restrict https access with .htaccess to everything but 1 folder - .htaccess

I would like to have the folder https_folder (including all subfolders and files) forcing https, but every other directory or file, utilizing http.
Folder structure:
foldera
folderb
https_folder
folderc
I tried to set it as followed, however i dont seem to get it working
redirect for http /https_folder
RewriteCond %{SERVER_PORT} = 80
RewriteRule ^https_folder/?$ https://%{HTTP_HOST}%/httpd_folder [R=301,QSA,L,NE]
redirect for https non /market pages
RewriteCond %{SERVER_PORT} =443
RewriteCond %{REQUEST_URI} !^/https_folder [NC]
RewriteRule ^/?(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
Any help would be appreciated

Do this:
RewriteCond %{REQUEST_URI} /https_folder/? [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(https_folder)(/.*)?$ https://%{HTTP_HOST}/$1$2 [R=301,L,NE]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !/https_folder/? [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L,NE]

Put this code in your .htaccess file:
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
# redirect to https if URI has https_folder
RewriteCond %{HTTPS} off
RewriteRule ^https_folder/? https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NC]
# redirect to https if URI doesn't have https_folder
RewriteCond %{HTTPS} on
RewriteRule ^(?!https_folder/?)(.*)$ http://%{HTTP_HOST}/$1 [R=301,L,NC]

Related

htaccess: URL with any URI not redirecting to https://www

Currently, this is my .htaccess file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# Redirect to HTTPS
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
# Send would-be 404 requests to Craft
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/(favicon\.ico|apple-touch-icon.*\.png)$ [NC]
RewriteRule (.+) index.php?p=$1 [QSA,L]
# Custom Redirects
Redirect /investors/reporting/estma /investors/investor-reporting/financial-information#estma
RewriteCond %{HTTP_HOST} ^portal\.arcresources\.com [NC]
RewriteRule ^(.*) https://www\.arcresources\.com/portals [L,R=301]
</IfModule>
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
The redirect works fine if you just type the domain, so arcresources.com properly redirects to https://www.arcresources.com. It also works if you include www and any URI, so www.arcresources.com/investors redirects correctly as well.
The problem is typing just the domain + a URI, so arcresources.com/investors redirects to only https://arcresources.com/investors (no www.), resulting in a connection refusal.
I'm sure I'm missing something simple, but all my attempts so far have either added double "www"s or resulted in too many redirects.
Thanks in advance :)
Try it like this:
RewriteEngine On
RewriteBase /
# Redirect HTTP with www to HTTPS with www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Redirect HTTP without www to HTTPS with www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Redirect HTTPS without www to HTTPS with www
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Send would-be 404 requests to Craft
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/(favicon\.ico|apple-touch-icon.*\.png)$ [NC]
#RewriteCond %{REQUEST_URI} !index.php [NC]
RewriteRule (.+) index.php?p=$1 [QSA,L]

Redirect multiple domains to https only

I have three domains:
example.com
example.net
domain2.example
I want all domains (www/non-www/HTTPS/non-HTTPS traffic) to redirect to https://www.example.com.
I know I need to redirect example.net and domain2.example (www/non-www and HTTPS) first to example.com and then https://www.example.com (SSL certificate is only for example.com and www.example.com).
.htaccess (whole file):
RewriteEngine on
RewriteBase /
RewriteCond !{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?example.com [NC]
RewriteRule ^/?$ "https\:\/\/www\.example\.com" [R=301,L]
RewriteCond !{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?example.net [NC,OR]
RewriteCond %{HTTP_HOST} ^(www\.)?domain2.example [NC]
RewriteRule ^/?$ "http\:\/\/www\.domain1\.com" [R=301,L]
RewriteCond !{HTTPS} on
RewriteCond %{HTTP_HOST} ^(www\.)?example.com [NC]
RewriteRule ^/?$ "https\:\/\/www\.example\.com" [R=301,L]
RewriteCond !{HTTPS} on
RewriteCond %{HTTP_HOST} ^(www\.)?example.net [NC,OR]
RewriteCond %{HTTP_HOST} ^(www\.)?domain2.example [NC]
RewriteRule ^/?$ "http\:\/\/www\.example\.com" [R=301,L]
# disable directory listing
Options -Indexes
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Only example.com redirect rules seems to be working rigth, but example.net and domain2.example redirects does not work. Is this possible to get work?
This should be enough:
RewriteCond !{HTTPS} on [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.com$
RewriteRule ^ https://www.example.com%{REQUEST_URI} [R=301,L]
Keep in mind that in order to respond to https:// requests for other domains, you need to have the certificate for that domain name (you need it even if you only want to do the redirect!).

.htaccess redirect except one specific request

I have an .htaccess file see below
Options +FollowSymLinks +ExecCGI
<IfModule mod_rewrite.c>
#Every www request to non-www
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1%{REQUEST_URI} [R=301,QSA,NC,L]
#every http request in amdinistrator folder redirect to https
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/administrator
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
#every https request except ftp and one specific request redirect to http
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/ftp
RewriteCond %{REQUEST_URI} !=/preview/index.php?request_type=preview_engime
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [L,R=301]
#redirect which request contains PUBLIC_AJAX_ENGIME
RewriteRule ^(.*)PUBLIC_AJAX_ENGIME(.*)$ index.php?request_type=ajax_engime [L]
#files and directories
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php [L]
</IfModule>
I do not want redirection in this case:
https://somewebsite.domain/preview/index.php?request_type=preview_engime
but the system redirects here
http://somewebsite.domain/index.php?request_type=preview_engime
and I do not understand why.
Thank you!
FF
This is because your url contains a querystring. You cant match against QueryString using REQUEST_URI variable. You need to match against THE_REQUEST variable. Replace your RewriteCond with this :
RewriteCond %{THE_REQUEST} !/index\.php\?request_type=preview_engime [NC]

Exclude one URL from HTTPS redirect

I want to exclude:
http://domain.com/index.php?route=payment/redsys/callback
This is what I have in .htacess
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
that convert all url to https, how can I exclude the url to be converted to https?
thanks
Try using this, just replace directory with the folder directory that you want to stop beocming HTTPs.
RewriteEngine On
#Turns HTTPs on for everything, excluding directory
RewriteCond %{HTTPS} =off
RewriteCond %{REQUEST_URI} !^\/directory\/
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L,R=301]
#Turns HTTP on for directory
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} \/directory\/
RewriteRule (.*) http://%{HTTP_HOST}/$1 [L,R=301]

Disable .htaccess rule to a specific directory

I have a Rule in My base folder .htaccess file. The rule will automatically redirect http:// to https://. But for a specific folder or URL I need to access through http://
RewriteRule ^(.*)$ https:/%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
For example My website will be like https://<>/power/a/1
But I need to access some URL without https://
expected http://localhost/admin/rest_api/api_methods/
You need to implement an "exception rule" in form of a condition for the RewriteRule:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/webservices/access
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteEngine on
RewriteBase /
RewriteRule ^$ app/webroot/ [L]
RewriteRule (.*) app/webroot/$1 [L]
# Turn SSL on for /user/login
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/admin/rest_api
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
# Turn SSL off everything but /user/login
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} ^/admin/rest_api
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
This should work:
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/webservices/access
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
It will redirect everything but the /webservices/access folder (or any other links in that folder like /webservices/access/login.php) to https

Resources