I'm trying to force https with a system that uses basic authentication in the URL but when I add the following lines to the apache configuration files:
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R]
the results are 302 errors.
If someone types as the URL:
http://username:password#example.com/api_name.php
Based on the access log, I think the redirect is going to:
https:example.com/api_name.php
What I want is it to redirect to:
https://username:password#example.com/api_name.php
But I also want:
http://example.com/api_name.php
to correctly redirect to:
https://example.com/api_name.php
and not:
http://:#example.com/api_name.php
URL's without credentials contained within the string are working fine and redirect correctly.
How would I make this work?
Related
CakePHP Version: 3.6
I created a project with 3 route prefixes: admin, vendor and customer.
On my local machine it is working fine, all the prefixes are working fine. I moved my project to a remote Linux server and it was working fine at first. Once I added an SSL certificate and I access my website like this:
https://subdomain.myproject.com/vendor
It does not work. The browser keeps loading, and after some time it shows This site can’t be reached took too long to respond.
If I add a trailing slash it is working fine:
https://subdomain.myproject.com/vendor/
Other than the vendor prefix, the other prefixes are working fine as expected. Is it because CakePHP has a vendor folder or is it because of a server redirection?
Please guide me, how do I redirect http to https? I have added something to .htaccess, but it is also showing a 'too many redirects' issue.
If you have mod_dir enabled in Apache, it should by default automatically redirect your requests to the same URL with a trailing slash. From the Apache documentation:
A "trailing slash" redirect is issued when the server receives a
request for a URL http://servername/foo/dirname where dirname is a
directory. Directories require a trailing slash, so mod_dir issues a
redirect to http://servername/foo/dirname/
It's likely you do have this enabled, but check.
is it because cakephp has vendor folder
The vendor directory should not be publicly accessible in CakePHP, and I wouldn't expect there to be any issue with having a vendor routing prefix.
how to redirect http to https
Your .htaccess should look something like this, to force an HTTPS redirect and ensure CakePHP functions correctly:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# SSL redirect
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Required for CakePHP
RewriteRule ^$ webroot/ [L]
RewriteRule (.*) webroot/$1 [L]
</IfModule>
I am using ZenCart and trying to ensure HTTPS onto my website. I have used the following in my .htaccess
RewriteCond %{HTTPS} off
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
But I still get an infinite redirect error
In ZenCart and the configure files I have tried making both
HTTP_SERVER
HTTPS_SERVER
The HTTPS but it has no affect
I'm unsure how to force people when they enter my website at http://example.com to go to https://example.com as any .htaccess code I use causes an infinite redirect
There are no other redirects set-up and this is the only piece of code in my .htaccess file
you can avoid using .htaccess redirects.
in your zen-cart configure.php files, ensure that the HTTP_SERVER and HTTPS_SERVER are both set to: https://yoursite.com. you can then add the 3 files contained in this PR and it should work fine:
https://github.com/zencart/zencart/pull/1525/files
I know this question has been asked a thousand times, but I cannot seem to find the answer.
We have a website hosted by 123-reg's shared web hosting package (no access to http config files). I have added ssl to the site, and the certificate works when directly requesting using https.
The problem arises when I try to redirect everything from http to https using the .htaccess file.
First I tried the SERVER_PORT variable in the condition:
RewriteEngine On
RewriteBase /
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.co.uk/$1/ [R=301,L]
This does not work as the https redirect request uses port 80 also (I am querying this with 123-reg at the moment). The condition is always met and causes a redirect loop.
Next I tried the HTTPS variable:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://example.co.uk/$1/ [R=301,L]
This condition is always met as the variable is never set to on (and causes a redirect loop). I wonder if this is to do with the port no = 80 for https.
I found two server variables, SSL and HTTP_X_FORWARDED_SSL, which do change from "" to 1, but only when I delete the .htaccess file and directly request http or https.
If I try and use the SSL or HTTP_X_FORWARDED_SSL variables in the RewriteCond condition, it causes a redirect loop.
I cannot see the variables while the redirect loop is happening, so I do not know if they are being changed during the re-direct.
edit:
I have found the answer. I was using:
RewriteCond %{SSL} !1
which should be:
RewriteCond %{ENV:SSL} !1
I've found 2 different code snippets to force https on my website:
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
and
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
I'm sure that they both work (one's from Httpd Wiki and the other's from SSL shopper). Would someone be able to explain the differences in how they perform the redirect?
They just use different Apache variables to make up the URL for redirect.
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
This first rule takes the filename if one is entered such as myfile.php and appends the redirect with it replacing $1 in the redirect so that you get https://somesite.com/myfile.php
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
The 2nd one using %{HTTP_HOST} will grab the information from the http headers instead to make up the URL used to redirect so entering the same url http://somesite.com/myfile.php will be redirected to https://somesite.com/myfile.php
It's just a matter of telling apache what to use for redirection. Either use the server internal name or use the one sent by the browser.
%{SERVER_NAME}
That is a server internal variable in apache and is defined in the server config.
%{HTTP_HOST}
This is the what is sent by the browser in the HTTP request headers. This is client side while the SERVER_NAME if from the server config.
%{REQUEST_URI}
REQUEST_URI is the path component of the requested URI, such as "/index.html". This is a special Apache variable.
There a many ways that have been done to redirect to https and both should work. Your choice.
One TYPO3 installation I have here uses the field alias in the page settings. It does not make use of simulatestatic or realurl. If the alias of a page is to foo, this page is reachable under the following URLs:
/index.php?id=foo
/foo.html
I now want the page to be reachable under an additional URL: /foo, without the .html.
My approach was to simply use mod_rewrite add some rules like this:
RewriteCond %{REQUEST_FILENAME} !index.php$
RewriteCond %{REQUEST_FILENAME} !\.html$
RewriteRule ^([^/]+)$ $1.html [QSA]
My RewriteRules work, they rewrite the URI /foo first to /foo.html and later to /index.php. This does not work, I get a 404 when requesting /foo.
I assume this happens since TYPO3 still gets the info that the original URI was /foo instead of /foo.html, which it doesn't recognize.
How could this be solved, without using realurl or simulatestatic (the side-effects are unwanted), and without using a HTTP redirect (the URL in the browser should be /foo)? Is there something like a server-internal redirect in apache?
If mod_proxy is activated on your server, you could use the proxy flag [P] and write:
RewriteCond %{REQUEST_FILENAME} !\.html$
RewriteRule ^([^/]+)$ /$1.html [QSA,P]
If not, you could write a php file that acts as a proxy (I've done that before for Typo3). cURL oder even a simple file_get_contents() is very handy in this case. Make sure to only load pages from your domain. Redirect your non-.html files to the proxy file that redirects them to the .html-file which is then processed by Typo3.