I have .htaccess 301 redirect for cloud flare but it redirects the main page but not other pages. ex. when you domain.com it redirects to https://domain.com but when you open domain.com/new-page-html, then it does not redirect to https:
Below is the code:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Thanks in advance
I think you are better off doing a redirect in CloudFlare as a "Page Rule". That way your traffic is redirected before it arrives your server. They have a special rule for you to do http -> https redirection.
See: How do I redirect all visitors to HTTPS/SSL? on CloudFlare
Update:
CloudFlare has a "Always use HTTPS" switch now. You can setup for http://domain.com/* and flip on the switch and that's it!
Hi I think I have found the solution. Go to cloudflare > page rules
Just add domain.com/* (with slash and star) and then turn on use " http always "
It will redirect all the URls
domain.com/1.html
domain.com/etc
Special thanks to william who helped me finding the solution.
Rather than an .htaccess 301 you should probably create the following CloudFlare Page Rule:
If the URL matches - http://domain.com
CLICK "+ A Setting" and select "Always Use HTTPS"
Make sure the ORDER is set to FIRST (optional but recommended)
CLICK Save and Deploy
You can find some helpful video tutorials for this and other popular rules at:
https://www.cloudflare.com/features-page-rules/
Related
I have some strange issue related to the redirect loop appearing.
For example, my website begin with https://www in the WordPress website general setting I have the same address that is begin with: https://www
also in this file 000-default.conf (folder site enabled) I have those lines:
RewriteEngine on
RewriteCond %{SERVERNAME} =www.test.org [OR]
RewriteCond %{SERVERNAME} =test.org
RewriteRule ^ https://%{SERVERNAME}%{REQUESTURI} [END,NE,R=permanent]
and in the .httaces file, I have nothing.
But when I enter to the browser website that begins with this one http://www I have those redirect chains:
http://www 301 redirect to https:// 301 redirect to https://www
Somebody could help how to avoid the second unnecessary chain element in order to get the redirect from http://www directly here: https://www
The best option is to set-up redirect from all those options:
http://www.
http://
https://
to https://www.
I find a solution - to use this code:
RewriteEngine on
RewriteCond %{SERVERNAME} =www.test.org [OR]
RewriteCond %{SERVERNAME} =test.org
RewriteRule ^ https://www.%1%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
So i checked all redirect scenario:
http://www.test.org/ - redirect here https://www.test.org/
http://test.org/ - redirect here https://www.test.org/
https://test.org/ - don`t redirect here https://www.test.org/
https://www.test.org/ - is ok
So as you see this url: https://test.org/ don`t redirect here: https://www.test.org/
Also actually I don`t know related it to this code or not, but also I use the special redirection plugin called "Redirection" for WordPress - I set-upped 301 redirect from the / - main page to another website.
And interesting thing - when I delete this redirect via redirection plugin all seems that works well and all redirection scenaria works well, but when I use the redirection plugin only this one scenario:
https://test.org/ - don`t redirect here https://www.test.org/
don`t work.
Tell, please should we customize the code that I provided or the problem in this "Redirection" plugin and could you help with this issue?
Many thanks
checked the Forum but could not find an ideal answer. I have recently installed a SSL Certificate on my site and in the process of creating 301 redirects via the .htaccess file for nearly 400 page urls (to keep Google happy). I thought of using;
redirect 301 /contact.php https://www.mydomainname.co.uk/contact.php
but it breaks the site. The only solution I have seen is;
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^contact\.php$ https://www.mydomainname.co.uk/contact.php [L,R=301]
The above seems a lot of code to use for each of the 400 pages! is there a quicker way with less code I can use in the .htaccess file?
Many thanks. Hope someone can advise.
There are two basic ways of redirecting pages with Apache: Redirect (of mod_alias) and RewriteRule etc. (of mod_rewrite).
Redirect is very simple: it will just redirect a single URL to another. It can be useful sometimes, but it's usefulness is limited to its simplicity: in the case of HTTP-to-HTTPS redirection, it can't differentiate between HTTP and HTTPS connections, so it will just try to redirect to HTTPS even if you're already on HTTPS (and thus you end up in an infinite redirect loop).
RewriteRule, on the other hand, is more advanced and flexible. You can use RewriteCond to conditionally redirect requests; in your case, you'd want to redirect requests only if they're on a HTTP connection.
As you mentioned, you want to redirect to HTTPS for many (I presume all) requests; you can easily do this with only a single rule:
# Enable rewrites
RewriteEngine on
# Only run next RewriteRule on HTTP connections (not HTTPS)
RewriteCond ${HTTPS} off
# Redirect any page to the same URL with https:// schema
RewriteRule (.*) https://${SERVER_NAME}/$1 [L,R=301]
(The ${SERVER_NAME} variable will automatically be equal to your domain name, so you can even use this on web servers with multiple domain names.)
This is a follow-up question to .htaccess redirect all pages to new domain and How to 301 redirect all pages to the same pages on new domain.
Specifically, how are the following solutions different?
RewriteRule Solution:
RewriteEngine on
RewriteRule ^(.*)$ http://newdomain.com/$1 [R=301,L]
Redirect Solution:
Redirect 301 / http://newdomain.com/
It's a server redirect vs. a browser redirect. In the first case internal redirect will be made and a browser will receive a response from the target server.
In the second case a browser will be served with a 301 code (moved permanently) and a Location header with a new URL, at which point it'll need to make a second request to the target server.
You can see the difference yourself, e.g. by installing "Live HTTP Headers" plugin in Firefox and checking all requests that your browser receives.
So I have my site, www.domain.com.
For a week or so I want to direct all traffic going direct to the site to subdomain.domain.com, a little promo page about an upcoming feature. I want visitors to then be able to continue to the site as normal though after they've read it, so a continue to www.domain.com/index.php link.
How can I do that with in the htaccess file? Everything I've tried so far messes up when clicking the continue link.
Thanks
with .htaccess you could use a 302 temporary redirect, but it would be for a whole sub folder as far as I know.
Another way would be to redirect with JS/server site language to the subdomain, create a cookie, then redirect back to www.domain.com/index.php .
the 302 redirect is explained here: How do I redirect my site using a .htaccess file?
You would need to have a .htaccess for the root folder point to your subdomain
Note that this is only possible if you enable mod_proxy in the Apache config of domain.com otherwise URL will change after redirect.
Enable mod_proxy, mod_rewrite and .htaccess through httpd.conf and then put this code in your .htaccess under DOCUMENT_ROOT directory:
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?domain\.com$ [NC]
RewriteRule ^index\.php$ http://subdomain.domain.com/ [L,NC,P]
I am trying to redirect incoming requests to https://www.domain.com/ and all https://www.domain.com/{all pages} and having little trouble. Methods I tried:
Adding this line: Redirect permanent / https://www.domain.com/ to my httpd.conf is causing too many redirect
Using .htaccess to redirect with mod_rewrite is ending in 302 Moved page with a broken link.
What I want is:
Redirect all requests to https://www.domain.com/, including http://www.domain.com/signup and pages like that to https version
I've searched many threads on this but they don't seem to apply to my setup. How should I approach this?
There's a distinct problem with this approach - if you do a automatic non-SSL redirect to an SSL webpage, you lose the security that SSL should provide. i.e. If someone can MITM your non-SSL web server, they can redirect to their own valid SSL server (with a real certificate), and the browser won't know the difference.
i.e. http://www.example.com redirects to https://www.example.com, can be subverted by a man in the middle attack where fake http://www.example.com redirects to https://i-will-steal-your-credit-card.com, and as long as i-will-steal-your-creditcard.com has a valid certificate, the browser won't alert the user that anything is awry, the user will see the little lock icon and think everything's cool and start putting in credit card numbers.
It's a better practice to have a page that explains that what they really want is the SSL version of the URL and a clickable link. Of course, bad-guy could do the same exact thing, but paranoid people always verify the link they're clicking actually links to what it says.
Granted, most people aren't paranoid and will be grumpy about the extra step - so if you have any marketing people making decisions about this upstream from you - odds are you'll end up doing it http->https automatic redirect. This is because Marketing and customers usually don't understand SSL.
It goes like:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Source: http://systembash.com/content/force-https-ssl-access-url-apache/
RewriteEngine On
RewriteCond %{HTTPS} Off
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]
Notice the $1 which appends the path information