Force HTTPS on all pages except one - apache

I have a WordPress site that I want fully secured using SSL, with the exception of one page (it has a third party script who will not serve over SSL - let's say it's called /booking/), I also want all URL's redirected to the www version.
I've seen similar answers for the other way around, but not this specific use case.
Is this achievable using .htaccess?
Edit:
Here is my .htaccess file:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# BEGIN Custom
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^00\.00\.00\.00
RewriteRule (.*) https://www.mysite.co.uk/$1 [R=301,L]
RewriteCond %{HTTP_HOST} !^www\. [OR]
RewriteCond %{HTTPS} off
RewriteRule ^((?!online-booking).*) https://www.mysite.co.uk/$1 [NC,L,R,NE]
</IfModule>
# END Custom
*real IP replaced with zeros, this is to redirect the server IP to the actual website.
This code is for the page being at mysite.co.uk/online-booking/


Have it this way:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^00\.00\.00\.00
RewriteRule ^ https://www.mysite.co.uk%{REQUEST_URI} [R=301,L,NE]
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} /online-booking [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ http://www.%1%{REQUEST_URI} [L,R=302,NE]
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} !/online-booking [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,R=302,NE]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=302,NE]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
And make sure to test it after clearing your browser cache.


This should work :
RewriteEngine on
#--Redirect non-www or http requests excluding "/booking" to https--#
RewriteCond %{HTTP_HOST} !^www\. [OR]
RewriteCond %{HTTPS} off
RewriteRule ^((?!booking).*) https://www.example.com/$1 [NC,L,R,NE]

Related

.htaccess http www or non www redirect to https

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
RewriteEngine On
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
This is rules in .htaccess, urls like http://example.com/test, http://www.example.com/test doesn't redirect to https, www redirect to non-https address. http://example.com url redirected properly. What's wrong?

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Rule moved to top and work's properly.

incorrect redirect from http to https

trying to go https, but when I use the following in my .htaccess I get redirect problem error
here is what I have in my .htaccess
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP} on [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} https [OR]
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
#Uncomment lines below when uploading to the live server
RewriteCond %{HTTP_HOST} !^(www\.)example\.com$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^.*$ index.php [QSA,L,NC]
#Uncomment lines below when uploading to the live server
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(www\.)?example.com/.*$ [NC]
RewriteRule \.(gif|jpg|png|tif|js|css|xls|xlsx|zip|rar|pdf|ods|ots)$ - [F]
Please help

Your first rule has many erroneous [OR] conditions and that is causing redirect loop.
Change your first rule to this:
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=302,L,NE]
And test after clearing your browser cache.

apache rewrite rule: http to www doesn't work

I tried to define a apache rewrite-rule to redirect users which type http://mydomain.net to get on my website to www.mydomain.net. So in the .htaccess-file I wrote the following:
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}$1 [R=301,L]
But this doesn't work: when I type mydomain.net I get in my browser
Forbidden
You don't have permission to access / on this server.
When I try the opposite
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^(.*)$ %{HTTP_HOST}/$1 [C]
RewriteRule ^www\.(.*)$ http://$1 [R=301,L]
that works (when I type in www.mydomain.net I get to mydomain.net). Does anybody know why and how to solve the problem?
Here is my .htaccess:
RewriteEngine On
# www to http
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}$1 [R=301,L]
RewriteRule ^typo3$ - [L]
RewriteRule ^typo3/.*$ - [L]
RewriteRule ^uploads/.*$ - [L]
RewriteRule ^fileadmin/.*$ - [L]
RewriteRule ^typo3conf/.*$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
# naechste Zeile auskommentieren,
# wenn .html Endung in RealURL eingestellt ist
RewriteRule (.*[^/])$ http://%{HTTP_HOST}/$1/ [L,R]
RewriteCond %{REQUEST_FILENAME}/index.html -f
RewriteRule / %{REQUEST_URI}/index.html [L]
RewriteCond %{REQUEST_FILENAME}/index.htm -f
RewriteRule / %{REQUEST_URI}/index.htm [L]
RewriteCond %{REQUEST_FILENAME}/index.php -f
RewriteRule / %{REQUEST_URI}/index.php [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule .* /index.php

You should try it this way. You need a forward slash before $1. However I would do it this way so that it won't affect subdomains. Change the condition to check for the TLD instead of the absence of www.
RewriteCond %{HTTP_HOST} ^mydomain.net [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} !\.([a-z-]+\.[a-z]{2,6})$ [NC]
RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Use the above code it should work and to fix the forbidden error bit you will need to add in the following bit of code in apache httpd.conf file :-
<Directory />
Require all granted
</Directory>
You can find more permission about the 403 error on an article I have written here : - http://codenathan.com/apache/you-dont-have-permission-to-access-the-requested-directory

redirection all https requests to http

Small problem here, before changing my site to CMS, I have encountered a problem with redirecting all https:// requests to http://.
I have had the following in my .htaccess, which was doing all that
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://www.mysite.net/$1 [L,R=301]
but after changing it to CMS that requires different setup, I can no longer use the above mentioned code, since it does not do what it was intended to do in the first place.
Here is my current setup from .htaccess
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.*)$ index.php/$1 [QSA,L,NC]
RewriteCond %{HTTP_HOST} !^(www\.)mysite\.net$ [NC]
RewriteRule ^(.*)$ http://www.mysite.net/$1 [L,R=301]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.net/.*$ [NC]
RewriteRule \.(gif|jpg|png|tif|js|css|xls|xlsx|zip|rar|pdf|ods|ots)$ - [F]
Can you please advise me on how to do it all correctly, since I really do not want to double up all site content because of this problem and would rather redirect it all to the one consistent protocol.
thanks in advance

Have your .htaccess like this:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ http://www.mysite.net%{REQUEST_URI} [L,R=301,NE]
RewriteCond %{HTTPS} on [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} https [OR]
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.net/.*$ [NC]
RewriteRule \.(gif|jpg|png|tif|js|css|xls|xlsx|zip|rar|pdf|ods|ots)$ - [F,NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.+)$ index.php/$1 [L]

.htaccess redirect loop when trying to add forced HTTPS rule (Amazon Elastic Beanstalk)

I started receiving this error after trying to incorporate a rule to force HTTPS in the production environment. The BWC_ENV environment variable can have a handful of different values: "prod", "stage", "ben_local", "nam_local", etc.
Here's my .htaccess:
RewriteEngine On
# Force HTTPS
RewriteCond %{HTTPS} !=on
RewriteCond %{ENV:BWC_ENV} ^prod$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Parse the subdomain as a variable we can access in our scripts
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{HTTP_HOST} !^www
RewriteCond %{HTTP_HOST} ^([^\.]+)\.([^\.]+)\.([^\.]+)$
RewriteRule ^(.*)$ /$1?subdomain=%1
# Ditto for the path; map all requests to /index.php
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !robots.txt
RewriteRule ^(.*)$ /index.php?path=$1 [L,QSA]
# robots.txt - supply the correct one for each environment
RewriteRule ^robots.txt$ /robots.prod.txt [NC]
RewriteCond %{ENV:BWC_ENV} !prod
RewriteRule ^robots.prod.txt$ /robots.stage.txt [NC]
Edit
What's more, if my .htaccess only contains the following, this will cause a redirect loop too. Why could this be?
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

It turns out this is an Amazon Elastic Load Balancer thing. You have to use Amazon's X-Forwarded-Proto header to accomplish this:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

You have L flag missing in few rules. Type changing your code to this:
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
# Force HTTPS
RewriteCond %{HTTPS} !=on
RewriteCond %{ENV:BWC_ENV} ^prod$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Parse the subdomain as a variable we can access in our scripts
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{QUERY_STRING} !^$
RewriteCond %{HTTP_HOST} !^www
RewriteCond %{HTTP_HOST} ^([^.]+)\.[^.]+\.[^.]+$
RewriteRule ^(.*)$ /$1?subdomain=%1 [L,QSA]
# Ditto for the path; map all requests to /index.php
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !robots.txt
RewriteRule ^(.*)$ /index.php?path=$1 [L,QSA]
# robots.txt - supply the correct one for each environment
RewriteRule ^robots.txt$ /robots.prod.txt [L,NC]
RewriteCond %{ENV:BWC_ENV} !prod
RewriteRule ^robots.prod.txt$ /robots.stage.txt [NC,L]