The following code, which was discussed recently on another post here, works as a charm on my website and subdomain:
RewriteEngine On
# Force www.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
# Force https (SSL)
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
However, on the /blog subfolder, where I have my WordPress-based blog, it doesn't work. What do I mean that it doesn't work? When opening a page on my blog, a secure page (using https) is opened, and that is good. No issues there.
But if on the website or subdomain I manually enter a non-secure link (using just http, without the "s"), it automatically gets redirected to a secure one (https, with the "s"), but on the blog that doesn't happen, even though the same RewriteRule is used .htaccess of the blog subfolder as in the main domain and subdomain subfolder.
The full text of the blog's subfolder's .htaccess file is:
# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blog/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>
# END WordPress
RewriteEngine On
# Force www.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
# Force https (SSL)
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
# Use PHP70 as default
AddHandler application/x-httpd-php70 .php
<IfModule mod_suphp.c>
suPHP_ConfigPath /opt/php70/lib
</IfModule>
On a sidenote, I wasn't sure if I need the second RewriteEngine On, or if perhaps it even makes trouble, so I tried both with and without, with the same result.
Related
I have a bolt application installed and want to do 2 things with my .htacces:
1st) Redirect to the /public/ folder, since bolt displays an error otherwise.
2nd) Change all incoming requests to https://
Seperatly I get them to work, individually I get either: 404, installation error or missing files on the site since the path differs.
I now have the following that redirects to /public/:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule cache/ - [F]
# Some servers require the RewriteBase to be set. If so, set to the correct directory.
RewriteEngine on
RewriteCond %{HTTP_HOST} ^mydomain.ch$ [OR]
RewriteCond %{HTTP_HOST} ^www.mydomain.ch$
RewriteRule ^(.*)$ /public/$1 [PT,L,QSA]
</IfModule>
In an attempt to switch to https:// I tried:
RewriteCond %{REQUEST_URI} /public/$1
RewriteCond %{HTTPS} =off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [PT,L,QSA]
How can I solve it and why is this not working?
I already have a Wordpress website installed to /home/USER/public_html/ and the .htaccess inside the folder looks like:
# BEGIN Redirect Alias Site to Specific Folder
RewriteCond %{HTTP_HOST} customwebsite.com$ [NC]
RewriteRule ^(.*)$ /customwebsite/$1 [L]
# END Redirect Alias Site to Specific Folder
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
The redirect alias rules in the .htaccess file above allows me to route my alias domain to use a different folder thus allowing mulitple websites to be ran from the same cPanel account.
In the folder /home/USER/public_html/customdomain/ I've set the .htaccess rules to:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /customdomain/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /customdomain/index.php [L]
</IfModule>
# END WordPress
It works perfectly fine; however if I try and FORCE HTTPS and NON-WWW using every set of rules I can find on the internet... for example:
<IfModule mod_rewrite.c>
# Force HTTPS & NON-WWW
RewriteEngine On
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP_HOST} !^customdomain\.com$ [NC]
RewriteRule ^ https://customdomain.com%{REQUEST_URI} [R=301,L]
</IfModule>
and what I can make myself and then try and load any of the following:
http://customdomain.com
https://www.customdomain.com
http://www.customdomain.com
They all redirect to:
https://customdomain.com/customdomain/
Which is partly correct, but partly wrong. It shouldn't have the folder at the end of the domain which causes problems because the URL is now incorrect.
Sure if I remove the %{REQUEST_URI} it fixes the redirect issue but if I am using Wordpress for example every URL will be wrong and will throw up a 404 page not found.
How can I fix the Force HTTPS & NON-WWW to allow for this scenario?
You can use this rule as your first rule in /customdomain/.htaccess:
RewriteEngine On
RewriteBase /customdomain/
# Force HTTPS & NON-WWW
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP_HOST} !^customdomain\.com$ [NC]
RewriteRule .* https://customdomain.com/$0 [R=301,L,NE]
RewriteRule ^index\.php$ - [L,NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
Make sure to clear your browser cache or use a new browser for testing.
I have a domain called example.com and within this domain are two sub-domains called:
qa1.example.com
qa2.example.com
All of which have SSL certification. However, I have a .htaccess file as follows:
UPDATED
Options +FollowSymlinks
Options -Indexes
<FilesMatch "\.(tpl|ini|log|xml)">
Order deny,allow
Deny from all
</FilesMatch>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?route=$1 [L,QSA]
RewriteCond %{HTTPS} !=on
RewriteRule %{HTTP_HOST} ^www\.
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=feed/google_base [L]
RewriteRule ^download/(.*) /index.php?route=error/not_found [L]
The following happens:
http://qa1.example.com > redirects to > https://qa1.example.com
http://www.qa1.example.com > redirects to > https://www.qa1.example.com
https://www.qa1.example.com > redirects to > https://www.qa1.example.com
Number 1 is correct, but numbers 2 and 3 need to redirect to https://qa1.example.com without the www.
How can this be achieved? I can include the .htaccess file separately for the two sub-domains.
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Your canonical HTTP to HTTPS and www to non-www redirects should come before your internal rewrites (routing directives). After the RewriteBase directive.
Try the following:
# www to non-www canonicalisation (including subdomains)
RewriteRule %{HTTP_HOST} ^www\.(.*)
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
# HTTP to HTTPS
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
# Internal rewrites / routing goes here...
If you didn't have additional subdomains it would be relatively trivial to combine these into one rule. Also, this should be a 301 (permanent) redirect, rather than a 302 (temporary), which is what the R flag will default to. (However, it can be easier to test with temporary redirects as they aren't cached by the browser.)
UPDATE: The above directives were assuming these were going in your main domains .htaccess file and the subdomains were all controlled from this (in subdirectories off the main domain's document root). They should still work OK for the subdomains .htaccess file, however, they could be optimised into a single rule (at most one redirect, rather than two). For example:
# www to non-www and HTTP to HTTPS canonicalisation
RewriteCond %{HTTPS} !=on [OR]
RewriteRule %{HTTP_HOST} ^www\.
RewriteRule ^ https://qa1.example.com%{REQUEST_URI} [R=301,L]
The above obviously hardcodes the hostname for the subdomain. If you have only two subdomains then that shouldn't be a problem. It is certainly safer.
To generalise the above, you can use the SERVER_NAME variable. However, you need to ensure that UseCanoncialName On is first set in your server config (default is Off), otherwise this will simply hold the hostname from the request (which is part of the problem you're seeing in your question). The ServerName directive also needs to be set to the correct subdomain. eg. ServerName qa1.example.com.
# www to non-www and HTTP to HTTPS canonicalisation
# UseCanonicalName On - must be set in server config
RewriteCond %{HTTPS} !=on [OR]
RewriteRule %{HTTP_HOST} ^www\.
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
I have the following code for my .htaccess file that I've picked up from here and tried adapting it as I understand from .htaccess, yet I can't seem to get it to work (or maybe the browser has cached it but I can't seem to clear it).
Options -Indexes
Options +FollowSymlinks
<IfModule mod_rewrite.c>
########## FORCE SSL ##########
RewriteEngine On
RewriteBase /
# Non-secure requests to www.domain.com should redirect to https://www.domain.com
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.%{HTTP_HOST} [NC]
RewriteRule ^(.*)$ https://www\.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# All secure (HTTPS) traffic should redirect to https://www.domain.com
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.%{HTTP_HOST} [NC]
RewriteRule ^(.*)$ https://www\.%{HTTP_HOST}/$1 [L,R=301]
</IfModule>
I want to make it as generic a possible so I can simply copy and paste it to any site I make so no need to edit it each time - I guess I could also do this in PHP but I think it would be good if .htaccess is also there.
Another point is, can .htaccess be read if i were to go to www.domain.com/.htaccess or do I need to cover that in a 'deny all' kind of thing?
The second argument to the RewriteCond must be a regex, so it cannot contain a variable.
Try adding the following to your .htaccess file in place of the rules you had
#capture top level domain (.com or .co.uk)
RewriteCond %{HTTP_HOST} ([-_a-zA-Z0-9]+\.([a-zA-Z]{2,5}|co\.uk))$ [NC]
RewriteCond %{HTTP_HOST} (www\.)?(.+)$ [NC]
RewriteRule ^ - [E=MY_TLD:%2]
# Non-secure requests to www.domain.com should redirect to https://www.domain.com
RewriteCond %{HTTPS} off
RewriteRule ^ https://www\.%{ENV:MY_TLD}%{REQUEST_URI} [L,R=301]
# All secure (HTTPS) traffic should redirect to https://www.domain.com
RewriteCond %{HTTPS} on
#if host does not start with www
RewriteCond %{HTTP_HOST} !^www\.[-_a-zA-Z0-9]+\.([a-zA-Z]{2,5}|co\.uk)$ [NC]
RewriteRule ^ https://www\.%{ENV:MY_TLD}%{REQUEST_URI} [L,R=301]
Shortest version would be:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteCond %{HTTP_HOST} (www\.)?(.+)$ [NC]
RewriteRule ^ https://www\.%2%{REQUEST_URI} [L,R=301]
Only (somewhat) downside would be that subdomain.example.com gets redirected to www.subdomain.example.com
For whatever reason I can't seem to get this right, I've looked at many examples on here and apache's website. I'm trying to force www.domain.com instead of domain.com on EITHER http or https but I am not trying to force https over http.
the following code seems to work for all https connections but http will not redirect to www.
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.domain\.com$ [NC]
RewriteRule ^ https://www.domain.com%{REQUEST_URI} [R=301]
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\.domain\.com$ [NC]
RewriteRule ^ http://www.domain.com%{REQUEST_URI} [R=301]
You don't need the second RewriteEngine directive. That may or may not be causing a parse issue making the second set of rules not work. To test whether this is the case, try switching the order of the two blocks you have.
It's good practice to use L to modify requests that are definitely the last. So, change [R=301] to [R=301,L] both times it appears.
Largely as a matter of style, I would consider changing the RewriteRule directives to something like (using http or https as appropriate):
RewriteRule ^(.*)$ http://www.domain.com$1 [R=301,L,QSA]
Your rules seem to be fine. You can combine them as follows:
RewriteCond %{HTTP_HOST} !^www\.example\.com$
RewriteCond %{HTTPS}s on(s)|
RewriteRule ^ http%1://www.example.com%{REQUEST_URI} [L,R=301]
Also note the additional L flag to stop the rewriting process after this rule has been applied.
In case anyone still need an answer to this. Use another .htaccess. Get guide from here, I found it and it looks good: http://www.farinspace.com/codeigniter-htaccess-file/
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
### Canonicalize codeigniter URLs
# If your default controller is something other than
# "welcome" you should probably change this
RewriteRule ^(welcome(/index)?|index(\.php)?)/?$ / [L,R=301]
RewriteRule ^(.*)/index/?$ $1 [L,R=301]
# Removes trailing slashes (prevents SEO duplicate content issues)
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)/$ $1 [L,R=301]
# Enforce www
# If you have subdomains, you can add them to
# the list using the "|" (OR) regex operator
RewriteCond %{HTTP_HOST} !^(www|subdomain) [NC]
RewriteRule ^(.*)$ http://www.domain.tld/$1 [L,R=301]
# Enforce NO www
#RewriteCond %{HTTP_HOST} ^www [NC]
#RewriteRule ^(.*)$ http://domain.tld/$1 [L,R=301]
###
# Removes access to the system folder by users.
# Additionally this will allow you to create a System.php controller,
# previously this would not have been possible.
# 'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php/$1 [L]
# Checks to see if the user is attempting to access a valid file,
# such as an image or css document, if this isn't true it sends the
# request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
# Without mod_rewrite, route 404's to the front controller
ErrorDocument 404 /index.php
</IfModule>
Remember, once you have your CodeIgniter htaccess file setup, you will want to go into your “/system/application/config/config.php”, find the following:
$config['index_page'] = "index.php";
and change it to:
$config['index_page'] = "";