Redirect HTTPS to HTP on Apache - apache

I have an account with a webhost that uses Apache servers. The webhost's file structure uses subfolders for secondary domains of the primary account domain.
What do I need to add to this .htaccess file to redirect if someone types https:mysubdomain in the browser URL. I want to redirect from https to http, ie. http:mysubdomain.
RewriteEngine on
# Use PHP5.4 as default
AddHandler application/x-httpd-php54 .php
RewriteCond %{HTTP_HOST} ^myseconddomain\.myprimarydomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.myseconddomain\.myprimarydomain\.com$
RewriteRule ^/?$ "http\:\/\/mysedonddomain\.com" [R=301,L]
Edit Update:
Thank you for suggestions. The approach of modifying the .htaccess file for the subdomain in the subfolder didn't work, even after clearing browser cache. What about modifying the .htaccess for the maindomain. I tried this but it didn't work either. Maybe my syntax?
RewriteEngine on
RewriteCond %{HTTP_HOST} ^https:\/\/myseconddomain.com$
RewriteRule ^www.myseonddomain.com/ [R=301,L]
I have spoken at length with the webhost, Hostmonster, and all they could tell me was that the SSL certificate was working "correctly" - even thought it is associating with unrelated domain names that are not supposed to have any certificate. I guess that is what User82217 was saying, there is no other way than to purchase a wildcard SSL?
Edit Update: I tried putting this in the .htaccess of the maindomain and the seconddomain and nothing works to redirect from https to http when the user types https:// in front of mysecondubdomain.com in the URL
RewriteEngine on
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^https
RewriteRule ^.*$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Anybody got any more ideas? Thank you.

To force HTTPs to HTTP then you can use the following in your .htaccess file:
#Force HTTP on everything
RewriteCond %{HTTPS} =on
RewriteRule ^.*$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
You didn't specifiy if you wanted to remove www or not, but on the assumption that you do, you can also remove that by including the following rule:
RewriteCond %{HTTP_HOST} ^www\. [OR]
Therefore checking if www is in the URL or not, so altogether using:
RewriteCond %{HTTP_HOST} ^www\. [OR]
RewriteCond %{HTTPS} =on
RewriteRule ^.*$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Make sure you clear your cache before testing this.

Related

htaccess rewrite from http to https

Currently I redirect all http users (www or non-www) of upscfever.com to http://upscfever.com/upsc-fever/index.html
using
RewriteEngine on
RewriteCond %{HTTP_HOST} ^upscfever\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.upscfever\.com$
RewriteRule ^/?$ "http\:\/\/upscfever\.com\/upsc\-fever\/index\.html" [R=301,L]
Now I want all users to shift to https so I modified as follows:
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^upscfever\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.upscfever\.com$
RewriteRule ^/?$ "https\:\/\/upscfever\.com\/upsc\-fever\/index\.html" [R=301,L]
So that all who type upscfever.com OR www.upscfever.com should go to
https://upscfever.com/upsc-fever/index.html - instead
Plus all links should be https. But its not working I get Page not found.
Your server has to setup the https first, depend on hosting vendor, if your hosting is vps you need to setup https for apache, install cert also.
You can find some instruction like this:
https://manual.seafile.com/deploy/https_with_apache.html
https://www.digicert.com/csr-ssl-installation/apache-openssl.htm
I think you want to make 3 different changes:
Change your .htaccess file to redirect requests to root to your custom index irrespective of the HTTPS or HTTP for the original request
RewriteEngine on
RewriteCond %{HTTP_HOST} ^upscfever\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.upscfever\.com$
RewriteRule ^/?$ "https://%{SERVER_NAME}/upsc-fever/index.html" [R,L]
There is no R=301 part here because I'm not sure it is really wise to make permanent such a redirect to an obscure inner URL.
Redirect all other non-HTTPS requests to HTTPS (preserving the rest of the URL):
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^upscfever\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.upscfever\.com$
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
Making this redirect permanent seems pretty safe.
Change all internal links in all of your HTML pages (or whatever backend generates them) to use protocol-relative // prefix or explicitly https:// instead of current http://. Preserve the protocol for the external links as is.
As for troubleshooting, you may use the Network tab of the Chrome DevTools (F12) to see exact server reply (note: enabling "Preserve log" and "Disable cache" flags is useful in such context)
You can do that using a single rule as follows in your site root .htaccess:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(?:www\.)?upscfever\.com$ [NC]
RewriteRule ^/?$ /upsc-fever/index.html [R=301,L]
This will redirect both http and https URLs.
You may try something like this:
RewriteEngine On
RewriteCond %{HTTP_HOST} !=""
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I hope below code will do the work for you
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://famebooking.net/$1 [R,L]
just simply add above code in .htaccess below authorization header condition is written under RewriteEngine On
Let me know if that helps.

Rewrite subdirectory to https

I have been trying to rewrite a subdirectory from HTTP to HTTPS to no avail. I have looked at other posts and tried to implement the solutions:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} subdirectory
RewriteRule ^(.*)$ https://www.exmaple.com/subdirectory/$1 [R,L]
and also
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(subdirectory/.*)$ https://www.example.com/$1 [R=301,L]
and placing them either on the root directory .htaccess file or the Plesk's Apache and Ngnix settings. But whenever I typed
http://www.example.com/subdirectory/some.html
I will always get
https://www.example.com/subdirectory//subdirectory/some.html
which is of course 404 not found. Any assistance is appreciated.
To force HTTPs for just a single directory then what you can use is:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteCond %{REQUEST_URI} ^\/(subdirectory)
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L,R=301]
RewriteCond %{HTTP:X-Forwarded-SSL} =on
RewriteCond %{REQUEST_URI} !^\/(subdirectory)
RewriteRule (.*) http://%{HTTP_HOST}/$1 [L,R=301]
What is the above doing? The first condition checks if HTTPs is not on, if not, then it will check for the directory /subdirectory/ if found it will force this directory and only this directory to HTTPs.
The second set of rules is basically the opposite, forcing everything to HTTP except for the directory /subdirectory/.
Make sure you clear your cache before testing this.

.htaccess file not redirecting http://www. to https://www

I have made a .htaccess file to redirect all website traffic to https://www..
This is my complete .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
The below redirects work exactly as expected:
http://example.com -> https://www.example.com
https://example.com -> https://www.example.com
https://www.example.com -> https://www.example.com
Except:
http://www.example.com -> http://www.example.com
As shown above, if you go to http://www. it doesn't redirect to the HTTPS version.
Can anyone help me understand why the other redirects are working fine, but that one is not?
Additional Notes: I have looked at a number of posts on StackOverflow, but most of their solutions end in redirect loop errors.
After contacting 123-Reg (my hosting provider), they submitted this solution, which works perfectly:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Basically they have set the script to do two tasks: Change domain to WWW, if it isn't already, THEN change to HTTPS. Also, they used ENV:HTTPS, which is different to what was found in their documentation (ENV:SSL).
Glad to have to this sorted, and maybe this will help out others using 123-Reg Hosting.
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
As you have found, this won't redirect when requesting the canonical hostname (ie. www.example.com) regardless of whether it is HTTP or HTTPS.
You need to change this to something like:
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.com
RewriteRule (.*) https://www.example.com/$1 [R=301,L]
This will trigger a redirect to the canonical URL if HTTPS is "off" or it's not the canonical hostname.
...but most of their solutions end in redirect loop errors.
If you are behind a proxy (eg. CloudFlare) that is managing your SSL cert then this could still result in a redirect loop because the connection between you and the proxy might be HTTP, not HTTPS. This would mean that your server only serves content over HTTP, not HTTPS. If this is the case then there are additional headers that can be checked on the request (eg. X-Forwarded-Proto) or set a "page rule" in the case of CloudFlare (Flexible SSL - free service).
UPDATE#1: 123-Reg provide a help document regarding SSL. It seems they set an SSL environment variable when "the connection is SSL-secured". This would mean that you could potentially do something like the following instead:
RewriteCond %{ENV:SSL} ^$ [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.com
RewriteRule (.*) https://www.example.com/$1 [R=301,L]
This is, however, non-standard and "unique" to 123-Reg. (Aside: The PHP code suggestion in the 123-Reg linked document is not the recommended way to check the environment variable, as this would result in an E_NOTICE if the variable is not set!?)
You should also ensure your browser cache is cleared before testing.
UPDATE#2: To help with debugging... to find out what values are being returned, you could assign some Apache values to environment variables and check the values of these in your server-side script (eg. PHP?). For example:
RewriteCond %{HTTPS} (.*)
RewriteRule ^ - [E=APACHE_HTTPS:%1]
# You don't really need this, but for completeness...
RewriteCond %{ENV:SSL} (.*)
RewriteRule ^ - [E=APACHE_SSL:%1]
RewriteCond %{HTTP:X-Forwarded-Proto} (.*)
RewriteRule ^ - [E=APACHE_PROTO:%1]
Then check the environment variables APACHE_HTTPS, APACHE_SSL and APACHE_PROTO in your server-side script. (eg. in PHP, use the getenv() function.)
After lots of issues with 123 Reg and redirecting all versions of pages to single relevant https page with Wordpress, this is what has worked for me across multiple sites now and has proven effective in terms of SEO. Hope it helps!
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

htaccess redirect if hostname is NOT

I'm running a server with multiple vhosts and phpMyadmin is set up as an alias which can be access via anydomain.com/phpmyadmin. I would like to use an .htaccess redirect rule so that if phpmyadmin is NOT accessed on the server-admin-url, the visitor is redirected to, say, Google.
The correct URL would be: https://server.domain.com:9090/phpmyadmin
Could anyone help me, please?
Thanks!
The easiest way you can do this
RewriteEngine On
RewriteCond %{HTTP_HOST} !^server.domain.com$ [NC]
RewriteRule ^(.*)$ http://www.google.com/$1 [L,R]
Maybe you want also check the port, then use
RewriteCond %{SERVER_PORT} !^9090$ [OR]
RewriteCond %{HTTP_HOST} !^server.domain.com$ [NC]
RewriteRule ^(.*)$ http://www.google.com/$1 [L,R]
Update
Reading again your question I see you're also trying to switch from http to https.
I suggest to add a check if https is off:
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP_HOST} !^server.domain.com$ [NC]
RewriteRule ^(.*)$ http://www.google.com/$1 [L,R]
If your VirtualHost is configured with https you should pay particular attention to how VirtualHost matching works

Force HTTPS and WWW in .htaccess

I start reading about a similar topic at this page .htaccess - how to force "www." in a generic way? and the solution was not, well almost what I am looking to do.
The problem : I need the user to be on HTTPS and on WWW to make my application working properly. But if some one click on a html link like:
www.example.com
The user will fall on my website with this :
https://www.www.example.com/
Here is my current .htaccess file.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://www.%{SERVER_NAME}/$1 [R=301,L]
</IfModule>
Is there any way to detect that the user already entered the WWW or is there a best practice to get the result I am looking for?
Thank you.
You are getting this behavior because http -> https rule is adding www\. in target URL without checking if URL is already starting with www.
You should replace both of your rules with this single rule and as a bonus avoid multiple redirects:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L,NE]