I have a purely personal website (Apache2 on Ubuntu), and to prvent outsiders from knowing there is a valid HTTP server at the specified domain, it uses with cryptic URLs. For example,
http://somesite.com
will, by design, return HTTP 404 error. But
http://somesite.com/RJv968sr0S860Iq1VfW2P28dqgCTqNUOm51AMuQL
might do something useful. I'm sure it is not a full proof method to deter interlopers, bots and hackers, but its there nevertheless.
Now, in addition to obscuring the URLs, I also use HTTPS for further protection, for which I have Apache rewrite HTTP requests to HTTPS.
RewriteEngine ON
RewriteCond %{REMOTE_ADDR} !192\.168\.
RewriteCond %{REMOTE_ADDR} !127\.0\.0\.1
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI}
And it works exactly as expected.
Unfortunately, it is not terribly sophisticated, and it also rewrites invalid URL requests. For example, the invalid URL http://somesite.com will get rewritten to the equally invalid URL https://somesite.com. But, this kind of rewrite would tip off someone that there is, indeed, some kind of HTTP server attached to the domain name.
I would like to fix my rewrite rules so that Apache will NOT rewrite any invalid URLs. Is this possible? If not with Apache, what about nginx or lighttpd? And if so, how do I make it happen?
Related
How can i direct the search engines from one domain to other domain for better SEO optimization. I want to make 301 redirect from domain.uk to language directory of another domain domain.com/gr
How can to change last line code? Thanks!
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example-old\.uk$ [NC]
RewriteRule ^(.*)$ http://example-new.com/gr [R=301,L]
RewriteCond %{HTTP_HOST} ^example-old\.uk$ [NC]
RewriteRule ^(.*)$ http://example-new.com/gr [R=301,L]
You've not actually stated the problem you are having. However, if you want to redirect to the same URL-path, but with a /gr/ path segment prefix (language code) then you are missing a backreference to the captured URL path (otherwise there's no reason to have the capturing group in the RewriteRule pattern to begin with).
For example:
RewriteRule (.*) http://example-new.com/gr/$1 [R=301,L]
The $1 backreference contains the value captured by the preceding (.*) pattern.
I assume that is what you are looking for:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example-old\.uk$ [NC]
RewriteRule ^ http://example-new.com/gr%{REQUEST_URI} [R=301,END]
It is a good idea to start out with a 302 temporary redirection and only change that to a 301 permanent redirection later, once you are certain everything is correctly set up. That prevents caching issues while trying things out...
In case you receive an internal server error (http status 500) using the rule above then chances are that you operate a very old version of the apache http server. You will see a definite hint to an unsupported [END] flag in your http servers error log file in that case. You can either try to upgrade or use the older [L] flag, it probably will work the same in this situation, though that depends a bit on your setup.
This implementation will work likewise in the http servers host configuration or inside a distributed configuration file (".htaccess" file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a distributed configuration file you need to take care that it's interpretation is enabled at all in the host configuration and that it is located in the host's DOCUMENT_ROOT folder.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using distributed configuration files (".htaccess"). Those distributed configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).
I am attempting to rewrite the URL displayed in a browser to eliminate the https:// portion. Not being familiar with Apache coding, I have tried many different ways of tweaking other code to achieve the result, but without success.
My .htaccess file includes 310 redirect rules, as well as some rewrite conditions, all of which are presently working:
# Force browswer to use SSL, even when referring URL is non-secure
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Catch-all for any potential 404 error (file not found) will
# redirect to the index (/) page
Options +SymLinksIfOwnerMatch
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . / [L,R=301]
Any help on this front is greatly appreciated!
I am attempting to rewrite the URL displayed in a browser to eliminate the https:// portion.
I would be curious to see your "attempts". And why you are wanting to do this?
Basically, you can't.
You have no control over how the browser displays the protocol (ie. https, or http), or any part of the URL for that matter, in the browser's address bar. And any attempt to "rewrite" the URL to remove https:// is only likely to stop your site serving content over SSL - which is not your intention. The only way to change the physical appearance of the URL in the browser's address bar is by changing the physical URL. This is basic browser security - the website should not be able to control this behaviour. You don't want the website to be able to pretend to be something it is not (ie. phishing).
However, some browsers do allow the user to control this behaviour to some extent. For example, Opera will show a more friendly URL by default, omitting the HTTP protocol and even the query string. However, this "friendly" display format can be disabled in settings to instead show the complete "real" URL.
Generally, by default, browsers tend to hide the protocol when serving over plain HTTP and show it only when serving over HTTPS - an additional indication to the user that the site is secure. Any attempt to remove the protocol is only going to disturb user trust.
checked the Forum but could not find an ideal answer. I have recently installed a SSL Certificate on my site and in the process of creating 301 redirects via the .htaccess file for nearly 400 page urls (to keep Google happy). I thought of using;
redirect 301 /contact.php https://www.mydomainname.co.uk/contact.php
but it breaks the site. The only solution I have seen is;
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^contact\.php$ https://www.mydomainname.co.uk/contact.php [L,R=301]
The above seems a lot of code to use for each of the 400 pages! is there a quicker way with less code I can use in the .htaccess file?
Many thanks. Hope someone can advise.
There are two basic ways of redirecting pages with Apache: Redirect (of mod_alias) and RewriteRule etc. (of mod_rewrite).
Redirect is very simple: it will just redirect a single URL to another. It can be useful sometimes, but it's usefulness is limited to its simplicity: in the case of HTTP-to-HTTPS redirection, it can't differentiate between HTTP and HTTPS connections, so it will just try to redirect to HTTPS even if you're already on HTTPS (and thus you end up in an infinite redirect loop).
RewriteRule, on the other hand, is more advanced and flexible. You can use RewriteCond to conditionally redirect requests; in your case, you'd want to redirect requests only if they're on a HTTP connection.
As you mentioned, you want to redirect to HTTPS for many (I presume all) requests; you can easily do this with only a single rule:
# Enable rewrites
RewriteEngine on
# Only run next RewriteRule on HTTP connections (not HTTPS)
RewriteCond ${HTTPS} off
# Redirect any page to the same URL with https:// schema
RewriteRule (.*) https://${SERVER_NAME}/$1 [L,R=301]
(The ${SERVER_NAME} variable will automatically be equal to your domain name, so you can even use this on web servers with multiple domain names.)
I need to have https by default on my site, so I used this .htaccess code to redirect all http traffic to https
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Everything works great, except that website receives many POST requests coming to old http:// address, and POST data is lost when 301 is used. I can NOT stop POST requests from coming to old http:// address because they come from PHP-based scripts (installed on clients' servers), so my only possible options seem to be 307 or 308 redirects (because they keep POST data).
However, redirect 307 is considered as temporary, while I plan to use https permanently, so it doesn't seem to be the best choice? Of course, I can use 308, but this one seems to be "new" and isn't properly supported by all browsers (according to many comments I found on stackoverflow). Maybe someone knows a better rewrite rule to be used in .htaccess?
P.S. I know the best idea is to use 301 redirect and modify scripts to post data to https by default (and I did so already), but it may take a very long time while all clients will update scripts on their servers, that's why another workaround is needed too.
Keep the 301, change your conditions to these:
RewriteCond %{HTTPS} =off
RewriteCond %{REQUEST_METHOD} !=POST
If your clients' legacy scripts use any other method, you will have to change the second condition to include it, e.g.:
RewriteCond %{REQUEST_METHOD} !^(?:POST|PUT)$
Normal requests/crawling will always start with GET or HEAD thus be forced to use https, so subsequent requests will also use it. Make sure all the URLs in your site's content are relative or root-relative.
I have a weird issue where Google is indexing several of my site's pages as 'www.w.example.com' which is causing issues with my security certificate.
While I'm looking for a solution, I'd like to redirect this using .htaccess but I can't seem to get it to work.
Currently I have:
RewriteRule ^(.*)www\.w\.(.*)$/$ https://www.$1/$2 [R=301,L]
But it doesn't seem to work..
I have multiple domains for this site so ideally it needs to redirect to the correct domain e.g. https://www.example1.com or https://www.example2.com
It is a bad SEO practice to have the same content available on more than 1 URLs.
You need to decide on the best URL you would like to use and then do a 301 redirect of the others to it.
You need to use a RewriteCond for matching host name:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.w\.(.+) [NC]
RewriteRule ^ http://www.%1%{REQUEST_URI} [R=301,L,NE]
However you might still get SSL cert warning because cert negotiation happens before mod_rewrite rules are invoked.