Current situation
I've got an old installation of joomla 2.5.28 (blauwelint.nl).
There is a ssl-certificate installed from LetsEncrypt, works like it should.
Force SSL is set to entire site in Joomla settings
Added the following to htaccess to force www:
RewriteCond %{HTTP_HOST} ^domain.nl [NC]
RewriteRule ^(.*)$ https://www.domain.nl/$1 [L,R=301,NC]
https://domain.nl works without errors
Expected behaviour: always force https
Actual behaviour
In a fresh browser it appears also possible to open the site with just http://, regardles of the fact that force ssl is set.
Question
I want https to be forced always, but can't figure out why expected behaviour isnt followed.
I generally do not use the Joomla setting and just use .htaccess rules. If you turn off force SSL in Joomla, you can use the following to force https and www:
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.blauwelint.\nl$ [NC]
RewriteRule ^(.*)$ https://www.blauwelint.nl/$1 [L,R=301]
EDIT: Also, be careful sharing your Joomla version and domain. Support for 2.5.x has ended.
This works for me on Joomla 2.5 and 3.x websites:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Related
Kind of racking my brain on this one. I'm using mod_rewrite to switch non-https requests to https.
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/path/file.htm$
RewriteCond %{HTTP_HOST} !^devel\.example\.com$ [NC]
RewriteRule ^/?(.*) https://www.example.com/$1 [last,redirect=301]
It works as expected except my devel site isn't being excluded from the SSL rewrite rule (devel.example.com gets rewritten to www.example.com). The condition above it (REQUEST_URI) works fine. This is all set in my site file under the VirtualHost setup.
Turns out it was a Coldfusion Application variable gone a muck combined with some cacheing issues.
I have this .htaccess file to redirect http:// to https://
I also did www. to root domain redirection!
www. to root domain works! however https:// redirection doesn't!
If I set RewriteCond %{HTTPS} on to RewriteCond %{HTTPS} off or RewriteCond %{HTTPS} =!on I get a browser error:
The example.com page isn’t working
mysite.com redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS
One edit I did gave me a 500 error but I reverted that back to how it was before! all I did was change: RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} to RewriteRule(.*) https://%{HTTP_HOST}%{REQUEST_URI} or RewriteRule (.*)https://%{HTTP_HOST}%{REQUEST_URI}
Anyone have any Ideas on how to fix this issue?
This is my entire .htaccess file!
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTPS} on [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://antimalwareprogram.co%{REQUEST_URI} [R=301,L,NE]
</IfModule>
RewriteCond %{HTTPS} on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Yes, this will create a redirect loop. The logic is wrong. What this says is... if HTTPS is "on" then redirect to HTTPS. You should be checking if HTTPS is "off" (or "not on", ie. !on).
(By removing the spaces between the arguments you likely created a rewrite loop, hence the 500 error. Spaces are delimiters in Apache config files.)
Try something like the following instead:
RewriteEngine On
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [R=302,L,NE]
This handles both the HTTPS and www canonical redirects. You don't need the first rule. You don't need the <IfModule> container either.
Change the 302 to 301 only when you are sure it's working OK.
Make sure you've cleared your browser cache before testing. 301s get cached hard by the browser.
UPDATE: If this still gives you the same error (a redirect loop) then it's possible that your SSL is managed by a front-end proxy, not your application server. If this is the case then you won't be able to use the HTTPS server variable. See these related questions:
http to https redirection through htaccess: incorrect redirection error
htaccess rewrite - too many redirects
It seems that in this case, ENV:HTTPS (an environment variable) needed to be used in place of HTTPS (Apache server variable). Note, however, that this is non-standard / server specific, as it implies a front-end proxy is being used to manage the SSL.
my server is running an Apache server. So far, everything is okay. But if I try to force SSL trough .htaccess, Chrome/Firefox tells me: "this website redirect loops" or something like that.
I was using this code found here # SO:
RewriteEngine on
First rewrite any request to the wrong domain to use the correct one (here www.)
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Now, rewrite to HTTPS:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}
Chrome says: ERR_TOO_MANY_REDIRECTS
How to solve that?
I achieved this result by setting up the http (rather than https) server to its own site directory which contained the following index.php:
<?php header("Location: https://".$_SERVER["SERVER_NAME"]); ?>
I realise this does not use apache's rewrite features (I am actually already using rewrite for something else and doing it that way would have complicated things), and obviously it'll only work if you're also running PHP, but it is a fairly simple solution. Hope it helps!
Is your SSL cover www.youdomain.com or just yourdomain.com ?
If you use www. you can try this in your .htaccess
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
I'm going crazy – I just checked and rechecked my rules but I still don't understand why the server is producing a redirect loop?
The goal is to force as well www. as SSL.
RewriteCond %{HTTP_HOST} ^example\.com$ [NC,OR]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://www.example.com/$1 [R=301,L]
The redirect works fine for incorrect URLs (either without www. or without SSL), but for correct ones I end up with a infinite redirect loop: https://www.example.com/uiae -> https://www.example.com/uiae
Is it possible that the server cannot handle the HTTPS-variable?
The Apache Documentation states that that variable would be safe to use for Apache 2.2.
I also tried SERVER_PROTOCOL !=https with the same result.
Without my rules I can access as well HTTP as HTTPS URLs, which shows that there is no other rules outside of my .htaccess.
Thanks for your help.
It turned out that the hosting provider (in that case Strato.de) messed around with the support of that variable.
Their statement was
Strato does not support this variable
Which was completely unexpected since it's a standard Apache-Variable, as the documentation states.
A workaround is to use the protocol instead:
RewriteCond %{HTTP_HOST} ^example\.com$ [NC,OR]
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://www.example.com/$1 [R=301,L]
I have SSL installed, and it works when I put the https:// in a link, the certificate is there and everything appears in order. Now, I'm trying to force https at all times for my admin folder by following some instructions I found on other questions here on SO. However, no approach seems to work for me.
This is what I'm trying (in .htaccess):
RewriteCond %{HTTPS} off
RewriteRule ^/admin/$1 https://mydomain.com/admin/$1 [R=301,L,QSA]
What am I doing wrong? I'm on an Apache server.
Try this one:
RewriteCond %{HTTPS} !=on
RewriteRule ^/?admin/ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L,QSA]