Redirect http to https using Symfony - apache

I'm sorry to post a new question for something that has been asked many times but none of the answers I found worked for me.
I have a site in Symfony and I want it to use HTTPS and not HTTP, so I want to redirect the URLs.
For this, I have a .htaccess file in the public:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
And another in the racine, I've tried multiple things but none worked, here are some of my tests:
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Or
RewriteEngine on
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_URI} !^/public/
RewriteRule ^(.*)$ /public/$1 [L]
or
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://myurl [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(([a-z0-9_]+\.)?10.16.10.164)$ [NC]
RewriteRule .? http://%1%{REQUEST_URI} [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ web/$1 [QSA,L]
Unfortunately, I'm not sure to understand right all of these and this is maybe why I'm not able to make it work.
There is other information you will maybe need:
My apache conf has this:
<VirtualHost *:80>
<Location "/">
Redirect permanent "https://%{HTTP_HOST}:8000%{REQUEST_URI}"
</Location>
</VirtualHost>
or
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^/?(.*)$ https:/myurl/$1 [NE,L,R=301
</VirtualHost>
I have this in my security.yaml:
access_control:
- { path: ^/, requires_channel: https}
In my framework.yaml:
trusted_proxies: '192.0.0.1,10.0.0.0/8, myurl'
# trust *all* "X-Forwarded-*" headers
trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-
forwarded-proto', 'x-forwarded-port', 'x-forwarded-prefix']
# or, if your proxy instead uses the "Forwarded" header
trusted_headers: ['forwarded']
I also created a certificate but I read somewhere that it's not a good way to do it with Symfony so I'm not using it. I did this because my error is: SSL_ERROR_RX_RECORD_TOO_LONG
And what I want is to redirect all HTTP to HTTPS and the:8000 to be automatically added.
Any ideas, please?

Related

Stacking 301 redirects? .net to .com, www, https

I have been struggling getting this chain to work:
I want to point example.net to example.com and point everything to https://www.example.com.
So, we have: example.net, www.example.net, example.com, and www.example.com that all need to land on https://www.example.com.
I can get everything but https to work or https for the .com site only.
Any way to set this up?

First to redirect example.net to example.com , put the following code in example.net main root .htaccess file :
RewriteEngine On
RewriteRule (.*) https://www.example.com/$1 [R=301,NE,L]
Then in example.com main root .htaccess file put the following code :
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]
Note: clear your browser cache and test it .

I was finally able to get to this work with:
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https [NC,OR]
RewriteCond %{HTTP_HOST} ^example.net [NC,OR]
RewriteCond %{HTTP_HOST} ^www.example.net [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
#WordPress code
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Redirect to new domain using https Apache

I've got this domain:
www.example.com
And I want to redirect it to
https://www.example2.com
This is what I have in my .htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule (.*)$ https://www.example2.com/$1 [R=301,L]
#Joomla Rules
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_URI} !^/index\.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [L]
</IfModule>
If I try from www.example.com the rules are applied it and redirects me, but when I try from example.com it shows me an insecurity error (NET::ERR_CERT_AUTHORITY_INVALID). How can I make it work both ways?
P.S. both domains point to the same IP

Check the below code for redirect one domain to another domain :
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule (.*)$ http://www.example2.com/$1 [R=301,L]
</IfModule>
OR
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?example.com [NC]
RewriteRule ^(.*)$ http://www.example2.com/$1 [R=301,NC,L]
</IfModule>
I hope it's helpful to you.

Turns out I cannot just redirect to an SSL domain if the redirected domain isn't SSL as well, this post gave me the answer.
Nginx HTTPS 301 redirect to another TLD (hosted on same server) without showing SSL warning
Thank you!

Apache Redirect certain HTTPS requests to HTTP not working

Hi I have been working on this for a while and just know I am doing something stupid but just can not see it. What I want to do is to redirect certain pages so they are always shown using HTTPS and all other pages if they are requested through HTTPS they are redirected as HTTP.
I have done lots of searching around the issue and found accepted answers on Stackoverflow that just did not work for me. So here Is my .htaccess file.
RewriteCond %{HTTPS} on
RewriteCond ${REQUEST_URI} !(finance/enquiryForm)(.*)
RewriteCond ${REQUEST_URI} !(offerentry)(.*)
RewriteRule (.*) http://dev.staging.co.uk/$1 [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule ^(finance/enquiryForm|offerentry)(.*) https://dev.staging.co.uk/$1 [L,R=301]
What is currently happening is that the pages that I want to redirect from https to http work fine but the pages I want to show as HTTPS get a redirect loop and fail. If I comment out the top section the HTTPS pages I do want redirect fine. So how do I get the redirect loop to stop?
EDIT
The full .htaccess file with the codeigniter etc stuff.
Options +FollowSymLinks
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
<Files .*>
Order Deny,Allow
Deny From All
</Files>
#RewriteCond %{HTTPS} on
#RewriteCond ${REQUEST_URI} !/(finance/enquiryForm|offerentry) [NC]
#RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=302,NE]
#RewriteCond %{HTTPS} off
#RewriteCond ${REQUEST_URI} /(finance/enquiryForm|offerentry) [NC]
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302,NE]
# Protect application and system files from being viewed
RewriteRule ^(fuel/install/.+|fuel/crons/.+|fuel/data_backup/.+|fuel/codeigniter/.+|fuel/modules/.+|fuel/application/.+|\.$
# Remove trailing slashes
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} (.*)/$
RewriteCond %{REQUEST_URI} !fuel/.*$
RewriteRule ^(.*)/$ $1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php/$0 [L]
</IfModule>
Options -Indexes

Try these rules based on THE_REQUEST variable:
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} !/(finance/enquiryForm|offerentry) [NC]
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=302,NE]
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} /(finance/enquiryForm|offerentry) [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302,NE]
Test them in Chrome dev tool and see what redirects are you getting.

Try with:
RewriteCond %{HTTPS} on
RewriteCond ${REQUEST_URI} !(finance/enquiryForm|offerentry)
RewriteRule (.*) http://dev.staging.co.uk/$1 [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule (finance/enquiryForm|offerentry) https://dev.staging.co.uk%{REQUEST_URI} [NE,L,R=301]

https htaccess exclude some url

I know this question has been asked a lot, but i try a lot of answers and didnt succeed.
i try those answers:
.htaccess ssl & non-ssl redirects
Remove SSL integration from a specific folder using htaccess
and a few others that i find on google.
i only have ssl on 3 pages of the site and i want to make a general rule, that the other pages should be redirect to http when they are on https. im like Jon Snow i know nothing about apache and htaccess.
so this what i try so far:
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^\/(page1|page2|page3)+ [NC]
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L]
and this:
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/page1/$
RewriteCond %{REQUEST_URI} !^/page2/$
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L]
the part of send to http works but the exception dont or they send all to http or redirect to the index.
to clarify i didnt put both codes at same time.
other rules on:
RewriteCond %{HTTP_HOST} !^www\.example\.com\$
RewriteRule (.*) http://www.example.com.br/$1 [R=301,L]
RewriteRule !\.(js|txt|ico|gif|GIF|jpg|JPG|png|PNG|css|swf|pdf|xml|XML|eot|EOT|ttf|TTF|woff|WOFF)$ index.php
full url as requested:
https://www.example.com.br/area-restrita/
it can have more information after the 'area-restrita' part

Try this code:
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} !/(area-restrita|page2) [NC]
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=302]
RewriteCond %{HTTP_HOST} !^www\.example\.com\$
RewriteRule (.*) http://www.example.com.br/$1 [R=301,L,NE]
RewriteRule !\.(js|txt|ico|gif|GIF|jpg|JPG|png|PNG|css|swf|pdf|xml|XML|eot|EOT|ttf|TTF|woff|WOFF)$ index.php [L,NC]

if you want to redirect the whole site to https except for some particular directories / URLs and in these particular cases you still want them served via http, you can use this technique in virtual.conf; otherwise when the RewriteCond match, the particular pages will always receive the error "404 page not found"
<VirtualHost *:80>
ServerName www.example.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/app1/.*$ [NC]
RewriteCond %{REQUEST_URI} !^/app2/.*$ [NC]
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} !=apps.example.com [NC]
RewriteCond %{REQUEST_URI} ^/app1/.*$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/app2/.*$ [NC]
RewriteRule ^.*$ http://apps.example.com%{REQUEST_URI} [R,L,P]
</VirtualHost>
<VirtualHost *:80>
ServerName apps.example.com
DocumentRoot /home/sites/example.com/public_html
</VirtualHost>

htaccess redirect to https://www

I have the following htaccess code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond !{HTTPS} off
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
I want my site to be redirected to https://www. with HTTPS, and enforcing the www. subdomain,
but when I access http://www. (without HTTPS), it does not redirect me to https://www with HTTPS.

To first force HTTPS, you must check the correct environment variable %{HTTPS} off, but your rule above then prepends the www. Since you have a second rule to enforce www., don't use it in the first rule.
RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
About proxying
When behind some forms of proxying, whereby the client is connecting via HTTPS to a proxy, load balancer, Passenger application, etc., the %{HTTPS} variable may never be on and cause a rewrite loop. This is because your application is actually receiving plain HTTP traffic even though the client and the proxy/load balancer are using HTTPS. In these cases, check the X-Forwarded-Proto header instead of the %{HTTPS} variable. This answer shows the appropriate process

Michals answer worked for me, albeit with one small modification:
Problem:
when you have a single site security certificate, a browser that tries to access your page without https:// www. (or whichever domain your certificate covers) will display an ugly red warning screen before it even gets to receive the redirect to the safe and correct https page.
Solution
First use the redirect to the www (or whichever domain is covered by your certificate) and only then do the https redirect. This will ensure that your users are not confronted with any error because your browser sees a certificate that doesn't cover the current url.
#First rewrite any request to the wrong domain to use the correct one (here www.)
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#Now, rewrite to HTTPS:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If you are using CloudFlare or a similar CDN you will get an infinite loop error with the %{HTTPS} solutions provided here. If you're a CloudFlare user you'll need to use this:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

BAD SOLUTION AND WHY!
Don't ever use the solution below because when you are using their code that is something like:
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.example.com%{REQUEST_URI} [L,R=301]
The browser goes to:
http://example.com
Then redirects to:
https://example.com
Then redirects to:
https://www.example.com
This is too much request to the server.
Most of the answers even accepted one has this problem.
BEST SOLUTION AND THE ANSWER
This code has an [OR] condition to prevent dual changes at url!
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.example.com%{REQUEST_URI} [R=301,L]

This is the best way I found for Proxy and not proxy users
RewriteEngine On
### START WWW & HTTPS
# ensure www.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
### END WWW & HTTPS

There are a lot of solutions out there. Here is a link to the apache wiki which deals with this issue directly.
http://wiki.apache.org/httpd/RewriteHTTPToHTTPS
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e. http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context

To redirect http:// or https:// to https://www you can use the following rule on all versions of apache :
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,L,R]
Apache 2.4
RewriteEngine on
RewriteCond %{REQUEST_SCHEME} http [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,L,R]
Note that The %{REQUEST_SCHEME} variable is available for use since apache 2.4 .

If you are on CloudFlare, make sure you use something like this.
# BEGIN SSL Redirect
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
# END SSL Redirect
This will save you from the redirect loop and will redirect your site to SSL safely.
P.S. It is a good idea to if check the mod_rewrite.c!

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
Notes: Make sure you have done the following steps
sudo a2enmod rewrite
sudo service apache2 restart
Add Following in your vhost file, located at /etc/apache2/sites-available/000-default.conf
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
Now your .htaccess will
work and your site will redirect to http:// to https://www

Similar to Amir Forsati's solution htaccess redirect to https://www but for variable domain name, I suggest:
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%2%{REQUEST_URI} [R=301,L]

Set in your .htaccess file
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

I used the below code from this website, it works great https://www.freecodecamp.org/news/how-to-redirect-http-to-https-using-htaccess/
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
Hope it helps

I try first answer and it doesnt work...
This work:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress