I have to redirect port 80 to 2368 in htaccess but I'd like to keep the requested protocol intact so that SSL doesn't break.
I currently have this:
RewriteCond %{HTTP_HOST} ^sub.domain.com$ [NC]
RewriteRule ^ http://sub.domain.com:2368%{REQUEST_URI} [P,QSA,L]
which works correctly but I'd like the protocol to be taken from the %{HTTP_HOST} condition if possible.
Is there a way to get this to be more dynamic without hard coding domains and protocols?
It seems very slow as is.
The trick provided by Jon is a nice hack, but I am afraid it could break if you want to use more [OR] conditions, and if you use more backreferences you have to be careful which number to use (%1 or %2 or ..).
I think the most elegant, robust and clean solution for smart HTTP/HTTPS handling is to set a variable:
# initialization code - put only once at the beginning of .htaccess
RewriteCond %{HTTPS} =on
RewriteRule ^(.*)$ - [env=proto:https]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ - [env=proto:http]
# simply use %{ENV:proto} in your rules:
RewriteCond %{HTTP_HOST} ^sub.domain.com$ [NC]
RewriteRule ^ %{ENV:proto}://sub.domain.com:2368%{REQUEST_URI} [P,QSA,L]
The advantage also is that the initialization code needs to be run only once, so if you have more rewrite rules then the resultant code is much shorter and more elegant.
Note a common setup is https provided with cloudflare, in which case HTTPS is not 'on' on the server itself. In that case you need extra rules like (note order):
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"' [OR]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ - [env=proto:http]
RewriteCond %{HTTP:CF-Visitor} '"scheme":"https"' [OR]
RewriteCond %{HTTPS} =on
RewriteRule ^(.*)$ - [env=proto:https]
Starting with Apache 2.4 you can also use the variable %{REQUEST_SCHEME} to preserve the scheme:
RewriteRule "^" "%{REQUEST_SCHEME}://sub.domain.com:2368%{REQUEST_URI}" [P,QSA,L]
No need to meddle with any conditions this way.
Try adding a condition like:
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTPS}:s on:(s)
Which checks that either HTTPS is off or it's on and you can use a backreference to fetch the "s" character:
RewriteCond %{HTTP_HOST} ^sub.domain.com$ [NC]
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTPS}:s on:(s)
RewriteRule ^ http%1://sub.domain.com:2368%{REQUEST_URI} [P,QSA,L]
So if HTTPS is off, %1 is blank and the protocol is http://. If HTTPS is on, then the "s" is grouped and the %1 backreference is an "s", thus the protocol is https://.
However, this is all assuming that port 2368 can handle both unencrypted and SSL/TLS.
Or, you might use the solution posted as an answer by Jon Lin and rewrite it to use one RewriteCond and then set a variable as suggested in the answer by TMS.
That would look like this:
RewriteCond %{HTTPS}s ^(on(s)|offs)$
RewriteRule ^ - [env=s:%2]
RewriteCond %{HTTP_HOST} ^sub.domain.com$ [NC]
RewriteRule ^ http%{ENV:s}://sub.domain.com:2368%{REQUEST_URI} [P,QSA,L]
Or, if you prefer:
RewriteCond %{HTTPS}s ^(on(s)|offs)$
RewriteRule ^ - [env=proto:http%2]
RewriteCond %{HTTP_HOST} ^sub.domain.com$ [NC]
RewriteRule ^ %{ENV:proto}://sub.domain.com:2368%{REQUEST_URI} [P,QSA,L]
http to https redirection:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
</IfModule>
Non www to www redirection:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
If you want to use both functionality, then place both above code chunks
appropriately.
Related
http://www. version of my doesn't get redirected to https version (all other variants are properly redirected)
Website url:
http://www.alfarestents.com/
https://www.alfarestents.com/
Htaccess code:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
RewriteCond %{HTTPS} ^on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteBase /
RewriteCond %{HTTP_HOST} ^alfarestents.com [NC]
RewriteRule ^(.*)$ https://www.alfarestents.com/$1 [L,R=301]
Let's start this from scratch:
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$
RewriteRule ^ https://www.%1%{REQUEST_URI} [NE,R=301,END]
It probably is a good idea to start with a R=302 temporary redirection and only change that to a R=301 permanent redirection once everything works as expected.
You should implement such rules in the real http server's host configuration. You can also use a distributed configuration file, but that comes with a performance penalty. Also you need to enable the consideration of such files first.
I have been searching for the perfect 301 redirect. But I am finding so many solutions and do not know what’s best.
Here is what I want to do
http://domain.tld/ → https://domain.tld/
http://www.domain.tld/ → https://domain.tld/
https://www.domain.tld/ → https://domain.tld/
Best practice .htacess?
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
</IfModule>
This is my preferred code. At least unil now.
Alternative ways
I also found a lot of other ways to redirect from HTTP to HTTPS. For example:
1.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Missing one step? And no [R=301,L] here?
2.
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Is a different order generally better?
Should I use
RewriteRule ^(.*)$
instead of
RewriteRule (.*)
?
3.
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} example\.com$ [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L,NE]
Does using the full domain name have any performance advantages? Do I really need NE? ([R=301,L,NE] vs. [L,R=301])
So, my question to all experts: What's the best (performing) way to redirect both from HTTP to HTTPS and from to HTTPS:// ?
To start with your favorite solution:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
</IfModule>
In the part handling non-https URLs you are redirecting to %{HTTP_HOST}. Then, in case your host name started with "www", a second redirect has to take place to send you from https://www.domain.tld to https://domain.tld which is supposed to be your final destination.
You can shorten this by using
RewriteRule ^(.*)$ https://domain.tld/%{REQUEST_URI} [L,R=301]
directly in the first rule. The second rule would then only apply to clients, who try to access https://www.domain.tld.
Alternative 1. does not work for the same reason (missing the case that HTTP_HOST could be www.domain.tld) and additionally because of the missing [L,R=301]. This is necessary because you do not just rewrite an URL here, like you could do in other types of rewrite rules. You are requesting the client to change the type of it's request - this is why you are sending him a HTTP code of 301.
Concerning the match part of the RewriteRule itself, you should be consistent: if you want to capture parts of the URI you will use a regular expression with parentheses. As you are in fact using it as a whole here it is fine to just use one of the alternatives for "anything", like ^ and use %{REQUEST_URI} later. If you use some capturing (i.e. (some_regex) you should reference it in the target by using $1 (or whatever you are going to reference) here.
In your 3rd alternative, again www + https is missing.
You can check if https is off or if the domain name contains a leading "www" in one rule, however rewrite conditions are implicitly connected with "and".
So it should read:
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://domain.tld%{REQUEST_URI} [R=301,L,NE]
The NE is necessary for passing on things like GET-parameters and the like on to the new URI unchanged, see:
http://httpd.apache.org/docs/2.4/rewrite/flags.html
So, condensing, this becomes;
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L,NE]
Let me know if you see any bugs
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Nothing to change just copy and paste.
Could there be a better way of doing this I wonder. It is doing the following:
A) routing mydomain.uk to www.mydomain.uk
B) routing anything non http to https://www.mydomain.uk
I dont use linux based servers much so im sure there is a better way of doing this. End result should be any base url should end up at https://www.mydomain.uk
Heres the code
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} ^mydomain.uk$
RewriteRule ^/?$ "https\:\/\/www\.mydomain\.uk\/" [R=301,L]
These 2 rules can be easily combined into one as this one:
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.mydomain.uk%{REQUEST_URI} [L,R=301,NE]
You can use OR
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^mydomain.uk$
RewriteRule (.*) https://www.mydomain.uk%{REQUEST_URI} [R,L]
The rule RewriteCond %{HTTP_HOST} ^mydomain.uk$ can also be more restrictive and catch any host which is not www.mydomain.uk.
I'm trying to force HTTPS using the .htaccess of a site running expression engine.
As of right now you are able to go to the site using https:// but when i add any of these rules it presents a redirect loop.
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
or
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
or
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://mydomain.com/$1 [R,L]
and also this fancy one
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
and I've also tried rearranging all the rules on each of them so I'm pretty sure it has something to do with the conditions matching when they shouldn't.
I've also read some things about load balancers redirecting things counter to the .htaccess
from here:
.htaccess redirect loop when trying to add forced HTTPS rule (Amazon Elastic Beanstalk) and here: https://serverfault.com/questions/283525/force-ssl-on-one-page-via-htaccess-without-looping
i think my client is using inmotion hosting but I don't have access to the load balancer settings so I want to make sure that is the problem.
here is the entire htaccess. I removed some of the default expression engine stuff, but it was also not working before I did that.
<IfModule mod_rewrite.c>
# Enable Rewrite Engine
# ------------------------------
RewriteEngine On
RewriteBase /
# RewriteCond %{HTTPS} off
# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# RewriteCond %{HTTP:X-Forwarded-Proto} !https
# RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
# Redirect index.php Requests
# ------------------------------
RewriteCond %{THE_REQUEST} ^[^/]*/index\.php [NC]
RewriteCond %{THE_REQUEST} ^GET
RewriteRule ^index\.php(.+) $1 [R=301,L]
# Standard ExpressionEngine Rewrite
# ------------------------------
RewriteCond $1 !\.(css|js|images|gif|jpe?g|png) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
</IfModule>
(I have them disabled because the site is live)
You might be better off posting on the EE Stack Overflow site. Or have a search on it as there's a few answers relating to https and .htaccess
Here's a post I replied to previously with an answer you might want to try:
https://expressionengine.stackexchange.com/questions/7601/adding-a-htaccess-redirect-to-https-that-plays-nicely-with-existing-ee-htacces/7659#7659
If this condition didn't work:
RewriteCond %{SERVER_PORT} !^443$
Try this:
RewriteCond %{HTTPS} !=on
Instead of this one:
RewriteCond %{HTTPS} off
I've had the same situation and here's what just worked for me with an EE3 site:
#non-www to www
RewriteCond %{HTTP_HOST} !^www\.domainname\.co.uk$
RewriteRule (.*) https://www.domainname.co.uk/$1 [R=301,L]
# Force HTTPS
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Removes index.php from ExpressionEngine URLs
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteCond %{REQUEST_URI} !/system/.* [NC]
RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]
I have a very simple question that for some reason I cannot figure out, and hours of searching has not helped either. Using an .htaccess file, how can I redirect just /login.php and /index.php to https, and then redirect any other page to just http? I currently use this code to redirect to https, but it redirects every page:
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*) https://www.ruxim.com/$1 [R]
thank you very much.
The %{SERVER_PORT} variable depends on the UseCanonicalPhysicalPort in your config. If it's not setup, then you may not be able to match against that variable, easier to use %{HTTPS} instead.
RewriteCond %{HTTPS} off
RewriteRule ^/?(login|index)\.php https://www.ruxim.com%{REQUEST_URI} [L,R]
RewriteCond %{HTTPS} on
RewriteRule !^/?(login|index)\.php http://www.ruxim.com%{REQUEST_URI} [L,R]
If you don't need the redirect to non-https, then you don't need the second rule.
Try something like this;
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_FILENAME} =index.php [OR]
RewriteCond %{REQUEST_FILENAME} =login.php
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
I'm note 100% sure if the [OR] will comply suddenly in the middle.
Please apply following conditions to secure only /login.php and /index.php pages. Other pages will be work on HTTP path (non-secure pages).
RewriteEngine On
RewriteBase /
# force https for /login.php and /index.php
RewriteCond %{HTTPS} =off
RewriteRule ^(index|login)\.php$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# don't do anything for images/css/js (leave protocol as is)
RewriteRule \.(gif|jpe?g|png|css|js)$ - [NC,L]
# force http for all other URLs
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/(index|login)\.php$
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]