I have a website with HTTPS installed.
I need to ensure all pages (except the ones that are intentionally HTTPS) are forced to show on non-https.
The HTTPS is installed ONLY on domain-name.com/ssl-directory/what-ever-page-goes-here/
So, only the pages after domain-name.com/ssl-directory/ should keep the HTTPS (they do now) and all other (including domain-name.com/ssl-directory/ itself should be forced to non-https).
So far, this is what I've got but it's not working and as I'm not an expert with htaccess redirects, I don't know why.
RewriteEngine on
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^ssl-directory/(.*)
RewriteRule .* http://%{SERVER_NAME}%{REQUEST_URI} [R,L]
As I said, I'm not an expert in this, but I think this should mean =>
turn RewriteEngine on
If HTTPS and
If REQUEST_URI is not a child of ssl-directory
Rewrite to same page, but with http
Obviously I'm doing something wrong, so any help would be appreciated.
Thanks
Replace your code with this:
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/ssl-directory(/.*|)$ [NC]
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Better to use HTTP_HOST instead of SERVER_NAME and %{REQUEST_URI} has a / at the start.
Related
I have a problem with my .htaccess and https redirection.
First of all, I have consulted these links to find a solution but none could help me.
List of links :
.htaccess redirect http to https
ModRewrite with HTTPS
https://www.ndchost.com/wiki/apache/redirect-http-to-https
htaccess redirect to https://www
https://serverfault.com/questions/116206/how-do-i-use-htaccess-to-always-redirect-from-http-to-https
When I load the page with http, the .htaccess redirect me to https but when I load the page with https, I have an infinite loop.
Here is my .htaccess code :
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTP_HOST} ^(api|www|dev|stefano|sav)\.
RewriteCond %{REQUEST_URI} !^/(api|www|dev|stefano|sav)/
RewriteCond %{DOCUMENT_ROOT}/%1 -d
RewriteRule ^(.*)$ %1/$1 [L]
Is anybody can help me create a redirect condition (http to https) ?
You are leaving off the Rewrite Flags You need to tell it force the redirection with R flag and optional provide status code which is recommended 301, 302 etc.
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
By the way, every example you linked to shows the answer using the R flag, not sure why you didn't use exact examples :)
Solution if behind devices like load balancer.
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I have been fighting with this same problem for hours. It seems that I needed the solution for systems behind a load balancer. Perhaps this is because I am using Cloudflare with my site.
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
After adding the above lines to my .htaccess file, I deleted the cache on Cloudflare and the site loads as it should.
Is it possible to do this on .htaccess
if(filename.php = "order.php"){
redirect to https
}else{
redirect to http
}
I need it to do something like this, user might want to put https on my index.php and its unsecure and gives an error, that why I need to force to http if its not order.php, and force https if its order.php
I have 3 similar folders like in 1 server,
I tried to use this
RewriteEngine On
RewriteRule /(order.php) https://%{SERVER_NAME}%{REQUEST_URI} [L]
but failed, I did it on PHP, but I will have to put all of it hundred files.
So Iguess .htaccess will be more time efficient,
Yes it's possible
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/order.php
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/order.php
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I would like to force a subset of webpages to https and all other webpages as http.
In htaccess I use the following script that I found in another post, but that wasn't working...
RewriteCond %{HTTPS} off
RewriteRule ^(login|signup)\.php https://%{HTTP_HOST}%{REQUEST_URI} [R,L,QSA]
RewriteCond %{HTTPS} on
RewriteCond ${REQUEST_URI} !(login|signup)\.php
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,QSA]
HTTP is forced as it should be, HTTPS is forced as it should be, but eg https://mywebsite.com/signup produces an infinite loop error in my browser. Any ideas what goes wrong?
I changed to code to the following which seems to work, but now the SSL is only partially implemented due to secure and insecure items on the webpage. I checked the URLS to e.g. images, style sheets and external javascript files bit these are all relative and shouldn't pose a problem... If someone knows how to deal with this I'd be glad to hear it.
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/login$ [OR]
RewriteCond %{REQUEST_URI} ^/signup$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !login$
RewriteCond %{REQUEST_URI} !signup$
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Try adding this line somewhere on top of your .htaccess:
Options +FollowSymLinks -MultiViews
Maybe you have some other rules that do this redirect -- it would be good if you provide whole contents of your .htaccess file.
You may have redirect inside the actual php script.
In any acse -- if you can edit Apache's config files (httpd.conf or httpd-vhost.conf) then you can enable rewrite debugging (RewriteLoglevel 9) and see what exactly is going on -- this is the best option (if you can).
I've done enough research to figure out that to redirect sitewide all of my https pages to their http equivalent, I need to use this code...
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
My issue is, there are a handle of pages that I still want to remain as https. For the sake of example, let's say I want page1.php, page2.php, and page3.php to REMAIN as .https, with everything else on the site redirecting. Anyone know how to do this?
Try something like this:
RewriteEngine On
# Force page1,2,3.php onto HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(page1|page2|page3)\.php https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA]
# Redirect other HTTPS requests to plain HTTP
RewriteCond %{HTTPS} on
RewriteCond ${REQUEST_URI} !(page1|page2|page3)\.php
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA]
I want to :
- switch from http to https if http is used
- redirect the subdomain to index?o=subdomain except www
- redirection the subdirectory to index?u=user
Example :
http://www.mydomain.com will be redirected to https://www.mydomain.com
http://subdomain.mydomain.com will be redirected to https://www.mydomain.com/index?o=subdomain
https://subdomain.mydomain.com will be redirected to https://www.mydomain.com/index?o=subdomain
http://subdomain.mydomain.com/user will be redirected to https://www.mydomain.com/index?o=subdomain&u=user
https://subdomain.mydomain.com/user will be redirected to https://www.mydomain.com/index?o=subdomain&u=user
Is mod_Rewrite the best to do that ? Any idea ?
Thanks in advance
I don't have time to test it right now, but you can try this and see if it works. There may be some potential for some things to go wrong, so if you have trouble with it I'd be happy to work out any kinks later. Also, I think that I covered everything you wanted to do, but let me know if I left something out.
RewriteEngine On
# Force redirect to HTTPS
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{HTTP_HOST}/$0 [R=301,L]
Edit: I've updated the ruleset below. I thought about your question though, and aren't you going to have issues attempting to serve up your subdomains over TLS/SSL? That aside, one of the following should do what you want (without errors this time, I hope):
If you wanted internal redirection:
RewriteCond %{HTTP_HOST} !=mydomain.com
RewriteCond %{HTTP_HOST} !^www
RewriteCond %{REQUEST_URI} !^/index
RewriteCond %{HTTP_HOST}%{REQUEST_URI} ^([^\.]+)[^/]*/([^/]+)?
RewriteCond %1&u=%2 ^([^&]+)(&u=.+)?
RewriteRule ^.*$ /index?o=%1%2
If you wanted external redirection:
RewriteCond %{HTTP_HOST} !=mydomain.com
RewriteCond %{HTTP_HOST} !^www
RewriteCond %{REQUEST_URI} !^/index
RewriteCond %{HTTP_HOST}%{REQUEST_URI} ^([^\.]+)[^/]*/([^/]+)?
RewriteCond %1&u=%2 ^([^&]+)(&u=.+)?
RewriteRule ^.*$ https://www.mydomain.com/index?o=%1%2 [R=301,L]