I got help from this site to get functioning code for .htaccess:
# force https for /login.php and /register.php
RewriteCond %{HTTPS} off
RewriteRule ^(login|register)\.php$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# don't do anything for images/css/js (leave protocol as is)
RewriteRule \.(gif|jpe?g|png|css|js)$ - [NC,L]
# force http for all other URLs
RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !(login|register)\.php$
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
But now I realize I also need to add a couple of directories to these rules. How can this be done?
Why doesn't the following work:
# force https
RewriteCond %{HTTPS} off
RewriteCond %{SCRIPT_FILENAME} ^(securimage|ADM)/(.*)$
RewriteCond %{SCRIPT_FILENAME} ^(login|register)\.php$
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# don't do anything for images/css/js (leave protocol as is)
RewriteRule \.(gif|jpe?g|png|css|js)$ - [NC,L]
# force http for all other URLs
RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !(securimage|ADM)/(.*)$
RewriteCond %{SCRIPT_FILENAME} !(login|register)\.php$
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I've tried a few different variances, nothing's working. :(
I solved it by putting separate .htaccess files in the directories I wanted to secure, containing:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Related
I have been using the following .htaccess for some time now to redirect non-https to https:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
This week however an SEO expert told me this gives 2 redirects for links like this:
www.example.com/test
The first to http s ://www.example.com/test
The second to http s ://www.example.com/test /
Apparantly this is bad for SEO so I have tried adding a / to the last line, this doesn't work for files, e.g.
www.example.com/test.php => https://www.example.com/test.php/
I have done some searching but I can't seem to find a solution for both issues. Can anyone point me in the right direction?
How about adding a check for the directory in the rule (one for directories and one for files):
<IfModule mod_rewrite.c>
RewriteEngine on
# for directories without trailing slashes
RewriteCond %{HTTPS} !=on [NC]
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_URI} [^/]$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}/ [R=301,L]
# for everything else
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
However, there's a good chance this won't work since the redirect from /test to /test/ isn't happening via Rewrite, but via mod_dir's DirectorySlash directive. If you really want to just make this one redirect (I don't think the impact is that serious), then you can turn DirectorySlash off and have that redirect happen via mod_rewrite instead:
DirectorySlash Off
<IfModule mod_rewrite.c>
RewriteEngine on
# for directories without trailing slashes
RewriteCond %{HTTPS} !=on [NC]
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_URI} [^/]$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}/ [R=301,L]
# for everything else
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Add trailing slashes for directories that have them missing
RewriteCond %{HTTPS} on [NC]
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_URI} [^/]$
RewriteRule ^(.*)$ %{REQUEST_URI}/ [R=301,L]
</IfModule>
I'm trying to force HTTPS using the .htaccess of a site running expression engine.
As of right now you are able to go to the site using https:// but when i add any of these rules it presents a redirect loop.
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
or
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
or
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://mydomain.com/$1 [R,L]
and also this fancy one
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
and I've also tried rearranging all the rules on each of them so I'm pretty sure it has something to do with the conditions matching when they shouldn't.
I've also read some things about load balancers redirecting things counter to the .htaccess
from here:
.htaccess redirect loop when trying to add forced HTTPS rule (Amazon Elastic Beanstalk) and here: https://serverfault.com/questions/283525/force-ssl-on-one-page-via-htaccess-without-looping
i think my client is using inmotion hosting but I don't have access to the load balancer settings so I want to make sure that is the problem.
here is the entire htaccess. I removed some of the default expression engine stuff, but it was also not working before I did that.
<IfModule mod_rewrite.c>
# Enable Rewrite Engine
# ------------------------------
RewriteEngine On
RewriteBase /
# RewriteCond %{HTTPS} off
# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# RewriteCond %{HTTP:X-Forwarded-Proto} !https
# RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
# Redirect index.php Requests
# ------------------------------
RewriteCond %{THE_REQUEST} ^[^/]*/index\.php [NC]
RewriteCond %{THE_REQUEST} ^GET
RewriteRule ^index\.php(.+) $1 [R=301,L]
# Standard ExpressionEngine Rewrite
# ------------------------------
RewriteCond $1 !\.(css|js|images|gif|jpe?g|png) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
</IfModule>
(I have them disabled because the site is live)
You might be better off posting on the EE Stack Overflow site. Or have a search on it as there's a few answers relating to https and .htaccess
Here's a post I replied to previously with an answer you might want to try:
https://expressionengine.stackexchange.com/questions/7601/adding-a-htaccess-redirect-to-https-that-plays-nicely-with-existing-ee-htacces/7659#7659
If this condition didn't work:
RewriteCond %{SERVER_PORT} !^443$
Try this:
RewriteCond %{HTTPS} !=on
Instead of this one:
RewriteCond %{HTTPS} off
I've had the same situation and here's what just worked for me with an EE3 site:
#non-www to www
RewriteCond %{HTTP_HOST} !^www\.domainname\.co.uk$
RewriteRule (.*) https://www.domainname.co.uk/$1 [R=301,L]
# Force HTTPS
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Removes index.php from ExpressionEngine URLs
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteCond %{REQUEST_URI} !/system/.* [NC]
RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]
I have a very simple question that for some reason I cannot figure out, and hours of searching has not helped either. Using an .htaccess file, how can I redirect just /login.php and /index.php to https, and then redirect any other page to just http? I currently use this code to redirect to https, but it redirects every page:
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*) https://www.ruxim.com/$1 [R]
thank you very much.
The %{SERVER_PORT} variable depends on the UseCanonicalPhysicalPort in your config. If it's not setup, then you may not be able to match against that variable, easier to use %{HTTPS} instead.
RewriteCond %{HTTPS} off
RewriteRule ^/?(login|index)\.php https://www.ruxim.com%{REQUEST_URI} [L,R]
RewriteCond %{HTTPS} on
RewriteRule !^/?(login|index)\.php http://www.ruxim.com%{REQUEST_URI} [L,R]
If you don't need the redirect to non-https, then you don't need the second rule.
Try something like this;
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_FILENAME} =index.php [OR]
RewriteCond %{REQUEST_FILENAME} =login.php
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
I'm note 100% sure if the [OR] will comply suddenly in the middle.
Please apply following conditions to secure only /login.php and /index.php pages. Other pages will be work on HTTP path (non-secure pages).
RewriteEngine On
RewriteBase /
# force https for /login.php and /index.php
RewriteCond %{HTTPS} =off
RewriteRule ^(index|login)\.php$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# don't do anything for images/css/js (leave protocol as is)
RewriteRule \.(gif|jpe?g|png|css|js)$ - [NC,L]
# force http for all other URLs
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/(index|login)\.php$
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I am having a conflict between a couple of redirects causing issues.
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ https://www.mywebsite.org/ [R=301,L]
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Options +FollowSymLinks -MultiViews
RewriteCond %{REQUEST_FILENAME} !403\.shtml
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php?a_aid=$1 [NC,L,R=301]
The issue I am running into is that when someone enters a non secure url it forwards them to
http://www.mywebsite.org/index.php?a_aid=https://www.mywebsite.org/url
My bet is that you'll need to add the [L] at the end of your line :
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
The L tag tells the code to stop running if the rule is applied, in your case it keep goin so the last rule is applied..
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
i think this is what i sould be.
In this section you wil find the different flag you can apply to your rules. i suggest you add the NC flag too (as for no case) so it match HTTPS also
http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule
Firstly, I would like to remove the www. from my domain name
http://www.example.com => http://example.com
I would also like for certain directories to be secure (https), while the rest remain http
http://example.com/login => https://example.com/login
Obviously it needs to work for all conditions, for example if someone types in:
http://www.example.com/login => https://example.com/login
Also when people navigate away from the login page it returns to http. Currently in the .htaccess is the following which is done automatically by the software I am using and I suppose needs to be there for it to work:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* ./index.php
Any ideas on how I can achieve dream control all these things?
Thanks in advance!
===================
#Gumbo Following your advice this is my complete .htaccess
RewriteEngine On
# remove www from host
RewriteCond %{HTTP_HOST} ^www\.(.+)
RewriteCond %{HTTPS}s/%1 ^(on(s)|offs)/(.+)
RewriteRule ^ http%2://%3%{REQUEST_URI} [L,R=301]
# force HTTPS
RewriteCond %{HTTPS} =off
RewriteRule ^(login)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# force HTTP
RewriteCond %{HTTPS} =on
RewriteRule !^(login)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* ./index.php
Options -Indexes
Navigating to http://example/login still goes to http://example/index.php when it should go to https://example/login Do I have the order wrong?
Try these rules:
# remove www from host
RewriteCond %{HTTP_HOST} ^www\.(.+)
RewriteCond %{HTTPS}s/%1 ^(on(s)|offs)/(.+)
RewriteRule ^ http%2://%3%{REQUEST_URI} [L,R=301]
# force HTTPS
RewriteCond %{HTTPS} =off
RewriteRule ^(login|foo|bar|…)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# force HTTP
RewriteCond %{HTTPS} =on
RewriteRule !^(login|foo|bar|…)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
You also might want to add some additional conditions to only change the protocol on GET and HEAD requests but not on POST requests.
This code works for me:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
remove www (tested):
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{HTTP_HOST} ^www\.yoursite\.com$ [NC]
RewriteRule ^(.*)$ http://yoursite.com/$1 [L,R=301]
redirect (not tested):
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{THE_REQUEST} \/login/?.*\ HTTP [NC]
RewriteRule ^(.*)$ https://yoursite.com/login [L,R=301]
After reading this all post time line i have get success for following error: My website(c4dprime.com) was attached https: in mozilla firefox browser. Google and internet explore are show domain address as http: (The real problem in firefox) I did not want https: for my domain in any browser because one unknow redirect attached with my domain by https: (Cause for this error)after Installing following plugins in wordpress,(Easy redirect for ssl).... I have told to every one do not use any low level plugins for wordpress.
Anyway! After reading many articles and tutorials at this topic via google search engine. Now i am happy to say i have solve this problem from this post tips. Remember one thing about me i am new to in this form and wordpress.
This tip is help full for me
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{HTTP_HOST} ^www\.yoursite\.com$ [NC]
RewriteRule ^(.*)$ http://yoursite.com/$1 [L,R=301]
After edit or some changes in my .htaccess file following code i have use now with solved this error.
AddHandler c4d-prime .com
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteBase /
RewriteRule ^$ http://www.c4dprime.com/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress