I have a CI installation in my root domain. SSL certificate is installed and working properly. When I redirect http:// to https://www it redirects to https://www.www (an extra www), that too on some computers and some browsers as users have reported. However, when I remove 'www' from redirection, its all fine. Seems like www is looping. So far, I've digged my code hundred times, and see no sign of redirection from code (I mean addition of extra www). I'm doing it with htaceess. Any help will be highly appreciated. This is my htaccess:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#Force SSL
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R,L]
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
</IfModule>
I'm running it on apache with Centos VPS.
Thank you so much!
The HTTP_HOST is the "target host" part of the request, like: www.mydomain.com.
The REQUEST_URI is generally the path which was given in order to access a certain page; for instance, ‘/folder/index.html’.
In your RewriteRule you say to put 'www.' in front of the requested domainname.
You don't want that, when someone asks for http://www.yourdomain.com.
Without the www. in your RewriteRule someone who requests for http://yourdomain.com gets redirected to https://yourdomain.com
When you want to redirect to https and www you need to add conditions. Look into Apache docs on Canonical host and on questions/4083221/how-to-redirect-all-http-requests-to-https for this solution:
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTPS_HOST} !^www.yourdomain.com$ [NC]
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [L,R=301]
Related
I have an account with a webhost that uses Apache servers. The webhost's file structure uses subfolders for secondary domains of the primary account domain.
What do I need to add to this .htaccess file to redirect if someone types https:mysubdomain in the browser URL. I want to redirect from https to http, ie. http:mysubdomain.
RewriteEngine on
# Use PHP5.4 as default
AddHandler application/x-httpd-php54 .php
RewriteCond %{HTTP_HOST} ^myseconddomain\.myprimarydomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.myseconddomain\.myprimarydomain\.com$
RewriteRule ^/?$ "http\:\/\/mysedonddomain\.com" [R=301,L]
Edit Update:
Thank you for suggestions. The approach of modifying the .htaccess file for the subdomain in the subfolder didn't work, even after clearing browser cache. What about modifying the .htaccess for the maindomain. I tried this but it didn't work either. Maybe my syntax?
RewriteEngine on
RewriteCond %{HTTP_HOST} ^https:\/\/myseconddomain.com$
RewriteRule ^www.myseonddomain.com/ [R=301,L]
I have spoken at length with the webhost, Hostmonster, and all they could tell me was that the SSL certificate was working "correctly" - even thought it is associating with unrelated domain names that are not supposed to have any certificate. I guess that is what User82217 was saying, there is no other way than to purchase a wildcard SSL?
Edit Update: I tried putting this in the .htaccess of the maindomain and the seconddomain and nothing works to redirect from https to http when the user types https:// in front of mysecondubdomain.com in the URL
RewriteEngine on
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^https
RewriteRule ^.*$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Anybody got any more ideas? Thank you.
To force HTTPs to HTTP then you can use the following in your .htaccess file:
#Force HTTP on everything
RewriteCond %{HTTPS} =on
RewriteRule ^.*$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
You didn't specifiy if you wanted to remove www or not, but on the assumption that you do, you can also remove that by including the following rule:
RewriteCond %{HTTP_HOST} ^www\. [OR]
Therefore checking if www is in the URL or not, so altogether using:
RewriteCond %{HTTP_HOST} ^www\. [OR]
RewriteCond %{HTTPS} =on
RewriteRule ^.*$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Make sure you clear your cache before testing this.
I have made a .htaccess file to redirect all website traffic to https://www..
This is my complete .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
The below redirects work exactly as expected:
http://example.com -> https://www.example.com
https://example.com -> https://www.example.com
https://www.example.com -> https://www.example.com
Except:
http://www.example.com -> http://www.example.com
As shown above, if you go to http://www. it doesn't redirect to the HTTPS version.
Can anyone help me understand why the other redirects are working fine, but that one is not?
Additional Notes: I have looked at a number of posts on StackOverflow, but most of their solutions end in redirect loop errors.
After contacting 123-Reg (my hosting provider), they submitted this solution, which works perfectly:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Basically they have set the script to do two tasks: Change domain to WWW, if it isn't already, THEN change to HTTPS. Also, they used ENV:HTTPS, which is different to what was found in their documentation (ENV:SSL).
Glad to have to this sorted, and maybe this will help out others using 123-Reg Hosting.
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
As you have found, this won't redirect when requesting the canonical hostname (ie. www.example.com) regardless of whether it is HTTP or HTTPS.
You need to change this to something like:
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.com
RewriteRule (.*) https://www.example.com/$1 [R=301,L]
This will trigger a redirect to the canonical URL if HTTPS is "off" or it's not the canonical hostname.
...but most of their solutions end in redirect loop errors.
If you are behind a proxy (eg. CloudFlare) that is managing your SSL cert then this could still result in a redirect loop because the connection between you and the proxy might be HTTP, not HTTPS. This would mean that your server only serves content over HTTP, not HTTPS. If this is the case then there are additional headers that can be checked on the request (eg. X-Forwarded-Proto) or set a "page rule" in the case of CloudFlare (Flexible SSL - free service).
UPDATE#1: 123-Reg provide a help document regarding SSL. It seems they set an SSL environment variable when "the connection is SSL-secured". This would mean that you could potentially do something like the following instead:
RewriteCond %{ENV:SSL} ^$ [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.com
RewriteRule (.*) https://www.example.com/$1 [R=301,L]
This is, however, non-standard and "unique" to 123-Reg. (Aside: The PHP code suggestion in the 123-Reg linked document is not the recommended way to check the environment variable, as this would result in an E_NOTICE if the variable is not set!?)
You should also ensure your browser cache is cleared before testing.
UPDATE#2: To help with debugging... to find out what values are being returned, you could assign some Apache values to environment variables and check the values of these in your server-side script (eg. PHP?). For example:
RewriteCond %{HTTPS} (.*)
RewriteRule ^ - [E=APACHE_HTTPS:%1]
# You don't really need this, but for completeness...
RewriteCond %{ENV:SSL} (.*)
RewriteRule ^ - [E=APACHE_SSL:%1]
RewriteCond %{HTTP:X-Forwarded-Proto} (.*)
RewriteRule ^ - [E=APACHE_PROTO:%1]
Then check the environment variables APACHE_HTTPS, APACHE_SSL and APACHE_PROTO in your server-side script. (eg. in PHP, use the getenv() function.)
After lots of issues with 123 Reg and redirecting all versions of pages to single relevant https page with Wordpress, this is what has worked for me across multiple sites now and has proven effective in terms of SEO. Hope it helps!
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I have a forum and a website which were located in / (root) and /website/. Now, I moved my forum to /forum/ in order to organize the web server better and to be actually able to find something when needed.
What I want to do is somehow redirect requests like
www.mywebsite.com
http://mywebsite.com/
http://www.mywebsite.com/
to /website/ and any request made to my base url but followed by a page (www.mywebsite.com/index.php as an example) to my /forum subfolder.
Is that even possible to do en-mase ? Or can I least redirect if I match a specific file ?
Rule that redirects requests to base url over to my website folder that I have in my .htacces already.
RewriteCond %{HTTP_HOST} ^domain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.domain.com$
RewriteRule ^/?$ "http\:\/\/www.domain\.com\/website_folder\/" [R=301,L]
Thank you for your help.
You can use this code in your DOCUMENT_ROOT/.htaccess file:
RewriteEngine On
RewriteRule ^/?$ /website_root/ [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^((?!(?:website_root|forum)/).+)$ /forum/$1 [L,NC]
I have been searching this but could not find the answer. I might have missed something here. Basically I have two applications under one CI installation. Each of the app will have their own subdomain. So for example http://foo.example.com/ which will redirect to http://example.com/foo and http://bar.example.com/ which will redirect to http://example.com/bar. The http://example.com/ itself will be some kind of a landing page.
The redirect part is working fine. But it keeps changing the URL from http://foo.example.com/ to http://example.com/foo, which I want to prevent. I have read a solution to use a [P] instead of [L] flag, but that will require me to enable proxy.
Is there any other option for me to do this other than enabling proxy?
Currently my htaccess file is as below:
RewriteEngine On
RewriteBase /
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
# The line for subdomain
RewriteCond %{HTTP_HOST} ^(.*)\.example\.com
RewriteRule ^(.*)$ http://example.com/%1/$1 [L,NC,QSA]
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
# Submitted by: ElliotHaughin
ErrorDocument 404 /index.php
Thank you very much for the response.
I am trying to get SSL working for my site on a LAMP server. When I type any page address on the site as https://www.example.com it gets redirected to http://www.example.com.
I think the SSL would work (or at least I could get it to) if I could get the server to go through HTTPS but it just refuses, and always changes to HTTP. The site utilises Joomla! but I am pretty sure it's not relevant, as:
I have another almost identical Joomla! site on the same server, and SSL works successfully.
SSL certificate has been checked and is valid and installed correctly.
There are no PHP redirects.
There are no .htaccess redirects directly pertaining to HTTP/S, etc.
.htaccess
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F]
RewriteRule ^order/payment(/?.*)$ /payment [R=301,L]
RewriteRule ^order/complete$ /index.php?option=com_cake&task=orders&id=complete [L]
RewriteRule ^order2$ /index.php?option=com_cake&task=orders&id=index [L]
RewriteRule ^order/2$ /index.php?option=com_cake&task=orders&id=index [L]
RewriteRule ^payment/(.+)$ /index.php?option=com_cake&task=payments&id=$1 [L]
RewriteRule ^admin/(.+)$ /index.php?option=com_cake&task=admin&id=$1 [L]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_URI} !^/index\.php
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [L]
So why is the site redirecting? Any ideas?
For anyone who knows Joomla! I tried installing this plugin http://www.yireo.com/software/joomla-extensions/ssl-redirect and tried enabling the 'Secure' option on my home page and it doesn't work. I assume this is because it probably is working but the server is redirecting to HTTP again, for some unknown reason.
The easy way to rule out any Joomla configuration issues is to upload an empty file in to the root directory. Call it ssltest.html, then access that file using https. If it still redirects then you have a server/certificate installation issue and your host needs to check it out.
TRY
RewriteEngine on
Options +FollowSymLinks
# Rewrite to https
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA]
If you have the Joomla Force SSL option in global configuration set and it's not working would you please report it as a bug?