I need to load my website via HTTP, but all browsers automatically redirect to HTTPS. I have no SSL setup on the site (the domain name is not registered anywhere), nor is the server expecting SSL (AFAIK).
I also run into this when I register a new domain name or make DNS changes for a site and set the IP in my hosts file before the DNS records can propagate, but this is usually resolved within an hour or two.
I manually added a development domain to my servers (not registered anywhere) and manually added the domain to my hosts file.
123.456.789.1 example.dev
I never setup SSL or HTTPS on the server for the domain, but Chrome/Edge/Firefox refuses to load the site over HTTP.
It is a WordPress installation, and I have the URL set to http://example.dev.
option_id | option_name | option_value | autoload
1 | siteurl | http://example.dev | 1
I tried deleting the HSTS settings on the domain in the browser via (chrome|chromium|edge)://net-internals/#hsts.
I set up a 301 to HTTP from HTTPS in the .htaccess file on the site, and a couple other things that escape my memory at this time.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} =on [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
Still, no luck. What else can I do to force HTTP on my non-public site?
EDIT:
It seems as though Chrome now requires all *.dev to have HSTS and HTTPS. I have since begun using a *.test domain name, and my issues are resolved.
HSTS is forced on .dev domains by the browsers.
You will have to use a different domain or set up HTTPS for your web server.
https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/
Related
Currently, I'm making a website and I would like this site to redirect (via .htaccess) to another domain WITHOUT reloading the page. Because in all the tutorials I saw, it loaded the page of the new domain. Outside what I want is that it keeps the page of the base domain while displaying the URL of the new domain.
Example:
redirect this site
https://DOMAIN1.US/folder1/folder2/page.html?param=1¶m=2
to this site
https://DOMAIN2.US/folder1/folder2/page.html?param=1¶m=2
i dont have the access to the main server config. Htaccess cannot "fake redirect" ??
What you are asking for is not a simple "redirect" (which is managed by the browser). You need to configure the server that hosts domain1.com as a "reverse proxy" - since this needs to be managed entirely server-side.
The user sends a request to domain1.com. The server at domain1.com then constructs an internal HTTP request (reverse proxy) to domain2.com. The response from domain2.com is then sent back to the server at domain1.com which then forwards the (possibly "rewritten") response back to the client.
This requires additional modules enabled on the server at domain1.com, ie. mod_proxy, mod_proxy_http and additional (optional) modules such as mod_proxy_html, etc. depending on your requirements.
Ideally, you would then configure this in the server config (or VirtualHost container). Notably, you would need to set ProxyPassReverse (in the server config) to cover the scenario of domain2.com issuing an external redirect to itself. The proxy server needs to rewrite the response headers so that the redirect goes to domain1.com, not domain2.com. ProxyPassReverse cannot be set in .htaccess.
You can then use mod_rewrite with mod_proxy by using the P flag. This part you can do in .htaccess. For example, to proxy the request from https://DOMAIN1.US/folder1/folder2/page.html?param=1¶m=2 to https://DOMAIN2.US/folder1/folder2/page.html?param=1¶m=2.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?domain1\.us [NC]
RewriteRule ^ https://domain2.us%{REQUEST_URI} [P]
If you have access to the server config then you can do this more simply with the ProxyPass directive (no need for mod_rewrite in this instance since the source and target URLs are the same).
Reference:
https://httpd.apache.org/docs/2.4/mod/mod_proxy.html
I have placed my instances behind an ALB that has an ACM provided SSL certificate configured with it. However, when I browse to the web page (that I have configured via Route53's alias record to the App Load Balancer), it says that my connection is not secure.
What am I doing wrong here? Do I need to configure Apache somehow?
I got help from the following site. Added the code below to an .htaccess file that I placed at the app root, i.e., /var/www/html.
Caveat: Be aware that even though my app was running behind a load balancer, .htaccess is disabled by default in EC2 as a security measure and therefore needs to be be enabled by editing etc/httpd/conf/httpd.conf, where you change AllowOverRide = None to AllowOverRide = All
Code for .htaccess:
# Begin force ssl
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ https://your-domain/$1 [R,L]
</IfModule>
Restart apache once you've got this in there. sudo service httpd restart.
If it still doesn't work, clear browser cache. If it doesn't work for www.your-domain.com, it is quite possible that you ordered the certificate for your-domain.com only. Make a new certificate (they are free), with both names added to it.
I am trying to make a post request to http://localhost/donate/payment.php".
It works fine when I run the application locally
However when I change the URL to
"http://ec2-xx-xxx-xx-xxx.ap-southeast-2.compute.amazonaws.com/opt/lampp/htdocs/donate/payment.php"
I get page not found error. I can guarantee that the file is present in the location.
I have tried several things like changing the permission of the the /opt file recursively to 777. Also tried changing the apache server port default port from 80.
I even tried placing a .htacces file inside the donate folder to access the server. the contents are
RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain.com
RewriteRule (.*) http://www.yourdomain.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^www\.yourdomain\.com$
RewriteCond %{REQUEST_URI} !^/WebProjectFolder/
RewriteRule (.*) /WebProjectFolder/$1
All attempts have failed. Is there anything else I am missing here. I have installed bitnami parse server and I am able to access that by http in the browser. It is present in the folder /apps in the root folder.
Does AWS override any security permissions?
Assuming /opt/lampp/htdocs/is your document root, shouldn't the URL be http://ec2-xx-xxx-xx-xxx.ap-southeast-2.compute.amazonaws.com/donate/payment.php?
You might also want to verify a couple of things:
Make sure your security policy has its inbound port 80 open to the public (or where you'll be visiting from)
Assuming you're using Apache httpd, make sure it accepts connections on the external interface or all interfaces (e.g. Listen 80, Listen 0.0.0.0:80, etc)
First, if you actually get an error from your Apache server, the issue has nothing to do with AWS. If there were misconfigured security groups or NACL, you'd never reach port 80 (http).
Second, never ever chmod -R 777, not only can you break your app behavior, but also, especially with PHP, you just opened security risks. Yes, this doesn't matter until your instance becomes part of a botnet and starts sending spam.
At a glance, I would say your Apache configuration lacks something, like a VirtualHost "any":
# from https://httpd.apache.org/docs/2.4/vhosts/examples.html
<VirtualHost *:80>
DocumentRoot "/www/example1"
ServerName www.example.com
# Other directives here
</VirtualHost>
It seems like your default location points to another directory, possibly the default one.
I have two sites in openshift rhc. For the first one I use cloudflare and tk domain by name of www.elasa.ir and set my first site by the name of first.rhcloud.com .
I want to have a sub domain for the first domain similar to dl1.example.com that redirects to the second site in openshift rhc.
I added the dl1.example.com in the secondry site in openshift rhc as a CNAME, and set it to secondery-.rhcloud.com to shope.elasa.ir
and in cloudeflare in setting of example.com.
I added a CNAME record for pointing shope.elasa.ir to secondery-.rhcloud.com
and finally by clicking to dl1.example.com it showing the secondary site, but after another clicking the address-bar change to secondery-.rhcloud.com.
So what i must to do for redirecting the secondery-.rhcloud.com to subdomain (dl1.exmple.com) for all the time:
I added an .htaccess file with this code:
Options +SymLinksIfOwnerMatch
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www\.)?tomatocart-beyhagh.rhcloud\.com$ [NC]
RewriteRule ^(.*)$ "http\:\/\/shope\.elasa\.ir\/$1" [R=301,L]
but I get the following error:
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for
this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies.
You can just create a alias domain in OpenShift console and redirect to your subdomain.
Use cloudflare to create your subdomain and setting a CNAME to secondery-.rhcloud.com.
I'm pulling my hair out on what should be an insanely simple problem. We are running WebSphere IHS (Apache) through an F5 BigIP. BigIP is doing the https translation for us. Our url (changed for web, not valid) is https://superniftyserver.com/lawson/portal.
When someone types in just that without the slash after portal, Apache assumes "portal" to be a file and not a directory. When Apache finds out what it is, it sends the 301 Permanent Redirect. But since Apache knows only http, it sends the URL as http://superniftyserver.com/lawson/portal/ which then creates problems.
So I tried a server level httpd.conf change for mod_rewrite, this is one of the dozens of combinations I've tried.
RewriteEngine on
RewriteRule ^/lawson/portal(.*) /lawson/portal/$1
I also tried
RewriteRule ^/lawson/portal$ /lawson/portal/
Among many other things... What am I missing?
If you can't get an answer on the RewriteRule syntax, here are two other options for you: Write an custom iRule on BigIp (see F5 DevCentral) that looks for 301 responses and convert them to SSL; let the URL pass into your WebSphere server and do a programmatic redirect that sends out HTTPS. However, because F5 terminates the SSL connection, you have to set a custom header that you configure (see PQ86347) so the Java request.getScheme() works as you would expect.
Fixed!
SOL6912: Configuring an HTTP profile to rewrite URLs so that redirects from an HTTP server specify the HTTPS protocol
Updated: 8/7/07 12:00 AM
A ClientSSL virtual server is typically configured to accept HTTPS connections from a client, decrypt the SSL session, and send the unencrypted HTTP request to the web server.
When a requested URI does not include a trailing slash (a forward slash, such as /, at the end of the URI), some web servers generate a courtesy redirect. Without a trailing slash, the web server will first treat the resource specified in the URI as a file. If the file cannot be found, the web server may search for a directory with the same name and if found, send an HTTP 302 redirect response back to the client with a trailing slash. The redirect will be returned to the client in HTTP mode rather than HTTPS, causing the SSL session to fail.
Following is an example of how an HTTP 302 redirect response causes the SSL session to fail:
· To request an SSL session, a user types https://www.f5.com/stuff without a trailing slash.
· The client browser sends an SSL request to the ClientSSL virtual server, which resides on the BIG-IP LTM system.
· The BIG-IP LTM system then decrypts the request and sends a GET /stuff command to the web server.
· Since the /stuff file does not exist on the web server, but a /stuff/ virtual directory exists, the web server sends an HTTP 302 redirect response for the directory, but appends a trailing slash to the resource. When the web server sends the HTTP 302 redirect response, it specifies HTTP (not HTTPS).
· When the client receives the HTTP 302 redirect response, it sends a new request to the BIG-IP LTM virtual server that specifies HTTP (not HTTPS). As a result, the SSL connection fails.
Configuring an HTTP profile to rewrite URLs
In BIG-IP LTM version 9.x you can configure an HTTP profile to rewrite URLs so that redirects from an HTTP server specify the HTTPS protocol. To do so, perform the following procedure:
Log in to the Configuration utility.
Click Local Traffic.
Click Profiles.
Click the Create button.
Type a name for the profile.
Choose http from the Parent Profile drop-down menu.
Under Settings, set Redirect Rewrite to All, Matching, or Nodes, depending upon your configuration
For example:
o Choose All to rewrite any HTTP 301, 302, 303, 305, or 307 redirects to HTTPS
o Choose Matching to rewrite redirects when the path and query URI components of the request and the redirect are identical (except for the trailing slash)
o Choose Node to rewrite redirects when the redirect URI contains a node IP address instead of a host name, and you want the system to change it to the virtual server address
Click Finished.
You must now associate the new HTTP profile with the ClientSSL virtual server.
Try this:
# Trailing slash problem
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -d
RewriteRule ^(.+[^/])$ https://<t:sitename/>$1/ [redirect,last]
LoadModule rewrite_module modules/mod_rewrite.so
make sure that line is somewhere in you httpd.conf file
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/lawson/portal$ RewriteRule ^(.*)$ https://superniftyserver.com/lawson/portal/ [R=301,L]