I inherited the following .htaccess file from the previous web developer. I am totally baffled by some of the rules here and getting endless loops on things.
<IfModule mod_security.c>
SecRuleRemoveByID 000014
</IfModule>
RewriteEngine On
RewriteBase /
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]
# STRIP .HTML FROM DISPLAY
RewriteCond %{REQUEST_URI} !^/(dashboard|editor/.*)$
RewriteCond %{THE_REQUEST} ^(.+)\.html([#?][^\ ]*)?\ HTTP/
RewriteRule ^(.+)\.html$ /$1 [R=301,L]
RewriteCond %{REQUEST_URI} !^/(dashboard|editor/.*)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^/]+)/$ $1.html
RewriteRule ^([^/]+)/([^/]+)/$ /$1/$2.html
RewriteCond %{REQUEST_URI} !^/(dashboard|editor/.*)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/)$
RewriteRule (.*)$ /$1/ [R=301,L]
What I'm trying to accomplish is the following:
Append www. to all incoming URLs
Redirect all http requests to https
Display all incoming .html URLs without the .html
We have an angular app in /dashboard and /editor and we need to make sure that we exclude those directories from any rewrite rules.
PLEASE HELP!
turn on debugging via
LogLevel alert rewrite:trace6
(on apache2.4 and up)
and trace it. see
How to debug Apache mod_rewrite
I can imagine several bad news cases, including where apache is behind some sort of reverse proxy, talking to it via port 80 so the http->https rule gets re-invoked forever.
Related
I am having a problem while redirecting a page whose URL was changed but I want old URL to be redirected to new. Here is .htaccess file
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/system.*
RewriteRule ^(.*)$ index.php?/$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?/$1 [L]
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.example.com [NC]
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]
RewriteEngine On
RewriteRule ^contactus/$ http://example.com/contact-us/ [R=301,L]
Using mod_rewrite in the last line I am not getting redirected to new URL but when I use mod_alias(Redirect) rule I get redirected to new URL but Old URL gets appended to in it in this format.
https://example.com/contact-us/?/contactus/
I have searched Stack Overflow for solution to this problem and tried many similar scenarios but that didn't work.
Have it like this the given order.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,NE,L]
RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [L,NE,R=301]
RewriteRule ^contactus/$ /contact-us/ [R=301,NC,L]
RewriteCond %{REQUEST_URI} ^/system [NC]
RewriteRule ^(.*)$ index.php?/$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?/$1 [L]
RewriteEngine On is not required multiple times in same .htaccess.
Make sure to clear your browser cache before testing the change.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.example.com [NC]
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]
RewriteEngine On
RewriteRule ^contactus/$ http://example.com/contact-us/ [R=301,L]
Your mod_rewrite external redirects (the last three rules) are in the wrong place. These need to be before the internal rewrite (front-controller). By placing them at the end of the file they are never going to get processed for any URL other than static resources, since all other URLs are routed to index.php, at which point processing stops.
when I use mod_alias(Redirect) rule I get redirected to new URL but Old URL gets appended
Different modules are processed independently regardless of the order of the directives in the config file. mod_alias is processed after mod_rewrite - but it is processed. However, the Redirect directive is prefix matching and everything after the match is appended onto the end of the target URL.
And there's no need to repeat the RewriteEngine directives
Have your directives like this:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]
RewriteRule ^contactus/$ http://example.com/contact-us/ [R=301,L]
RewriteCond %{REQUEST_URI} ^/system
RewriteRule ^(.*)$ index.php?/$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?/$1 [L]
And make sure to clear your browser cache before testing. Preferably test with 302 (temporary) redirect to avoid caching issues.
After installing ssl and making all pages https by using htaccess I realised that my website actually cannot run with https because it has a lot of embeded code with http protocol which cannot be changed to https or removed, but simply removing the rewrite rule which forces https does not work because google has indexed all pages with https, so now most part of the google search traffic goes to https version of website and they see mixed content error.
I tried to implement examples that I found in forums but when I apply this code
RewriteCond %{HTTPS} on [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
the browser always redirects from https://example.com/anypage to http://example.com/index.php
Here is the full code from .htaccess file
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#Force non-www:
RewriteCond %{HTTP_HOST} ^www\.example\.com[NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]
RewriteCond %{HTTPS} on [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
I know this sounds like a duplicate but I have tried as many methods as I can find and I still have not gotten this to work. So please do not auto mark this as a duplicate.
I am trying to redirect all pages of http://www.domian.com to https://www.domain.com with the exception of three pages:/products/product1, /products/product2, /products/product3
I also want those pages to always direct to http since if an https page links to it via a relative link, it will naturally have the https already there.
Also in play is that this is an expression engine site where I am removing the index.php from the URI.
Current Htaccess, which results in those three pages still being https even I go to Http for those pages.
### secure .htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
### EE 404 page for missing pages
ErrorDocument 404 /index.php/site/404
###Block Access to directories with no index file
Options -Indexes
### Simple 404 for missing files
<FilesMatch "(\.jpe?g|gif|png|bmp|css|js|flv)$">
ErrorDocument 404 "File Not Found"
</FilesMatch>
### Although highly unlikely, your host may have +FollowSymLinks enabled at the root level, yet disallow its addition in .htaccess; in which case, adding +FollowSymLinks will break your setup (probably a 500 error), so just remove it, and your rules should work fine.
###Options +FollowSymlinks
RewriteEngine On
RewriteBase /
###Removes index.php from ExpressionEngine URLs
RewriteCond %{THE_REQUEST} ^GET
RewriteCond %{THE_REQUEST} ^[^/]*/index\.php [NC]
RewriteRule ^index\.php(.+) $1 [R=301,L]
### Add the www
RewriteCond %{HTTP_HOST} ^domain\.com
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=permanent,L]
###each option I try I replace in this block as a reference
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} !^/products/product3
RewriteCond %{REQUEST_URI} !^/products/product1
RewriteCond %{REQUEST_URI} !^/products/product2
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
######
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
###
Also have tried this which results in the same as above:
RewriteCond %{HTTPS} !on
RewriteCond %{HTTP_HOST} !^(domain\.com/products/product1|domain\.com/products/product2|domain\.com/products/product2) [NC]
RewriteRule ^(.*)$ https://www.domain.com/$1 [R,L]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^(domain\.com/products/product1|domain\.com/products/product2|domain\.com/products/product2) [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [R,L]
Tried this alone just to see if would be able to navigate to http://www.domain.com/products/product1 and at least not have it rewrite, but it still rewrites to https
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} !/products/product1 [NC,OR]
RewriteCond %{REQUEST_URI} !/products/product2 [NC,OR]
RewriteCond %{REQUEST_URI} !/products/product3 [NC,OR]
RewriteRule ^(.*)$ https://www.domain.com/$1 [R,L]
Tried this as well, which again still writes those pages to https. Plus if I try to go to http , it rewrites to https and doesn't remove the index.php
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/products/product3
RewriteCond %{REQUEST_URI} !^/products/product1
RewriteCond %{REQUEST_URI} !^/products/product2
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^/products/product3 http://www.domain.com/products/product3 [R=301,QSA,L,NE]
RewriteRule ^/products/product1 http://www.domain.com/products/product1 [R=301,QSA,L,NE]
RewriteRule ^/products/product2 http://www.domain.com/products/product2 [R=301,QSA,L,NE]
I have honestly tried about 10 -15 versions of all this above and still cannot get it. Including adding index.php? to the request_URI in case that it sees that as part of the request_URI before it's removed. I either end up with the page still rewriting to https or redirect loop land.
Am I missing something simple, is something in the wrong order? I'm just at a loss.
thanks for any help.
UPDATE:
Here's what I used to get it to work:
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} (\s/products/product1|\s/products/product2|\s/products/product3) [NC]
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} !\s/products/product1 [NC]
RewriteCond %{THE_REQUEST} !\s/products/product2 [NC]
RewriteCond %{THE_REQUEST} !\s/products/product3 [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Here's how we achieved this on a site with a webcam that was in an iframe that wouldn't work on SSL. This was also an ExpressionEngine site.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#force www instead of non-www
RewriteCond %{HTTP_HOST} ^domain.co.uk
RewriteRule ^(.*)$ http://www.domain.co.uk/$1 [R=301,L]
# HTTP/HTTPS handling
# Force HTTP for webcam page only
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} \s/webcam-page [NC]
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
# Force HTTPS for all pages except webcam
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} !\s/webcam-page [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
# Removes index.php from ExpressionEngine URLs
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?/$1 [L]
</IfModule>
Hi I have been working on this for a while and just know I am doing something stupid but just can not see it. What I want to do is to redirect certain pages so they are always shown using HTTPS and all other pages if they are requested through HTTPS they are redirected as HTTP.
I have done lots of searching around the issue and found accepted answers on Stackoverflow that just did not work for me. So here Is my .htaccess file.
RewriteCond %{HTTPS} on
RewriteCond ${REQUEST_URI} !(finance/enquiryForm)(.*)
RewriteCond ${REQUEST_URI} !(offerentry)(.*)
RewriteRule (.*) http://dev.staging.co.uk/$1 [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule ^(finance/enquiryForm|offerentry)(.*) https://dev.staging.co.uk/$1 [L,R=301]
What is currently happening is that the pages that I want to redirect from https to http work fine but the pages I want to show as HTTPS get a redirect loop and fail. If I comment out the top section the HTTPS pages I do want redirect fine. So how do I get the redirect loop to stop?
EDIT
The full .htaccess file with the codeigniter etc stuff.
Options +FollowSymLinks
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
<Files .*>
Order Deny,Allow
Deny From All
</Files>
#RewriteCond %{HTTPS} on
#RewriteCond ${REQUEST_URI} !/(finance/enquiryForm|offerentry) [NC]
#RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=302,NE]
#RewriteCond %{HTTPS} off
#RewriteCond ${REQUEST_URI} /(finance/enquiryForm|offerentry) [NC]
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302,NE]
# Protect application and system files from being viewed
RewriteRule ^(fuel/install/.+|fuel/crons/.+|fuel/data_backup/.+|fuel/codeigniter/.+|fuel/modules/.+|fuel/application/.+|\.$
# Remove trailing slashes
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} (.*)/$
RewriteCond %{REQUEST_URI} !fuel/.*$
RewriteRule ^(.*)/$ $1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php/$0 [L]
</IfModule>
Options -Indexes
Try these rules based on THE_REQUEST variable:
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} !/(finance/enquiryForm|offerentry) [NC]
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=302,NE]
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} /(finance/enquiryForm|offerentry) [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302,NE]
Test them in Chrome dev tool and see what redirects are you getting.
Try with:
RewriteCond %{HTTPS} on
RewriteCond ${REQUEST_URI} !(finance/enquiryForm|offerentry)
RewriteRule (.*) http://dev.staging.co.uk/$1 [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule (finance/enquiryForm|offerentry) https://dev.staging.co.uk%{REQUEST_URI} [NE,L,R=301]
I am trying to ensure that urls always have www in front of them for canonicalization reasons.
Unfortunately when I put the following url in:
http://website.net/handbags/1/12/this-is-some-text
It redirects me here:
http://www.website.net/?controller=handbags&path=1/12/this-is-some-text
I would like to add it works fine when using:
http://www.website.net/handbags/1/12/this-is-some-text
I want it to redirect me here...
http://www.website.net/handbags/1/12/this-is-some-text
I'm not sure what could be causing this error. Here is my .htaccess file:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# CORE REDIRECT
RewriteRule ^([a-zA-Z]*)/?(.*)?$ index.php?controller=$1&path=$2 [NC,L]
# ENSURE WWW
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^([^.]+\.[a-z]{2,6})$ [NC]
RewriteRule ^(.*)$ http://www.%1/$1 [R=301,L]
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
# ENSURE WWW
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^([^.]+\.[a-z]{7})$ [NC]
RewriteRule ^(.*)$ http://www.%1/$1 [R=301,L]
# CORE REDIRECT
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([a-zA-Z]*)/?(.*)?$ index.php?controller=$1&path=$2 [NC,L]
</IfModule>
You can do what I've done above; however, it's just going to redirect to http://www.website.net/handbags/1/12/this-is-some-text and then it's immediately going to hit the "CORE REDIRECT" rule and send you to http://www.website.net/?controller=handbags&path=1/12/this-is-some-text.
Is there a reason you don't want it to redirect to "?controller=handbags" when they go to www?
UPDATE
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
# ENSURE WWW
Rewritecond %{HTTP_HOST} !^www\.website\.net
RewriteRule ^(.*)$ http://www.website.net/$1 [R=301,L]
# CORE REDIRECT
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([a-zA-Z]*)/?(.*)?$ index.php?controller=$1&path=$2 [NC,L]
</IfModule>
Whenever your # CORE REDIRECT matches, the other rules are not even checked, as the core redirect rule has the Lflag set. That ones tells Apache to stop trying other rules. Remove that flag or change the rule. ;)