I want to redirect any traffic that goes to http://example.com to https://example.com
same for http://example.com/about to https://example.com/about
I thought it would be something like this:
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
This works for me:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
If the traffic is coming in over non-SSL HTTP, then redirect to the HTTP equivalent of whatever page the user was originally trying to access. It also doesn't involve any mod_rewrite options, so it's easy to read.
Side rant: why does everyone feel the need to explicitly set the HTTP code of the redirect and mark one of their rewrites as the "last" one? Seriously, I've seen dozens of same-looking htaccess rules in just the last few days.
This is a previous answer using .httaccess but adding changes proposed in the comments, and some from me:
RewriteEngine on
RewriteBase /
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://my.domain.name%{REQUEST_URI} [L,R=301]
Notes:
This is for the cases where user doesn't have access to main configuration, but has access to .htaccess rules. If you have access to main configuration, use mod_alias solution instead.
For me the rule was not picked up without defining RewriteBase. Explicitly defining it gets rid of ambiguity with some server setups.
At least on some configurations, %{HTTPS} is not set to off when using http, but is null, so !on is more reliable rule than off.
For explicit host name, you don't rely on client side Host header or server configuration. However, explicit host name natually assumes there is only one domain to redirect. Host header poses some considerable problems, such as containing port and being client-supplied data. Another alternative, as suggested by Apache Wiki, is to use %{SERVER_NAME}. If you consider using that, check out caveat from this discussion - it relies on other configuration being correct.
R=301 means it's permanent redirect, as it's usually meant to be in this case. If you instead think it's temporary, that can be left out or specified as R=302.
L means it's last rule to be applied for this request. Leave it if you suspect or know there are other rules after this that you don't want to get applied. You can remove if this is the only rule of the file.
According to the Apache documentation, using mod_alias is more appropriate than mod_rewrite for this task. That is, in order to redirect all HTTP traffic to HTTPS, one would:
<VirtualHost *:80>
ServerName www.example.com
Redirect permanent / https://www.example.com/
</VirtualHost >
<VirtualHost *:443>
ServerName www.example.com
# ... SSL configuration goes here
</VirtualHost >
Two things to note about this configuration:
You need access to the main server configuration file in order for this configuration to work. The VirtualHost directive is only valid in the "server config" context.
Keep in mind that mod_rewrite directives are processed before mod_alias directives. If you've already got a massive block of RewriteRules in your .htaccess file, you might be better off with the mod_rewrite configuration.
why not just plain and simple?
rewriteCond %{HTTPS} !on
rewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
it has worked to me, and seems to me clear. Cheers.
Working in all conditions is:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [NE,L,R=301]
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
<IfModule>
After some research this what worked for me, a bit different version.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Related
Does anyone know a way to do a permanent redirect from a.example.com to b.example.com? I have other subdomains that need to remain as they are though. so:
first.example.com -> second.example.com
third.example.com is fine
fourth.example.com is fine
I want to do this in the <VirtualHost> block rather than an .htaccess to avoid having to redeploy again.
Any thoughts would be appreciated, thanks
Add the following RewriteRule to your VirtualHost
RewriteEngine On
RewriteCond %{HTTP_HOST} ^first.example.com$
RewriteRule ^ http://second.example.com [R=301,L]
If you wanted to redirect first.example.com/some/url to second.example.com/some/url:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^first.example.com$
RewriteRule /(.*) http://second.example.com/$1 [R=301,L]
Recommend you use [R=302] whilst testing the rules to avoid problems with 301s getting cached by your browser.
I'm having trouble getting these redirects to work under all conditions. I'm hoping I can fix it with .htaccess but there may be something mucked up with the way I'd previously tried to force redirects through my host's control panel.
Anyway, olddomain.com/whatever, with http:// or https:// and with or without www should permanently redirect to https://www.newdomain.com/whatever.
At one point I had everything except https://olddomain.com redirecting properly. Now I've broken it and I'm just getting the too many redirects error.
I believe both domains have a Let's Encrypt certificate attached to them. The old domain doesn't need to be secured if that makes a difference.
According to https://serverfault.com/a/728957, you can use this snippet to help redirect users to a https://www of the site.
RewriteEngine On
# ensure www.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Hope that helps!
I change the .htaccess file and I added this:
RewriteCond %{HTTPS} !on
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
but when I try to access the page, it gives me this error:
ERR_TOO_MANY_REDIRECTS
I cleared all my cache and cookies, I tried it with another browser, and it didn't work.
Please help me
It appears that some versions of the apache http servers ssl module do not set the %{HTTPS} variable, quite in contrast to what the documentation claims. Have a try using this alternative:
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,QSA]
And a general hint: you should always prefer to place such rules inside the http servers (virtual) host configuration instead of using dynamic configuration files (.htaccess style files). Those files are notoriously error prone, hard to debug and they really slow down the server. They are only provided as a last option for situations where you do not have control over the host configuration (read: really cheap hosting service providers) or if you have an application that relies on writing its own rewrite rules (which is an obvious security nightmare).
Add RewriteEngine On to your first line, vai parecer assim:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Last line you could change to something like:
RewriteRule ^(.*)$ https://www.example.com/$1
Where https://www.website.com add your own domain.
That should send you on the right way
What is the proper .htacess rule to redirect every request by a user to any page on my server to https://that page
For example, mydomain.com or http://mydomain.com would go to https://mydomain.com
Also, mydomain.com/projects/1.html would go to https://my domain.com/projects/1.html
No matter how deep the requests go, all requests from the browser go to be https://that location.
How would I do this?
RewriteEngine on
RewriteRule (.*) https://mydomain.tld$1
Ensure the vhosts are in different folders so it doesn't go recursive obviously.
If you are using Apache, you need to use mod_ssl by using the SSLRequireSSL Directive.
then you need to use mod_rewrite for a redirection.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I am currently using this .htaccess to redirect all the requests for pages with a directory to my index.php
RewriteEngine on
RewriteCond $1 !^(index\.php|cas)
RewriteRule ^(.*)$ /seattle/index.php/$1 [L]
And this works just fine and produces urls that hide the index.php, and I have code in index.php that makes urls clean looking.
But now I need to force pages to connect via ssl, so I tried
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteCond $1 !^(index\.php|cas)
RewriteRule ^(.*)$ https://example.com/seattle/index.php/$1 [L]
and it works to force ssl, but now it also forces the url to include the index.php:
https://example.com/seattle/index.php/pagename
instead of what I want
https://example.com/seattle/pagename
What am I missing?
To change protocol (HTTP -> HTTPS) and/or domain name (www.example.com -> example.com) the proper redirect ("301 Permanent Redirect" or "302 Found/Temp Redirect") is required.
Therefore you cannot combine rewrite and redirect and still showing original URL. It has to be 2 different rules and the one for changing protocol/domain should be listed first. For example:
RewriteEngine on
# force HTTPS for all URLs
RewriteCond %{HTTPS} =off
RewriteRule . https://example.com%{REQUEST_URI} [R=301,L]
# other rewrite rules
RewriteCond $1 !^(index\.php|cas)
RewriteRule ^(.*)$ /seattle/index.php/$1 [L]
The rule I have added will redirect ALL HTTP URLs to HTTPS. If you need only some of them to be redirected -- add appropriate conditions via additional RewriteCond line(s).
The %{HTTPS} is the most common and kind of "proper" way of checking if SSL is ON or OFF (but it is all depending on your specific circumstances and server config). When checking against %{HTTPS} you are safe against situation when your site is running on non-standard port (other than 80). You can use %{SERVER_PORT} =80 instead (will work for majority of cases).
With the above rules the rewrite for http://example.com/seattle/pagename will occur in 2 steps:
301 Redirect to https://example.com/seattle/pagename
Rewrite (internal redirect) to /seattle/index.php/pagename