I have tried every single thing I've come across to get only 2 specific URLs to redirect to https. NOTHING has worked. Here's what I have right now in .htaccess
RewriteCond %{REQUEST_FILENAME} topdeal(.*)
RewriteCond %{REQUEST_FILENAME} watchstore(.*)
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule .? https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Try this rule with THE_REQUEST variable instead of REQUEST_FILENAME:
RewriteCond %{THE_REQUEST} watchstore|topdeal [NC]
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
You can use the following in your .htaccess file. What the below does is force everything to HTTP except for the directories watchstore and topdeal. Both are forced to HTTPs.
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteCond %{REQUEST_URI} ^\/(watchstore|topdeal)
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L,R=301]
RewriteCond %{HTTP:X-Forwarded-SSL} =on
RewriteCond %{REQUEST_URI} !^\/(watchstore|topdeal)
RewriteRule (.*) http://%{HTTP_HOST}/$1 [L,R=301]
Make sure you clear your cache before testing this.
EDIT:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^\/(watchstore|topdeal)
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^\/(watchstore|topdeal)
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
Related
I have multiple domains on one host, my .htaccess looks like this
RewriteEngine On
RewriteCond %{HTTP_HOST} web1.com$ [NC]
RewriteCond %{REQUEST_URI} !^/web_1/public/.*$
RewriteRule ^(.*)$ /web_1/public/$1 [L]
RewriteCond %{HTTP_HOST} web2.com$ [NC]
RewriteCond %{REQUEST_URI} !^/web_2/public/.*$
RewriteRule ^(.*)$ /web_2/public/$1 [L]
And it works so far. Now I want only web1.com, not web2.com, to redirect to https. How do I have to change the settings? (I am also thankful for tips about how to change my "implementation" so far, I am new to .htaccess and willing to learn more about it)
Try this :
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} web2.com$ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
So , your rules will look like this :
RewriteEngine On
RewriteCond %{HTTP_HOST} web1.com$ [NC]
RewriteCond %{REQUEST_URI} !^/web_1/public/.*$
RewriteRule ^(.*)$ /web_1/public/$1 [L]
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} web2.com$ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R=301]
RewriteCond %{HTTP_HOST} web2.com$ [NC]
RewriteCond %{REQUEST_URI} !^/web_2/public/.*$
RewriteRule ^(.*)$ /web_2/public/$1 [L]
I know its duplicate and there are a lot of answers in google, but nothing works for me, yet.
I'm not strong or even average with apache, but I'd like to exclude one url that starts from /test/ from HTTPS redirect.
//redirect not working
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^\/(/test/)
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
RewriteCond %{HTTP:X-Forwarded-Proto} https
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^\/(/test/)
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
//infinity loop
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteCond %{REQUEST_URI} ^\/(test)
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L,R=301]
RewriteCond %{HTTP:X-Forwarded-SSL} =on
RewriteCond %{REQUEST_URI} !^\/test)
RewriteRule (.*) http://%{HTTP_HOST}/$1 [L,R=301]
//thats my first HTTPS redirect, tried to add RewriteCond to exclude test, but nothing works
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/test/ [NC]
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
I'd appreciate for the help.
Found an answer by myself
# force https:// for all except some selected URLs
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} !/test/ [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# force http:// for selected URLs
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} /test/ [NC]
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I have the following rules on my website:
Force HTTPS on all pages.
Redirect http://user.domain.com to https://www.domain.com/file.php?user=user
The problem I'm having now is that when someone goes to http://user.domain.com , they get redirected to https://user.domain.com , which is then insecure, instead of to https://www.domain.com/file.php?user=user .
How do I fix this?
Here is the .htaccess content:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^(www\.)?domain\.com$ [NC]
RewriteRule ^.*$ - [L]
RewriteCond %{HTTP_HOST} ^(.*?)\.(www\.)?domain\.com$ [NC]
RewriteRule ^.*$ https://www.domain.com/file.php?user_id=%1 [L]
I also tried to change %{HTTP_HOST} to %{HTTPS_HOST} and it ended up with the same problem.
Try with:
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^(www\.)?domain\.com$ [NC]
RewriteRule ^.* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^(.*?)\.(www\.)?domain\.com$ [NC]
RewriteRule ^.*$ https://www.domain.com/file.php?user_id=%1 [L]
You can use these rule:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
RewriteCond %{HTTP_HOST} !^www\.
RewriteCond %{HTTP_HOST} ^([^.]+)\.domain\.com$ [NC]
RewriteRule ^ /file.php?user_id=%1 [L,QSA]
I'm wanting to put https only on payment pages, but it seems that some conflict happens and these rules do not work together:
RewriteCond %{HTTPS} ^off$
RewriteCond %{REQUEST_URI} ^/checkout/
RewriteRule (.*) https://%{HTTP_HOST}/$1 [R,L]
RewriteCond %{HTTPS} ^on$
RewriteCond %{REQUEST_URI} !^/checkout/
RewriteRule (.*) http://%{HTTP_HOST}/$1 [R,L]
.htaccess
RewriteEngine On
RewriteCond %{HTTPS} ^off$
RewriteCond %{REQUEST_URI} ^/checkout/
RewriteRule (.*) https://%{HTTP_HOST}/$1 [R,L]
RewriteCond %{HTTPS} ^on$
RewriteCond %{REQUEST_URI} !^/checkout/
RewriteRule (.*) http://%{HTTP_HOST}/$1 [R,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !server-status
RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]
</IfModule>
Apache version 2.4
I have a client project where I need to force HTTPS for a certain folder and force HTTP for all others. I can sucessfully enforce HTTPS for the folder I desire but then all links back to the rest of the site end up being through HTTPS. I'd like to have a rule which forces requests for anything 'not' in the secure folder to be forced back to HTTP. Here's what I have so far:
RewriteEngine On
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule ^(my) https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1
'my' is the name of the folder that I need to force HTTPS for.
Any ideas?
Update: I also tried:
RewriteEngine On
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
# Force HTTPS for /my
RewriteCond %{HTTPS} !=on
RewriteRule ^(my) https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
# Force HTTP for anything which isn't /my
RewriteCond %{HTTPS} =on
RewriteRule !^my http://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
# Remove index.php from URLs
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1
But instead of requests for /my being forced through HTTPS they now just resolve to http://www.example.com/index.php/my
:?
Ah, of course. The problem lies in the fact that your rewrite ruleset will be reprocessed after it is transformed to index.php following the initial redirect. Using what you currently have, you need to additionally condition the redirections to make sure they don't get applied after the rewrite to /index.php/my.
Something like the following should do:
RewriteEngine On
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
# Force HTTPS for /my
RewriteCond %{HTTPS} !=on
RewriteCond %{THE_REQUEST} ^[A-Z]+\s/my [NC]
RewriteRule ^(my) https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
# Force HTTP for anything which isn't /my
RewriteCond %{HTTPS} =on
RewriteCond %{THE_REQUEST} !^[A-Z]+\s/my [NC]
RewriteRule !^my http://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
# Remove index.php from URLs
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1
Give the following a try, should work for you:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/my
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/my
RewriteRule ^(.*)$ http://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
This is something that works from an old client website and could be adaptable for your purposes:
#If https off and in the cart dir
RewriteCond %{HTTPS} =off [NC]
RewriteCond %{REQUEST_URI} ^/cart/(.*) [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/cart/%1 [R=301,L]
#If https on and not in cart dir
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/cart [NC]
#Above line actually used to read RewriteCond %{REQUEST_URI} !^/cart|media|images|thumbs|css|js [NC]
#to allow js/css/images to be served so there were no mixed ssl messages popping up to visitors
RewriteCond %{REQUEST_FILENAME} !index\.php$ [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]
Replacing cart with my perhaps
Just invert the conditions:
RewriteCond %{HTTPS} =on
RewriteRule !^my http://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]