Even after trying several solutions, I'm trying to force HTTPS redirect on my website via the following configuration in the site's .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
However, it's resulting in the error of too many redirects. I came to suspect this may be either because of the the HTTPS flag not being set or port number not switching to 443 on specifying https in the browser - as on outputting the port number via PHP, i.e, $_SERVER['SERVER_PORT'] it still shows 80. My .conf files were set up according to what I came across on what seemed to be reliable sources.
Any insights into how I can get this resolved would be appreciated.
Apache foundation suggests to avoid using mod_rewrite for this type of problem when possible.
You should use mod_alias Redirect directive instead.
<VirtualHost *:80>
ServerName www.example.com
Redirect "/" "https://www.example.com/"
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
# ... SSL configuration goes here
</VirtualHost>
However, in cases where You are limited to .htaccess only and cannot alter vhost/main configuration files, You can do this:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
Related
I want to redirect all incoming urls to my website to a single url for canonicalization purposes.
Following redirect conditions should meet
http://example.com-> https://www.example.com
http://www.example.com -> https://www.example.com
https://example.com -> https://www.example.com
www.example.com -> https://www.example.com
My current Rewrite rules written in httpd.conf look as follows
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.example.com%{REQUEST_URI} [R=301,L,NE]
With the above rules I am able to achieve 1st,2nd and 4th rule but 3rd doesn't work for me.
Any suggestions are welcome.
The definition for HTTPS and HTTP version of your site must (?) appear under different virtualhost entries (unless you are using some proxy in front of httpd).
This makes it easy to end up with differences between the configs in the two virtualhosts. Make sure the config for the redirect is the same in both virtualhosts for port 80 and port 443
The easiest way to do this is to make use of an Include statement and reference a common file in the two virtualhost definitions
For instance put these rewrites in a file base-rewrite.inc in the root config dorectory (/etc/apache2/base-rewrite.inc in debian/ubuntu; /etc/httpd/base-rewrite.inc in Redhat):
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.example.com%{REQUEST_URI} [R=301,L,NE]
Then in your virtual hosts definition, Include this file:
<VirtualHost *:80>
# HTTP default virtualhost
ServerName www.example.com
DocumentRoot /var/www/html/
Include base-rewrite.inc
</VirtualHost>
<VirtualHost *:443>
# HTTPS default virtualhost
ServerName www.example.com
DocumentRoot /var/www/html/
# An example SSL config, but use your certificate files
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
Include base-rewrite.inc
</VirtualHost>
This will keep the rewrites consistent and make it easy to maintain and change them all at once
If you're talking about canonicalization for SEO purposes then you should also add this meta tag to the head section of your web pages:
<link rel="canonical" href="https://www.example.com/" />
What this does is tell search engines that whatever url was used to reach this page, this is the preferred url and the one that should be indexed.
I am running an apache webserver on a linux EC2 instance.
The problem is that you can access the server using the IP address, DNS and the domain name. This causes a problem for SEO and I want to tidy it up.
I have read on the apache documentation that you can do a mod_rewrite and this needs to be done in the httpd.conf if you have root access otherwise in the .htaccess for per directory override.
I have root access so I am trying to change the httpd.conf
If the user types in
http://52.17.12.123/
or
http://ec2-52.17.12.123.eu-west-1.compute.amazonaws.com/
I want them to be redirected to
www.example.com
This is what I tried
<VirtualHost *:80>
DocumentRoot "/var/www/html/my-website"
# Other directives here
RewriteEngine On
RewriteCond %{HTTP_HOST} !^52.17.12.123.com$
RewriteRule /* http://www.example.com/ [R]
</VirtualHost>
It seems to partially work but www.example.com does not load due to to many redirects.
--EDIT--
Thanks, so now in my httpd.conf I now have the following configuration
Listen 80
NameVirtualHost *:80
DocumentRoot "/var/www/html/my-website"
RewriteEngine On
RewriteCond %{HTTP_HOST} !^(www\.example\.com)$ [NC]
RewriteRule ^/(.*)$ http://www.example.com [R=301,L]
It is all working correctly now
It seems to partially work.
I doubt, considering the rule you currently have in your httpd.conf.
You can have it this way
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteRule ^/(.*)$ http://www.example.com/$1 [R=301,L]
I want my users who type login.abcde.com to be redirected to https://client1.abcde.com and BLOCK all other HTTP URLs. So if someone types http://client1.abcde.com/thispage/isawesome.html, it will show some error message or a 404. So far I tried to add the following to my httpd.conf, but no success. I keep getting the Apache page saying: This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the web server installed at this site is working properly, but has not yet been configured.
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^client1.abcde.com$ https://client1.abcde.com [L,R=301]
I am using Apache by the way, with WSGI. My virtualhost for port 80 is basically just:
<VirtualHost *:80>
ServerAdmin abisson#abcde.com
DocumentRoot /srv/www/abcde/html
ErrorLog "logs/error_log"
CustomLog "logs/access_log" common
</VirtualHost>
Since no one else has replied yet I will give it a try, it's untested but maybe it will give you some ideas on how to proceed. Maybe this could work:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^login\.abcde\.com
RewriteCond %{REQUEST_URI} ^\/$
RewriteRule ^/(.+)$ https://client1.abcde.com/$1 [L,R]
RewriteCond %{HTTP_HOST} ^login\.abcde\.com
RewriteCond ${HTTPS} !=on
RewriteRule ^/(.+)$ [F]
Also it looks like in your case you have ^client1.abcde.com$ instead of ^login.abcde.com$ in your RewriteRule, not sure if changing it will make your solution work.
Maybe you could do the redirect in the VirtualHost as described in this RedirectSSL wiki page?
I am trying to always redirect people to
https://www.somedomain.com/URL
when they come in on a non secure port. This is because my SSL is for this url.
When someone goes to http://www.somedomain.com they get sent to
http://www.www.somedomain.com
Here is the htaccess rewrite that i am trying:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI}
Edit:
I am using a cPanel server, so making additional hosts is not going to work.
I am trying to always redirect people to https://www.somedomain.com/URL
I think this is all you need:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://www.somedomain.com/$1 [R=301,L,NC]
You'll want to not unconditionally add the www, if it already exists.
See: Prepend 'www' to an HTTPS url using .htaccess & mod_rewrite
Note that mod_rewrite is not the preferred way to do that. Using virtualhosts it's simpler. Just put this configuration (Source: apache wiki):
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.somedomain.com
Redirect permanent /secure https://www.somedomain.com
</VirtualHost>
<VirtualHost _default_:443>
ServerName www.somedomain.com
DocumentRoot /usr/local/apache2/htdocs
SSLEngine On
# etc...
</VirtualHost>
I want my apache to always force people to use https and to map IP based look ups to be forwarded to the server name. The following settings (in httpd.conf file) take care of the http to https redirect:
<Location />
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://my_server.example.com%{REQUEST_URI}
</Location>
But now I also want that if people type 192.168.1.2 they get redirected to my_server.example.com.
To sum up:
http://192.168.1.2/someurl -> https://my_server.example.com/someurl
I've tried several things but either my settings get ignored or I end up in a redirect loop.
any hints?
If you have access to the main config and not just .htaccess, this is something most easily done with separate virtual hosts rather than resorting to the Swiss Army chainsaw that is mod_rewrite.
<VirtualHost *:80>
Redirect permanent / https://my_server.example.com/
</VirtualHost>
<VirtualHost *:443>
Redirect permanent / https://my_server.example.com/
SSLEngine on
</VirtualHost>
<VirtualHost *:443>
ServerName my_server.example.com
SSLEngine on
...real site config...
</VirtualHost>
It's not just numeric IP address access you generally want to redirect to your canonical hostname, but all addresses other than the known-good domains you control. Putting a default virtual host first in the config, that redirects (or serves up nothing) helps avoid certain DNS-based XSS attacks.
I figured out the following solution:
<Location />
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} !^my_server\.example\.com [NC]
RewriteRule (.*) https://my_server.example.com%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://my_server.example.com%{REQUEST_URI}
</Location>
it does exactly what I need.