How do I redirect if a user tries to direct access image files from browser only?
How to redirect from
https://img.example.com/c/600x1200_90_webp/img-master/img/2022/01/03/08/04/54/95259215_p0_master1200.jpg
to
https://example.com/detail?id=95259215
Is there anyway to do this with cloudflare? I can do this with nginx but if I have cloudflare enabled then the redirect won't work
Related
I am using cloudflare's "flexible ssl" as an intermediary between client and my site.
After setting this up, I went to the browser and tried accessing my site via https:
https://example.com/login
and everything works. I fill in my login info and log in successfully and am not on http://example.com . I manually enter https://example.com/* where * is many other pages and it all works fine.
Now I want to redirect all requests to use the seemingly working https. So i go to my cloudflare account on their website and create a page rule : http://example.com/* to always use https.
Now I go to example.com/login and successfully redirected to https://example.com/login, I fill in my log in information and submit the login form , the page refreshes and I am back to https://example.com/login with an empty login form.
Anyone know what the problem is or how to help troubleshoot?
I am using laravel as a framework for the site and apache as the webserver.
create a page rule : http://example.com/* to always use https
Noted. Be aware that CloudFlare does this by accepting every HTTP request on http://example.com/* and returning a 301 redirect to the equivalent HTTPS request. The browser completes the redirect by sending a GET request to the HTTPS URL.
I fill in my log in information and submit the login form
Check the login form source carefully and check what URL the login form is submitted to. My guess is that the form is submitted to http://example.com/login or something similar. CloudFlare will accept the POST request to http://example.com/login and return a 301 redirect to https://example.com/login -- which your browser will complete as a GET request and hence not sending the login data.
So your best solution is to make sure that your login form POSTs to the correct HTTPS URL not to the HTTP URL.
That's my best guess anyway.
how to help troubleshoot?
Ensure that you are using different log files to distinguish between HTTP and HTTPS requests on your server.
Some other suggestions:
Get a Let's Encrypt SSL certificate and put that on your site so that the communication between CloudFlare and your site is all SSL. https://letsencrypt.org/
Ensure that HSTS is turned on for all of your HTTPS requests so that the browser will know not to send any requests to any HTTP URLs.
Create a development server where you can test all of this working with HTTPS between the browser and the web server without CloudFlare. Once you've got it all working in HTTPS mode without CloudFlare then you can try it with CloudFlare and you should get essentially the same results. Your problem is with the HTTP -> HTTPS switch, not specifically with CloudFlare.
Should be a pretty simple question but I have an NG2 app that will run an apache server, when navigating to the app url i.e. localhost:4200 it will check if the user is authenticated and if they arent authenticated it will redirect to the /login url. This works well but if a user refreshes the webpage on the /login url the app wont load (the base href is "/").
Should I setup a 301 redirect in my .htaccess to redirect hits to /login to /?
I have a video website which I recently changed from http to https.
i.e http://example.com to https://www.example.com.
And I have also made an htaccess entry to automatically 301 redirect all http urls to https.
The old video embed code links given to external customer sites are like :
<script scr="http://example.com/embed_script.js"></script>
Some customer websites also changed to http to https. In those https websites the above link with http protocol won't work because of mixed content. I have no control over the customer sites to change those urls to https. Any automatic redirect solution exists for this ?
You can't fix this unless you get them to use https. You could perhaps locally cache a copy as a workaround, but I've never done that.
I was enabling "Encrypt Login Form" for my joomla website but after user logging in, it always forwarded to https:// url. Is there any easy way to force forwarded url to use http:// ? So the ssl will be used for login or registration purpose only?
Thanks
I'm developing a web application with Facebook Javascript SDK on my server at http://example.com/webapp/. Now I registered a new domain name, say domain.com, with no hosting, and I forwarded with URL masking domain.com to example.com/webapp/, so the web app is still on my server at example.com/webapp/. I've tried to change app settings on Facebook, site domain to domain.com and website URL to domain.com, but the Javascript SDK doesn't work!
I think that the problem is that requests to facebook comes from my server at example.com and the app domain is domain.com. I notice that the JS SDK uses window.location to retrieve the url to be matched with the app domain and website url.. Is there a way to inject the redirect_uri parameter on every JS SDK functions call with the url of my redirecting domain domain.com?
Thanks to all in advice!
Instead of using URL Masking / Forwarding, you should see if you can use your domain domain.com pointing straight to example.com/webapp using Add-on Domains.
I.e. create a virtual host and have the new domain link to the actual files on the old domain name. Fowarding isn't the best way as some forwards use iframes or javascript to redirect.