htaccess rewrite for MSIE to non https - .htaccess

I want to convert my site to SSL. The certificates etc are all in place and tests great on all browsers except early IE.
I'm trying to get around this by leaving the site as 'non-HTTPS' for those (few?) who still use IE.
I've tried several possible solutions without success - I thought this one would work but it doesn't...
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} .*MSIE.*
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}[R,L]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Any help would be appreciated

Just in case anyone else is looking for a solution to this particular issue. After much trial & error (more error and it was a trial) i found that this works:
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} "MSIE [6-9]" [NC]
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{SERVER_PORT} 443
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I wanted this so that visitors who use old IE browsers could still visit the site and not be put off by Certificate error messages generated by IE

Related

Exclude specific browsers (Puffin and Photon) from HTTP/HTTPS rewrite in .htaccess

So my site is going secure. Except one directory (/da) has old Flash content (that I cannot edit) that simply refuses to work under SSL. So, I pieced a few StackOverflow user solutions (THANK YOU!) together, wrote a HTTP --> HTTPS rewrite where I carve out an exception for the /da directory and got that much working just fine.
The only issue is with mobile browsers which play Flash content (such as Puffin and Photon). For some reason, they don't like the rewrite code and continue to open the /da directory under HTTPS... thus the Flash content doesn't work.
I thought that I could just exclude those browsers from the rewrite, but I can't get that piece to work. Please see below and let me know what I'm doing wrong. It's the "Puffin|BonEcho" line which I'm trying to get to work. Am I doing it wrong?
Or is there a better solution? Is there a way to get Puffin and Photon to comply with the HTTP/HTTPS rewrite script?
Thanks!
RewriteEngine On
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
# Force HTTPS for anything which isn't /da
RewriteCond %{HTTPS} =on
RewriteCond %{THE_REQUEST} ^[A-Z]+\s/da [NC]
RewriteCond %{HTTP_USER_AGENT} !"Puffin|BonEcho" [NC,OR]
RewriteRule ^(da) http://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
# Force HTTP for anything which is /da
RewriteCond %{HTTPS} !=on
RewriteCond %{THE_REQUEST} !^[A-Z]+\s/da [NC]
RewriteRule !^da https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
# Remove index.php from URLs
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1

.htaccess redirecting both www and non-www to https

I am using .htaccess. I am trying to redirect http://www.example.co.uk AND http://example.co.uk to the secure https. I have searched on this site and tried all the suggestions, but none work. I have approached my hosting company and they have tried with no joy.
One example I used is -
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^example\.co.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.co.uk$
RewriteRule ^(.*)$ https://www.example.co.uk/$1 [R,L]
Another example code I use is -
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://zapstudio.co.uk%{REQUEST_URI} [L,NE,R=301]
The error comes up as follows on Firefox:
The page isn’t redirecting properly Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies.
There is no other coding in my .htaccess file than the code inserted. Please, can anyone shed any light on this.

htaccess conditions AND statements?

at the end of my .htaccess i redirect all url that i consider faulty.
this works perfect but i need an exception for my own pc
for my firefox browser i want the server to react as every other request
for my chrome browsers i want full access to all files on the server
i do it this way and it works:
RewriteCond %{REQUEST_URI} !=/index.php
RewriteCond %{REQUEST_URI} !=/retpic.php
RewriteCond %{REQUEST_URI} !^/pcs/.*$
RewriteCond %{REMOTE_HOST} ^11\.11\.1\.11$
RewriteCond %{HTTP_USER_AGENT} Firefox
RewriteRule . index.php [L]
RewriteCond %{REQUEST_URI} !=/index.php
RewriteCond %{REQUEST_URI} !=/retpic.php
RewriteCond %{REQUEST_URI} !^/pcs/.*$
RewriteCond %{REMOTE_HOST} !^11\.11\.11\.11$
RewriteRule . index.php [L]
but i end up doubling the whole code... is there a more elegant solution like combining the following with an AND statement? (i found something about an OR statement but not about AND)
RewriteCond %{REMOTE_HOST} ^11\.11\.1\.11$
RewriteCond %{HTTP_USER_AGENT} Firefox
edit: added more explanation on how the code works:
RewriteCond %{REMOTE_HOST} !^11\.11\.11\.11$
this is from the second part it excludes my ip from this rule so i can access all files on the server, this is important since i want to be able to access my cms
RewriteCond %{REMOTE_HOST} ^11\.11\.1\.11$
RewriteCond %{HTTP_USER_AGENT} Firefox
this parts includes my firefox browser when i am home so i can see if the website works with all restrictions in place. why do i have this rule: i was working on my site and restructuring some parts and it kept on working for me but when i was at a friends place i noticed it did not so i needed something to be able to check this at home.
You nee do apply little bit of boolean algebra to combine these rules into one.
Here is you can do it for you:
RewriteCond %{REMOTE_ADDR} !=11.11.2.11 [OR]
RewriteCond %{HTTP_USER_AGENT} Firefox
RewriteRule !(index\.php|retpic\.php|pcs/) index.php [L,NC]

Redirect all http AND https non-www URLS to https://www.xyz.com via htaccess

For reasons much too long and complex to get into (it involves several layers of corporate red tape resulting in someone else not purchasing a wildcard SSL certificate I requested), I have to set up a domain to redirect all requests to https://www.xyz.com – secure protocol with the www subdomain.
So: http://xyz.com, http://www.xyz.com, and https://xyz.com should ALL redirect to https://www.xyz.com.
My .htaccess-fu is weak at best and I can't seem to get this to work. Note: hosting is on Media Temple if that makes a difference.
So far, my .htaccess file looks like so:
RewriteEngine On
RewriteCond %{HTTPS} !^on$
RewriteRule (.*) https://www.xyz.com/$1 [R,L]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
Both http://xyz.com and http://www.xyz.com are redirecting to https://www.xyz.com, so yay. However, https://xyz.com is not redirecting to https://www.xyz.com and is thus throwing a security warning page:
This is probably not the site you are looking for!
You attempted to reach xyz.com, but instead you actually reached a server identifying itself as www.xyz.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of xyz.com.
You should not proceed, especially if you have never seen this warning before for this site.
Any help in getting me past this one final hump would be muchly appreciated!
This is very much possible. use the following code. this works for me.
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI}$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}$1
In case anyone from the future (HELLO PEOPLE OF THE FUTURE) stumble across this, I asked the same question and had it answered over at Server Fault.
Short version: impossible.
Long version: https://serverfault.com/questions/523199/redirect-all-http-and-https-non-www-urls-to-https-www-example-com-via-htaccess
Even though this issue is very old.
If found it googeling the exact same issue. After the Code provided here didn't help. I tried and tried.
This one worked for me:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]
Fixed the issue for me without any Loops or other errors. Maybe it will help someone else.
I sincerely do not understand #scottie link saying IMPOSSIBLE being the accepted answer.
I am using below codes on 3 of my websites, provided here by Erik and it successfully makes
http://example.com, http://www.example.com, https://example.com all land on https://www.example.com
RewriteEngine On
# ensure www.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
P.S: I had to #RewriteEngine On because I already have RewriteEngine On at the beginning of my .htaccess
I hope this also helps someone like me who might have thought its a really long process, and if by any chance there is a shortcoming of this I am not aware, kindly let me know.

Force subset of webpages as HTTPS

I would like to force a subset of webpages to https and all other webpages as http.
In htaccess I use the following script that I found in another post, but that wasn't working...
RewriteCond %{HTTPS} off
RewriteRule ^(login|signup)\.php https://%{HTTP_HOST}%{REQUEST_URI} [R,L,QSA]
RewriteCond %{HTTPS} on
RewriteCond ${REQUEST_URI} !(login|signup)\.php
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,QSA]
HTTP is forced as it should be, HTTPS is forced as it should be, but eg https://mywebsite.com/signup produces an infinite loop error in my browser. Any ideas what goes wrong?
I changed to code to the following which seems to work, but now the SSL is only partially implemented due to secure and insecure items on the webpage. I checked the URLS to e.g. images, style sheets and external javascript files bit these are all relative and shouldn't pose a problem... If someone knows how to deal with this I'd be glad to hear it.
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/login$ [OR]
RewriteCond %{REQUEST_URI} ^/signup$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !login$
RewriteCond %{REQUEST_URI} !signup$
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Try adding this line somewhere on top of your .htaccess:
Options +FollowSymLinks -MultiViews
Maybe you have some other rules that do this redirect -- it would be good if you provide whole contents of your .htaccess file.
You may have redirect inside the actual php script.
In any acse -- if you can edit Apache's config files (httpd.conf or httpd-vhost.conf) then you can enable rewrite debugging (RewriteLoglevel 9) and see what exactly is going on -- this is the best option (if you can).

Resources