https in htaccess and order of rules (using Expression Engine) - .htaccess

I'm building a site in expression engine that part of needs to be https. The site is also using a new domain name (new one www.example-new.com the old one www.example.old.com).
I want to do the following things:
remove the index.php
force www
force https for any url starting www.example.old.com/extranet
redirect https URLs that are not www.example.old.com/extranet (e.g. www.example.old.com/news to http
I have the following code so far that works for the first two requirements:
<IfModule mod_rewrite.c>
RewriteEngine On
# Force www
RewriteCond %{HTTP_HOST} ^example-new.com$ [NC]
RewriteRule ^(.*)$ http://www.example-new.com/$1 [R=301,L]
# Removes index.php
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
</IfModule>
AddType x-httpd-php53 .php
I seem to be going round in circles, so I've two questions that will help me write the other rewrites (although feel free to share suggestions...):
1) Should the code for requirements 3 and 4 be positioned before "removes index.php" code?
2) Does the position have any bearing on the redirects that will be coming from the old site e.g. www.example-old.com/some-link-here.asp will be redirected to www.example-new.com/some-new-link-here
Thanks,
Gregor

1) Remove 'index.php' from ExpressionEngine URLs
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
2) Add 'www' to all URIs
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
3) Force https:// for any URI starting with /extranet
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/extranet(.*)$ [NC]
RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI}$1 [R=301,L]
4) Redirect https:// URIs that are not /extranet
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/extranet(.*)$ [NC]
RewriteRule . http://%{HTTP_HOST}%{REQUEST_URI}$1 [R=301,L]
Putting it all together, here's your complete set of RewriteRules:
<IfModule mod_rewrite.c>
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/extranet(.*)$ [NC]
RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI}$1 [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/extranet(.*)$ [NC]
RewriteRule . http://%{HTTP_HOST}%{REQUEST_URI}$1 [R=301,L]
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
</IfModule>

1) Should the code for requirements 3 and 4 be positioned before "removes index.php" code?
The rules are processed in the order that you write them. I expect that you want the site to redirect first then do the remove index, so yes, it should go before
2) Does the position have any bearing on the redirects that will be coming from the old site e.g. www.example-old.com/some-link-here.asp will be redirected to www.example-new.com/some-new-link-here
If you are using the same directory for both sites, then you would need to prefix all rules for one site with a RewriteCond that limits the domain. Otherwise, order of the rules (old vs new site) is important.
Your redirects from the old site should also incorporate rules in the new e.g. ensure that you are going to http/s as necessary to avoid extra redirects.
Below is the code to force http/s
#if not secure
RewriteCond %{HTTPS} off
#and starts with /extranet
RewriteCond %{REQUEST_URI} ^/extranet [NC]
#redirect to secure
RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#if secure
RewriteCond %{HTTPS} on
#and does not start with /extranet
RewriteCond %{REQUEST_URI} !^/extranet [NC]
#redirect to http
RewriteRule . http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# force www on hostname, but keep same protocol (http/https)
RewriteCond %{HTTP_HOST} !^www\.(.+)
RewriteCond %{HTTPS}s ^(on(s)|offs)
RewriteRule ^ http%2://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If it helps... I just did this yesterday for an ecommerce site... Here's my .htaccess file
# Remove WWW from URL
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
# Add a trailing slash to paths without an extension
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/)$
RewriteCond %{REQUEST_METHOD} !=POST
RewriteRule ^(.*)$ $1/ [L,R=301]
#remove index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1
#Force HTTPS on checkout/account pages
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} (checkout|account)
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
#remove HTTPS on all other pages
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !(img|_|images|checkout|account)
RewriteRule ^(.*)$ http://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

Related

How to redirect all the www requests to non www with query params

I am trying to redirect all the www URLs to non-www URLs
from :
1. http://example.com/web-url
2. http://www.example.com/web-url
3. https://www.example.com/web-url
to :
https://example.com/web-url
I have used the configuration as below.
RewriteEngine on
# If a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Otherwise forward it to index.php
RewriteRule . index.php
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
By the above, all seems to be okay, but the 3rd option is not working as expected. The issue is
https://www.example.com/web-url is redirected to https://example.com/index.php
Can anyone tell me what is the issue with my configuration?
Changing the order of the rules worked as expected.
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# If a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Otherwise forward it to index.php
RewriteRule . index.php

How to redirect http to https://www.example.com using htaccess file?

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L,QSA]
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
I have created a website using Codeigniter framework and my domain and hosting is on GoDaddy. Now, I have installed SSL certificate and manage with my website. Now, when I use example.com in URL it redirects me on https://www.example.com but when I click on my login page it shows me Not Found and URL looks like https://www.example.com/index.php?/login but I want URL Like https://www.example.com/login. So, How can I do this? Please help.
Thank You
Change order of your rules
Have a single rule to redirect www and http -> https
Your .htaccess should be like this:
RewriteEngine on
# redirect for adding www and https
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
# front controller
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L,QSA]
Make sure to use a new browser for your testing.
Please use this htaccess rules will work 100%
RewriteEngine on
RewriteCond $1 !^(index\.php|resources|robots\.txt)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L,QSA]
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
use this:
Options All -Indexes
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]

Need help adding https and www to a redirect in htaccess file

I have a set of code that redirects from a file called package.php to a "pretty permalinks" structure. The problem is that it doesn't redirect to the https version of the page. I need to be able to redirect to https://www.example.com/package-type/airport-name/hotel-name. Here is the code:
#Redirects hotel pages to package.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /package.php?/$1 [L]
# Removes package.php from ExpressionEngine URLs
RewriteCond %{THE_REQUEST} ^GET.*package\.php [NC]
RewriteCond %{REQUEST_URI} !/.* [NC]
RewriteRule (.*?)package\.php/*(.*) /$1$2 [R=301,NE,L]
I do have redirection code that detects if https is off and redirects to the correct version. But this code doesn't get called until after the above code.
#First rewrite
RewriteCond %{HTTP_HOST} !^www\.
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
I am not looking to combine the two sections of code. That would break other pages that are not package pages. Instead I need the first set of code to redirect to https version of the pages.
Any help would be appreciated.
Try these rules:
# Removes package.php from ExpressionEngine URLs
RewriteCond %{THE_REQUEST} ^GET.*package\.php [NC]
RewriteCond %{REQUEST_URI} !/.* [NC]
RewriteRule (.*?)package\.php/*(.*) https://%{HTTP_HOST}/$1$2 [R=301,NE,L]
#Redirects hotel pages to package.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /package.php?/$1 [L]
Make sure to clear your browser cache before testing this change.

Excluding specific pages from HTTPS in mod_rewrite

I am trying to setup a codeigniter app to force HTTPS across all pages except one. However, I cannot get the rules to only redirect if the user is not on the page in question.
The page that should be excluded has the following URL's:
http://mydomain.com/kpi/reports/67
http://mydomain.com/kpi/reports/67/overview/2013-02-01/2013-02-28
http://mydomain.com/index.php?/kpi/reports/67
http://mydomain.com/index.php?/kpi/reports/67/overview/2013-02-01/2013-02-28
The number 67 and the dates can all change in the URL's above hence the user of regular expressions below.
I have tested the regular expressions and they seem to match the URL's fine. However, the htaccess just seems to redirect it to https:// anyway.
My .htaccess file is as follows...
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#Disallow access to system dir
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Disallow access to application dir
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Force https when not on overview report
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/index\.php\?/kpi/reports/?([0-9]+)$
RewriteCond %{REQUEST_URI} !^/index\.php\?/kpi/reports/?([0-9]+)/overview/?([0-9]+)-?([0-9]+)-?([0-9]+)/?([0-9]+)-?([0-9]+)-?([0-9]+)$
RewriteCond %{REQUEST_URI} !^/kpi/reports/?([0-9]+)$
RewriteCond %{REQUEST_URI} !^/kpi/reports/?([0-9]+)/overview/?([0-9]+)-?([0-9]+)-?([0-9]+)/?([0-9]+)-?([0-9]+)-?([0-9]+)$
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=302,L]
#If not a valid file, redirect request through index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
Any help would be greatly appreciated!
Maybe this will do what you need:
#Force https when not on overview report
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} !kpi/reports/[0-9]+/?$ [NC]
RewriteCond %{QUERY_STRING} !kpi/reports/[0-9]+/overview/[^/]+/[^/]+/? [NC]
RewriteCond %{REQUEST_URI} !kpi/reports/[0-9]+/?$ [NC]
RewriteCond %{REQUEST_URI} !kpi/reports/[0-9]+/overview/[^/]+/[^/]+/? [NC]
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=302,L]
#If not a valid file, redirect request through index.php
Replace all lines between the comments.

htaccess rewritecond and rewrite rule not working properly

I'm trying to redirect all /admin calls into subdomain with this two lines in .htaccess:
RewriteCond %{REQUEST_URI} ^admin [NC]
RewriteRule ^(.*)/$ http://admin\.somedomain\.com/$1/ [R,L]
Well, nothing happens. It just ignores the redirect rule and shows content of /admin directory.
Just for reference (and to skip requests to paste my entire .htaccess file), here it is:
Options +FollowSymlinks -Indexes
RewriteEngine on
Redirect 404 /favicon.ico
RewriteCond %{REQUEST_URI} ^admin [NC]
RewriteRule ^(.*)/$ http://admin\.somedomain\.com/$1/ [R,L]
# Send all admin. traffic to /admin
RewriteCond %{HTTP_HOST} ^admin\. [NC]
RewriteRule ^(.*)$ /admin/$1 [L]
# Check for www. and add it
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} !^admin\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R,L]
# Add trailing slash if not found
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !favicon.ico
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ /$1/ [R,L]
# Process virtual links/directories
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !favicon.ico
RewriteRule ^(.*)$ index.php/?$1 [QSA,L]
RewriteCond %(HTTP_HOST} !^admin\.somedomain\.com$
RewriteCond %{REQUEST_URI} ^/admin [NC]
RewriteRule ^(.*)$ http://admin.somedomain.com$1 [R,L]
You were missing a leading slash on your RewriteCond match. With the assumption that admin.somedomain.com may be in the same configuration as the other domain, I also added a check to ensure the rule isn't applied if the domain is already admin.somedomain.com. In the RewriteRule, I made a couple of minor modifications: You aren't matching on the right side, so you don't need to escape the dots.
There are some issues with your remaining rules as well. This won't work, for example:
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1
You can't use server variables on that side of the rule.

Resources