I am trying to make sure that if HTTPS is used outside of the secure subdomain it gets redirected to HTTP.
This is what I have in the root .htaccess file:
# Redirect HTTPS requests for non-SSL pages back to HTTP. (Note that shared objects
# such as images are excluded from this rule)
RewriteCond %{HTTPS} =on
# my.EXAMPLE.com is the secure subdirectory.
RewriteCond %{HTTP_HOST} !^my.EXAMPLE.com [NC]
RewriteCond $1 !\.(gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://www.EXAMPLE.com/$1 [R=301]
Put simply:
if HTTPS
if not in my.example.com
if NOT an image/css/js file
redirect to HTTP
But this is not working as expected, instead if I try to access a page outside of the my.example.com sub-directory via HTTPS I get a 404 Not Found error. Accessing the same page via HTTP has no problems, it works fine.
Any idea why this rule may not be working?
EDIT
Here's the entire .htaccess file:
# Don't display .htacess files in directory listings.
IndexIgnore .htaccess
Options +FollowSymLinks
RewriteEngine on
# Password protected for now
AuthType Basic
AuthName "EXAMPLE"
AuthUserFile "/home/EXAMPLE/.htpasswds/public_html/passwd"
require valid-user
# Redirect HTTPS requests for non-SSL pages back to HTTP. (Note that shared objects
# such as images on both HTTP and HTTPS pages are excluded from this rule)
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^my\.EXAMPLE\.com$ [NC]
RewriteCond %{REQUEST_FILENAME} !\.(gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://www.EXAMPLE.com/$1 [R=301]
# Redirect non-www requests to www
RewriteCond %{HTTP_HOST} ^EXAMPLE.com$
RewriteCond %{HTTP_HOST} !^my\.EXAMPLE\.com [NC]
RewriteRule ^(.*)$ "http\:\/\/www\.EXAMPLE\.com\/$1" [R=301]
# Prevent direct access to the WHMCS folder must be accessed through secure subdomain
RedirectMatch 301 ^/WHMCS/(.*)$ https://my.EXAMPLE.com/$1
ErrorDocument 404 /404.php
Try this :
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^my\.EXAMPLE\.com$ [NC]
RewriteCond %{REQUEST_FILENAME} !\.(gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://www.EXAMPLE.com/$1 [R=301]
The problem is that if you don't have an SSL vhost setup for www.example.com, and point its document root to the same place that the non-SSL vhost for www.example.com is, when someone goes to https://www.example.com/, your htaccess file is never read. I'm willing to bet that you need to put your HTTPS->HTTP rules in the htaccess file of your SSL vhost (where my.example.com's document root is).
What you have seems to be:
http://www.example.com/ -> /home/EXAMPLE/ (or whatever your document root is)
https://my.example.com/ -> /home/EXAMPLE/subfolder/
So without a vhost setup for https://www.example.com, the htaccess file in /home/EXAMPLE/ is never accessed when you go to the SSL example.com.
Related
i tried many way how to redirect www to non www, but nothing work.
This is currently my htaccess:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
# Redirect www to non-www
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
Website is working on non-www url with https. If i type to browser https://www.example.com it end in 404 error.
................................
I assume you've verified that the target URL https://example.com/ is working when entered directly (if not that's a different problem that has nothing to do with redirection).
You might need to specify:
RewriteEngine on
in the .htaccess file before your directives, to activate the rewriting.
Also, the Apache server conf must be configured to have the rewrite_module loaded (check via apache2ctl -D DUMP_MODULES), and to allow its use in your .htaccess file (via the AllowOverride directive).
I am installing Wordpress in its own directory and also want to force HTTPS. Which comes first: the rewrite rules to force HTTPS, or the rewrite rules to direct to the subdirectory?
I have already done the force HTTPS, which works fine.
Here is how I'm forcing the HTTPS (of course "example.net" isn't the name of the site!):
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?example\.net
RewriteRule ^(.*)$ https://example.net/$1 [R,L]
And the code for using the subdirectory, which comes from https://wordpress.org/support/article/giving-wordpress-its-own-directory/ is as follows:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteCond %{REQUEST_URI} !^/my_subdir/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /my_subdir/$1
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteRule ^(/)?$ my_subdir/index.php [L]
</IfModule>
Do I have the correct order here, or do I redirect to the subdirectory first and then force the HTTPS?
Which comes first: the rewrite rules to force HTTPS, or the rewrite rules to direct to the subdirectory?
The directives to force HTTPS need to go first. If you put them after the WordPress front-controller then your WordPress URLs won't be redirected (by .htaccess at least) - only your static resources (images, CSS, JS, etc.) would be redirected, which aren't handled by the WordPress front-controller.
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
You have many checks for the hostname. Unless you have multiple domains (or subdomains of the main domain) that all point to the same area on the filesystem and serve a different purpose, then this is unnecessary.
Currently, your HTTP to HTTPS redirect is a 302 (temporary) redirect. Test with a 302 to avoid caching issues, but ultimately, the HTTP to HTTPS redirect should be a 301 (permanent) redirect. ie. change the RewriteRule flag R to R=301.
I have 2 domains: main.com and addon.net
On my shared hosting account I create an addon-domain foraddon.net which automatically creates a folder in the main-domain's directory as well as a subdomain.
I want to change the accessability of the addon domain via the maindomain:
http://addon.main.com
http://main.com/addon.net/
Now both serve the index.html from addon.net
Both URLs should result in a "404 - not found" error.
What I have right now on main.com/.htaccess
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?main.com$ [NC]
RewriteCond %{REQUEST_URI} ^/addon.net/(.*)$
RewriteRule ^(.*)$ 404.html [L]
And in addon.net/.htaccess
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(.*)\.main.com$ [OR]
RewriteRule ^(.*)$ http://www.main.com/ [R=301,L]
And now everything redirects to main.com:
http://main.com/addon.net/ redirects to http://www.main.com
http://addon.main.com redirects to http://www.main.com
http://addon.net redirects to http://www.main.com
My question: which rules should I add to which .htaccess-file in order to get the desired results:
addon.main.com redirecting to main.com/404.html
main.com/addon.net redirecting to main.com/404.html
addon.net serving addon.net/index.html
If you want to redirect access from anything except addon.net (and redirect the other requests to a 404 page), all you need to do is use these lines in the .htaccess file inside addon.net :
RewriteEngine On
RewriteCond %{HTTP_HOST} !^(www\.)?addon\.net$ [NC]
RewriteRule - /404.html [L]
So I've got the following rewrite code in my htaccess
RewriteEngine On
RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [L,R=301]
//
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.([^\.]*)\.domain\.com$ [NC]
RewriteRule (.*) http://%1.domain.com$1 [R=301,L]
Works perfect for redirecting non-www to www for my domains.
I've got a subdomain, lets call it 'sub.domain.com' which works find. If I goto www.sub.domain.com, it redirecting to 'sub.domain.com/sub/'
Anyone having a idea why?
None of the rules you have in your question routes requests to a subdomain's folder. The /sub/ should never be there if it wasn't originally in the request.
That said, all of your redirect rules need to come before any routing rules. Routing rules being stuff that internally routes requests to other URI's, for example:
RewriteCond %{HTTP_HOST} ([^\.]*)\.domain\.com$ [NC]
RewriteRule (.*) /%1/$1 [L]
That rule internall routes to a folder named the same thing as the subdomain. If this rule were to be before the redirect, both rules get applied and the redirected URI becomes /sub/. You need your routing rules placed after your redirect rules, e.g. all rules that have a http:// or an R flag.
Google has indexed the home page of my website with https. But I need to redirect https to http only this page. I'm using Magento and today I have a rule that removes the htaccess www of my domain. Every rule I created to redirect the main page of https to http didn't work. Anyone have a solution?
thank you
Try
#Redirect your Homepage from HTTPS to HTTP
RewriteCond %{HTTPS} on
RewriteRule ^$ http://%{HTTP_HOST} [L,R]
See http://www.activo.com/redirect-https-to-http-for-any-homepage/
Set this up in Magento first:
Oopen admin panel and visit System -> Configration -> Web panel and set:
Base URL (unsecured) as http://www.domain.com/magento/.
Base URL (secured) as https://www.domain.com/magento/.
then set:
Use Secure URLs in Frontend = Yes
Save your settings, clear your Magento cache
Finally in Magento's .htaccess add these lines just below RewriteBase line:
RewriteCond %{HTTPS} off
RewriteRule (?!^(index\.php/?|.*\.css|.*\.js|.*\.gif|.*\.jpe?g|.*\.png|.*\.txt|.*\.ico|)$)^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
RewriteCond %{HTTPS} on
RewriteRule ^(index\.php/?|.*\.css|.*\.js|.*\.gif|.*\.jpe?g|.*\.png|.*\.txt|.*\.ico|)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,NC]
Use this with 301 http request for google indexer.
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
If you use cludeflare then this redirect is not working
place try with below on you htaccess file and it cloudflare format
Http to Https redirection:
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^(.*)$ https://www.domain.com/$1 [L]
See note:
When using Flexible SSL with CloudFlare, your origin server will always accept requests over HTTP (port 80). In order to properly redirect a user surfing securely over HTTPS, you should modify your rewrite rules to use the CF-Visitor HTTP header. The CF-Visitor header contains the following:
CF-Visitor: {"scheme":"http"}
or
CF-Visitor: {"scheme":"https"}
To redirect a user from HTTP to HTTPS, you can use the following:
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^(.*)$ https://www.domain.com/$1 [L]
Similarly, to require all traffic go over HTTPS on CloudFlare, you can use the following:
RewriteCond %{HTTP:CF-Visitor} !'"scheme":"http"'
RewriteRule ^(.*)$ https://www.domain.com/$1 [L]