).
I've got a strange problem with https not redirecting to http. I need https://indudlgeinbrighton.co.uk to redirect to http://indulgeinbrighton.co.uk It's on a shared server and I'm getting a strange cross over with the https. When https is put in, it's loading information for a completely different website hosted on the server.
https://indulgeinbrighton.co.uk is the URL affected. I don't normally share the URLs I'm working on, but in the case I think it might be helpful to see what's going on. Where it's showing data for a website called Churchill, obviously this is a bit of a problem. I've tried putting in all the solutions provided on this page How do you redirect HTTPS to HTTP? into the root .htaccess but it's not working. The htaccess is working fine, because when I switched it to load the other way from http to https it worked fine.
I can only assume it's reading the htaccess file from the other site when it's looking at the https version. As I know which site it is, that's easy enough to locate, but what could I put in that htaccess file to redirect this particular url query without affecting https redirects on the other site?
Thank you.
try this in your .htaccess
RewriteEngine On
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ http://indulgeinbrighton.co.uk/$1 [R,L]
this is for security measure
The page at 'https://indulgeinbrighton.co.uk/' was loaded over HTTPS,
but requested an insecure script
'http://churchillbrighton.com/wp-content/themes/brighton-hotels/js/avia.js?ver=3'.
This request has been blocked; the content must be served over HTTPS.
you can try to do this in PHP
$protocol = isset($_SERVER["HTTPS"]) ? 'https' : 'http';
or include always external files in https
I am trying to redirect URLs such as www.mysite.com/foo/bar to www.mysite.com/foo/index.php?foo=bar.
To do this I am using a couple of lines in the .htaccess file, they are as follows:
RewriteEngine On
RewriteRule ^foo/([a-z]+)/?$ foo/index.php?bar=$1 [NC,L]
This works great for connections made over HTTP but I really need this to work over HTTPS as well. When I go to https://www.mysite.com/foo/bar I just get presented with the 404 Not Found error page.
Any help to get this working over HTTPS (or an explanation as to why it cannot be done over HTTPS) would be great. Thanks.
EDIT:
After reading a few comments here is a bit of an update.
I do have an SSL certificate for the site and HTTPS is working fine elsewhere on the site
The document root is the same for both the HTTPS and the HTTP versions of the site. I checked this out using echo $_SERVER['DOCUMENT_ROOT']; - both return the same thing.
I did notice that (when I removed my customised 404 page) that the error shown is: The requested URL document_root/public_html/foo/index.php was not found on this server. I do not have any idea why this might be the case when, if I access the file directly, I can use it fine.
Hopefully this extra info might help a bit.
After some more searching for solutions and looking at examples of .htaccess files I found the solution. I needed to add the following line to my .htaccess file:
RewriteBase /
I am still unsure as to why, without this line, it worked using HTTP but not HTTPS but everything is working well with the addition of this line.
I am no expert in this area but I found a nice explanation of what RewriteBase does here (Line 4): http://randomtype.ca/blog/the-wordpress-htaccess-file-explained/
I have a simple 404 redirect in a .htaccess file which works fine for Http requests:-
ErrorDocument 404 /apps/handle_error.php
The handle_error.php returns an appropriate PNG image depending on the URL path. However, when I replace the request with Https, it returns the default 404 error page and never does the redirect.
I know my SSL certificate is installed correctly as I get valid content returned for normal static pages. Is there something I am missing in my htaccess file regarding 404 error redirects for Https requests?
(A similar question was asked here but with no clear resolution)
After much soul searching I found the answer, for my specific case anyway.
My Apache2, mod_ssl and mod_rewrite was not configured correctly to work together. The default AllowOverride setting in my SSL config was set to "None" and mod_rewrite requires a minimum of AllowOverride of "FileInfo".
(To be fair, I got my answer from ServerFault)
Maybe this is a silly question but I want to check. if I have .htaccess file at example.com with the line:
ErrorDocument 404 http://someotherdomain.com
Would this be successful in redirecting mailicious bots that are looking for files to exploit at example.com? (I want to redirect them to someotherdomain.com) - assuming of course that the file does not exist.
ALSO, does this 404 redirect work on windows servers or just linux?
Thanks in advance
see this for more details. it works on both windows and linux servers!