I need to convert all http access to a domain including its potential pages under the main page, to its https equivalent. What I have now just directs all Domain and www.Domain access to https://Domain but not pages that are off the main page. How can I modify the htaccess commands so in addition I can get http://Domain/other-web-pages to go to https://Domain/other-web-pages
RewriteEngine On
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule (.*) https://example.com [L,R=301]
You are close. The redirection works, but you need to actually hand over the requested path too:
RewriteEngine On
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^ https://example.com%{REQUEST_URI} [QSA,L,R=301]
Such general should get implemented in the actual http server's central host configuration. If you have no access to that you can use a distributed configuration file instaed. Such file has to be placed inside the http server's DOCUMENT_ROOT folder.
(An alternative to #arkascha's answer, that builds on your existing code.)
:
RewriteRule (.*) https://example.com [L,R=301]
You are already capturing the requested URL-path (ie. (.*)) but not passing this through to the substitution string. So, all you need is the corresponding backreference ($1) that contains the URL-path. For example:
:
RewriteRule (.*) https://example.com/$1 [L,R=301]
And, if you have other directives, this needs to go near the top of the .htaccess file before any existing rewrites.
You will need to clear your browser cache before testing, since any erroneous 301 (permanent) redirects to the homepage will have been cached by the browser. Test with 302 (temporary) redirects to avoid such caching issues.
Related
i am still new to htaccess. I have a static website, that has a content inside several directories. I use this to redirect 301 all html pages to its https non-www version.
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule (.*) https://example.com/$1 [L,R=301]
I want the website to be dynamic. So after it redirects to https non-www version, i want it to grab the resources from a specific php files. But, i don't know how to do that, while also do the first 301 redirect.
I try to grab the resources by using something like:
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule (.*) https://example.com/$1
RewriteRule (.*)/(.*)/(.*)\.html$ https://note.mathpro.id/$2.php?name=$3 [L,R=302]
This URL http://example.com/category/uncategorized.html retrieves the content from https://example.com/category.php?name=uncategorized, but doesn't redirect it to https://example.com/category/uncategorized.html as it intially did.
Can anyone help?
... i don't know how to do that, while also do the first 301 redirect.
These are two entirely separate tasks that requires two different rules. You should not modify the first (canonical redirect) rule. (For some reason, you have removed the flags argument, ie. [L,R=301] - The L flag is required for the redirect to function as intended.)
RewriteRule (.*)/(.*)/(.*)\.html$ https://note.mathpro.id/$2.php?name=$3 [L,R=302]
This should not be an external redirect, it should be an internal rewrite. In order words, you want the (visible) URL to remain as /category/uncategorized.html. You don't want the end user to see /category.php?name=uncategorized.
For some reason you also have three capturing subpatterns in the RewriteRule pattern (.*)/(.*)/(.*)\.html$, whereas your example URL /category/uncategorized.html only has two?
Your regex should also be more restrictive. The "problem" with the very generic .* is that it is "greedy" and consumes everything, including slashes. So this regex will also match /foo/bar/baz/zip/bah/yop.html. (But which parts will it match/capture exactly?)
Try the following instead:
# 1. Canonical redirect (UNCHANGED)
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule (.*) https://example.com/$1 [L,R=301]
# 2. Rewrite to handler
RewriteRule ^([^/]+)/([^/]+)\.html$ $1.php?name=$2 [L]
This assumes the .htaccess file is located in the document root.
However, a minor problem with the above rewrite is that it rewrites the URL regardless of whether the "handler" (eg. category.php) exists or not. This isn't necessarily a big deal, but it means the 404 is triggered on category.php (the rewritten file-path), not /category/uncategorized.html (the originally requested URL from the user).
To resolve this, you can check whether the target file exists first. For example:
# 2. Rewrite to handler if it exists
RewriteCond %{DOCUMENT_ROOT}/$1.php -f
RewriteRule ^([^/]+)/([^/]+)\.html$ $1.php?name=$2 [L]
I am trying to fix this error I had after adding these rules for HTTPS and non-www to .htaccess file on top
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=301,QSA]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=301,QSA]
it did fix the HTTPS and non-www but it messed this rule
RewriteRule ^product/([0-9]+)$ product.php?p=$1 [NC,L,QSA]
it's now changing this URL whenever there is no HTTPS or no www
from : www.example.com/product/2443
to : www.example.com/product.php/2443?p=2443
I want it to go back to this again:
www.example.com/product/2443
It sounds like you've put the directives in the wrong order. Your canonical redirects (HTTP to HTTPS and non-www to www) need to be at the top of the .htaccess file before your internal rewrites.
Also, since you are internally rewriting to a file with the same basename as the requested URL-path you will need to make sure that MultiViews is disabled to prevent mod_negotiation from internally issuing a subrequest for /product.php/2443 before mod_rewrite is able to process the request. For example, at the top of your .htaccess file add the following to ensure that MultiViews is disabled:
Options -MultiViews
You will need to clear your browser cache, since these erroneous (301 - permanent) redirects will have been cached by the browser.
Aside:
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=301,QSA]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=301,QSA]
Reverse these two rules to avoid a double redirect when requesting HTTP + non-www. However, you should leave these as they are if you are planning to implement HSTS.
The QSA flag is not required on either of these rules.
And the capturing RewriteRule pattern (ie. (.*)) is superfluous. It would be more efficient to just use ^ (or $) - an assertion - since it only needs to be successful for everything, it doesn't need to actually match anything.
I have this .htaccess file to redirect http:// to https://
I also did www. to root domain redirection!
www. to root domain works! however https:// redirection doesn't!
If I set RewriteCond %{HTTPS} on to RewriteCond %{HTTPS} off or RewriteCond %{HTTPS} =!on I get a browser error:
The example.com page isn’t working
mysite.com redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS
One edit I did gave me a 500 error but I reverted that back to how it was before! all I did was change: RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} to RewriteRule(.*) https://%{HTTP_HOST}%{REQUEST_URI} or RewriteRule (.*)https://%{HTTP_HOST}%{REQUEST_URI}
Anyone have any Ideas on how to fix this issue?
This is my entire .htaccess file!
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTPS} on [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://antimalwareprogram.co%{REQUEST_URI} [R=301,L,NE]
</IfModule>
RewriteCond %{HTTPS} on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Yes, this will create a redirect loop. The logic is wrong. What this says is... if HTTPS is "on" then redirect to HTTPS. You should be checking if HTTPS is "off" (or "not on", ie. !on).
(By removing the spaces between the arguments you likely created a rewrite loop, hence the 500 error. Spaces are delimiters in Apache config files.)
Try something like the following instead:
RewriteEngine On
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [R=302,L,NE]
This handles both the HTTPS and www canonical redirects. You don't need the first rule. You don't need the <IfModule> container either.
Change the 302 to 301 only when you are sure it's working OK.
Make sure you've cleared your browser cache before testing. 301s get cached hard by the browser.
UPDATE: If this still gives you the same error (a redirect loop) then it's possible that your SSL is managed by a front-end proxy, not your application server. If this is the case then you won't be able to use the HTTPS server variable. See these related questions:
http to https redirection through htaccess: incorrect redirection error
htaccess rewrite - too many redirects
It seems that in this case, ENV:HTTPS (an environment variable) needed to be used in place of HTTPS (Apache server variable). Note, however, that this is non-standard / server specific, as it implies a front-end proxy is being used to manage the SSL.
I am using a Magento installation with the one step checkout plugin, meaning I have very few pages that need HTTPS. I want to control HTTPS search indexing and user access by redirecting the whole HTTPS version of the site except of course for the secure checkout.
The secure checkout section is /onestepcheckout/ (and also includes some sub pages of that, i.e. onestepcheckout/failure).
This is what I have so far but the HTTPS is not kicking in on the checkout page with this code, the redirect works in all other case (i.e. I send index HTTPS to index HTTP) just the exception that is broken:
#Redirect HTTPS to HTTP except checkout
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^onestepcheckout
RewriteRule ^(.*)$ http://www.mysite.co.uk/$1 [R=301,L]
#Require SSL on checkout
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} ^onestepcheckout\/?$
RewriteRule ^(.*)$ https://www.mysite.co.uk/$1 [R=301,L]
I am also vaguely cautious that the /onestepcheckout/ does not contain secure resources and therefore an exception may need adding to images and style sheets etc.
Don't forget that while the paths in the RewriteRule are evaluated relative to the context of the .htaccess file, the REQUEST_URI variable relates back to the actual request and therefore contains the initial slash.
So you need
RewriteCond %{REQUEST_URI} ^/onestepcheckout\/?$
Alternatively, you could refer to the captured part from the rewrite rule:
RewriteCond $1 !^onestepcheckout/
Try this :
RewriteCond %{REQUEST_URI} onestepcheckout
RewriteCond %{HTTPS} !off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
I want to one of my site's page will use only HTTPS.
I have given manually link to all sites to https.
But I want that if user manually types that page URL with http then it should be redirected to https page.
So if user types:
http://example.com/application.php
then it should be redirected to
https://example.com/application.php
Thanks
Avinash
Here's a couple of lines I used in an .htaccess file for my blog, some time ago :
RewriteCond %{HTTP_HOST} =www.example.com
RewriteCond %{REQUEST_URI} ^/admin*
RewriteCond %{HTTPS} !=on
RewriteRule ^admin/(.*)$ https://www.example.com/admin/$1 [QSA,R=301,L]
Basically, the idea here is to :
determine whether the host is www.example.com
and the URL is /admin/*
Because I only wanted the admin interface to be in https
which means this second condition should not be useful, in your case
and https is off (i.e. the request was made as http)
And, if so, redirect to the requested page, using https instead of http.
I suppose you could use this as a starting point, for your specific case :-)
You'll probably just have to :
change the first and last line
remove the second one
Edit after the comment : well, what about something like this :
RewriteCond %{HTTP_HOST} =mydomain.com
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://mydomain.com/$1 [QSA,R=301,L]
Basically :
using your own domain name
removing the parts about admin
Try this rule:
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^application\.php$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This rule is intended to be used in the .htaccess file in the document root of your server. If you want to use it in the server configuration file, add a leading slash to the pattern of RewriteRule.
use this:
RewriteEngine On
# Turn SSL on for /user/login
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/user/login
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
# Turn SSL off everything but /user/login
RewriteBase /
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/user/login
RewriteRule ^(.*)$ http://%{HTTP_HOST}$1 [R=301,L]
website
open httpd.conf or .htaccess file (mod_rewrite not required):
# vim httpd.conf
Append following line :
Redirect permanent / https://example.com/