Force to SSL maintaining the URL - apache

I don't have much experience with VHOST and SSL, I tried lot of possibilities but none of them is working.
I have a website with 2 folders:
www.example.com/userpage
www.example.com/adminpage
If I go to www.example.com, my loginsystem automatically redirect to www.example.com/userpage.
If I want to go to the admin section, I have to write manually www.example.com/adminpage.
Now I switched to SSL, and everything is working if I type https://....
But I cannot understand how to force the redirect from http to https.
I wrote this in my apache vhost file:
<VirtualHost *:80>
DocumentRoot "C:/xampp/htdocs"
ServerName example.com
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com
RewriteCond ${HTTPS} !=on
RewriteRule (.*) https://example.com/$1 [R=301,L]
</VirtualHost>
But it's not working.
How can I manage it?
If I write www.example.com/adminpage it have to redirect me to https://www.example.com/adminpage.
Actually it should work for every subfolder, if for example I send an email to a user saying "hey user, please check your account www.example.com/user/check_account.php?userid=14125114
it have to then redirect it to automatically:
https://www.example.com/user/check_account.php?userid=14125114
so it should work for every page and every subfolder.
Thank you for your suggestions

Should be quite simple. Replace this block:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com
RewriteCond ${HTTPS} !=on
RewriteRule (.*) https://example.com/$1 [R=301,L]
With this:
Redirect permanent "/" "https://example.com/"

Related

Trace 301 Redirect Rule and move all request to www subdomain

I have a domain example.com added to the DigitalOcean (Ubuntu 16.04) with Apache2.4.18 and have Wordpress installed on it. The site is running properly.
The problem is, that all the request www.example.com redirects to example.com. I need example.com to redirect to www.example.com.
I see there are 2 ways to do it. 1. .htaccess and 2. Apache config file, currently using 000-default.conf file. I installed letsencrypt ssl, which added the following RewriteRule to 000-default.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com [OR]
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
based on the research online, I did modify the 000-default.conf to
RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
and also tried the following code in .htaccess file.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
Upon doing either of these, I get error of multiple redirection loop. Which basically redirecting example.com to www.example.com and www.example.com to example.com and so on. I tested the same on Redirectcheck.com.
The main issue is I can't seem to find out the first 301 Redirect which is all the request being redirected to exmple.com. If I can disable or overwrite the main 301 Redirect rule then I can achieve all the request to be redirected to www.example.com.
I did my research but I'm hitting my head hard here, any help would be really appreciated. Thank You!
So, I finally traced it down, all the configuration were correct, the only issue was in the WordPress -> Admin Panel -> Setting -> General. I have placed the site_url and main_url as example.com and when I updated it to www.example.com and tested again, It did fix it.

Using .htaccess to redirect all requests to subdomain

I'm hosting a Laravel application on my server and have set up a subdomain to host it in my virtual host.
I have another subdomain on my server and after hours of playing around trying to set up an .htaccess file, I came up with the below which redirects all requests to www.mysite.net/example to my subdomain example.mysite.net (e.g www.mysite.net/example/12345 goes to example.mysite.net/12345)
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(?:www\.)?(mysite\.net)$ [NC]
RewriteRule ^(.*)$ http://example.%1/$1 [R=301,L,NE]
I'm wanting to tweak this to work with Laravel, but it doesn't quite work the same considering Laravel is hosted out of the following path mysite.net/laravel/public rather than mysite.net/example.
How would I edit the above .htaccess to redirect all requests to mysite.net/laravel/public to laravel.mysite.net? I.e mysite.net/laravel/public/12345 would redirect to laravel.mysite.net/12345
Edit
Here is the Virtual Host I have added through Apache
<VirtualHost *:80>
ServerName laravel.mysite.net
DocumentRoot /var/www/laravel/public
<Directory /var/www/laravel/public>
Options -Indexes
</Directory>
</VirtualHost>
Place this rule as your very first rule inside /var/www/laravel/public/.htaccess:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(?:www\.)?mysite\.net$ [NC]
RewriteCond %{THE_REQUEST} /laravel/public/(\S*)\s [NC]
RewriteRule ^ http://laravel.mysite.net/%1 [L,R=302]
You can use redirect rule of htaccess to redirect any directory to a different domain. Use the below code:
Redirect 302 /laravel/public/ http://laravel.mysite.net/
Please let me know if it helps you out.

Apache: Don't apply RewriteRule if requested host is a IP address

How doesn't Apache apply an RewriteRule if the requests isn't the normal domain name but instead the server IP?
Current rules (to make domain just accessible without the www):
RewriteEngine On
RewriteCond %{HTTP_HOST} !^domain.com$ [NC]
RewriteRule ^(.*)$ http://domain.com/$1 [L,R=301]
I tried already to add RewriteCond %{HTTP_HOST} !^123.321.123.321$ [OR] but it seemed not to work.
If you have access to the server config file, this works for me (setting it in httpd.conf):
<Location />
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} !^123.123.123.123$
RewriteRule (.*) http://www.mainsite.example.com/ [L]
</Location>
If I visit the site by IP address, it isn't rewritten. If I use (eg.) http://mainsite.example.com, the address is rewritten (to include the www.). The [L] (when used in httpd.conf) stops rewrite processing there (instead of now trying to rewrite the new address).
In there you can also have
ServerName www.mainsite.example.com
ServerAlias mainsite.example.com
ServerAlias www.mainsite
ServerAlias mainsite
ServerAlias 123.123.123.123
so that people can use any of those addresses (the 2nd and 3rd aliases let internal users omit the domain), instead of rewriting to force or add www.

Redirect wildcard subdomains to subdirectory, without changing URL in address bar

I've read a lot of questions and answers about this on here but none that seem to solve my specific problem.
I want to redirect any subdomain to the subdirectory to match.
So: x.domain.com would go to domain.com/x, and y.domain.com would go to domain.com/y - But I want to do this without the URL in the address bar changing.
Here's what I have so far:
Options +FollowSymLinks
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} !^(www)\. [NC]
RewriteCond %{HTTP_HOST} ^(.*)\.domain\.com [NC]
RewriteRule ^ /%1 [P,L]
But this takes me to a website redirect loop, with an incorrect address in the URL bar where the subdomain still exists.
For example, x.domain.com takes me to x.domain.com/x and I get a redirect loop error.
I'd be grateful if anyone can point me in the right direction! Nothing I change seems to work...
First of all, make sure that the vhost in the apache configuration is properly configured and all subdomains of domain.com are in the same host configuration (wildcard):
<VirtualHost *:80>
ServerName domain.com
ServerAlias *.domain.com
...
You can get the redirect working with the following htaccess configuration:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(.*)\.domain\.com
RewriteRule ^(.*)$ http://domain.com/%1/$1 [L,NC,QSA]
Now, if you open asd.domain.com it should redirect you to domain.com/asd.
You will still have the problem, that the redirect is visible in the URL address bar. In order to prevent this, enable mod_proxy (and load the submodules) on your server and exchange the "L" flag with the "P" flag:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(.*)\.domain\.com
RewriteRule ^(.*)$ http://domain.com/%1/$1 [P,NC,QSA]
If this doesn't work, viewing the vhost configuration and the content of error.log on subdomain calling will be helpful!
References:
.htaccess rewrite subdomain to directory
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
http://httpd.apache.org/docs/2.2/rewrite/flags.html#flag_p
This can be achieved in .htaccess without mod_proxy provided your server is configured to allow wildcard subdomains. (I achieved that in JustHost by creating a subomain manually named *). Add this to your .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.website\.com$
RewriteCond %{HTTP_HOST} ^(\w+)\.website\.com$
RewriteCond %{REQUEST_URI}:%1 !^/([^/]+)/([^:]*):\1
RewriteRule ^(.*)$ /%1/$1 [QSA]
I named the subdirectories under $_SERVER['DOCUMENT_ROOT'] match with my subdomains like so:
/
var/
www/
html/
.htaccess
subdomain1.domain.com/
subdomain2.domain.com/
subdomain3.domain.com/
Where /var/www/html stand as 'DOCUMENT_ROOT'. Then put following code in the .htaccess file:
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/%{HTTP_HOST}/
RewriteRule (.*) /%{HTTP_HOST}/$1 [L]
It works as redirect wildcard subdomains to subdirectories, without changing URL in address bar.
Beside of vhost, you may also put the subdirectories outside root and access it using alias as described here. Then put the same .htaccess code in that location.

How do you redirect HTTPS to HTTP?

How do you redirect HTTPS to HTTP?. That is, the opposite of what (seemingly) everyone teaches.
I have a server on HTTPS for which I paid an SSL certification for and a mirror for which I haven't and keep around for just for emergencies so it doesn't merit getting a certification for.
On my client's desktops I have SOME shortcuts which point to http://production_server and https://production_server (both work). However, I know that if my production server goes down, then DNS forwarding kicks in and those clients which have "https" on their shortcut will be staring at https://mirror_server (which doesn't work) and a big fat Internet Explorer 7 red screen of uneasyness for my company.
Unfortunately, I can't just switch this around at the client level. These users are very computer illiterate: and are very likely to freak out from seeing HTTPS "insecurity" errors (especially the way Firefox 3 and Internet Explorer 7 handle it nowadays: FULL STOP, kind of thankfully, but not helping me here LOL).
It's very easy to find Apache solutions for http->https redirection, but for the life of me I can't do the opposite.
Ideas?
This has not been tested but I think this should work using mod_rewrite
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
Keep in mind that the Rewrite engine only kicks in once the HTTP request has been received - which means you would still need a certificate, in order for the client to set up the connection to send the request over!
However if the backup machine will appear to have the same hostname (as far as the client is concerned), then there should be no reason you can't use the same certificate as the main production machine.
For those that are using a .conf file.
<VirtualHost *:443>
ServerName domain.com
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/domain.crt
SSLCertificateKeyFile /etc/apache2/ssl/domain.key
SSLCACertificateFile /etc/apache2/ssl/domain.crt
</VirtualHost>
Based on ejunker's answer, this is the solution working for me, not on a single server but on a cloud enviroment
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{ENV:HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
If none of the above solutions work for you (they did not for me) here is what worked on my server:
RewriteCond %{HTTPS} =on
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [L,R=301]
all the above did not work when i used cloudflare, this one worked for me:
RewriteCond %{HTTP:X-Forwarded-Proto} =https
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
and this one definitely works without proxies in the way:
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
this works for me.
<VirtualHost *:443>
ServerName www.example.com
# ... SSL configuration goes here
Redirect "https://www.example.com/" "http://www.example.com/"
</VirtualHost>
<VirtualHost *:80>
ServerName www.example.com
# ...
</VirtualHost>
be sure to listen to both ports 80 and 443.
It is better to avoid using mod_rewrite when you can.
In your case I would replace the Rewrite with this:
<If "%{HTTPS} == 'on'" >
Redirect permanent / http://production_server/
</If>
The <If> directive is only available in Apache 2.4+ as per this blog here.
None of the answer works for me on Wordpress website but following works ( it's similar to other answers but have a little change)
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
If you are looking for an answer where you can redirect specific url/s to http then please update your htaccess like below
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} !/(home/panel/videos|user/profile) [NC] # Multiple urls
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} /(home/panel/videos|user/profile) [NC] # Multiple urls
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
It worked for me :)
As far as I'm aware of a simple meta refresh also works without causing errors:
<meta http-equiv="refresh" content="0;URL='http://www.yourdomain.com/path'">