I'm trying to use .htaccess to redirect to ssl on login url in laravel.
Login url looks like: four.number.for.ip/auth/login
If I use
RewriteCond %{SERVER_NAME} login
RewriteRule .* https://%{SERVER_NAME} [R=301,L]
It doesnt work. I have tried with
%{HTTPS} !=on
and it works.
And also %{SERVER_NAME} returns ip/auth/login (i'm sure for that, as https!=on works)
I can't see why this won't work.
This should work for you. Let me know how it turns out.
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/auth/login [NC]
RewriteCond %{HTTPS} !^on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Edit to give full rules. It should look something like this.
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/auth/login [NC]
RewriteCond %{HTTPS} !^on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
Related
Good day! There are 3 tasks that I want to implement using the .htaccess file:
Work only with https protocol
Create a 301 redirect from https://www.example.com to https://example.com
Redirect all requests to the index.php file
My best version of .htaccess looks like this, but I'm not sure if this is the right decision:
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP_HOST} .* [NC]
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php
I would be grateful for any advice!
Could you please try following, written as per your shown samples. Please make sure you clear your browser cache before you test your URLs.
RewriteEngine ON
##For applying https on each request.
RewriteCond https !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,NE,L]
##For removing www from request.
RewriteCond %{HTTP_HOST} ^(?:www\.)(.*)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,NE,L]
##For applying index.php for non existing files or directories.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [L]
I created an mvc framework with php. my only working main file is index.php.
Normally I redirect from http to https. I also remove the www domain, but when I enter with www, if my URL is for example
domain.com/admin/products/edit/1,
htaccess does this.
domain.com/index.php/products/edit/1
how can i solve this
Thank you
RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^ index.php [L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www.example.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]
You should have your rules like this way, always keep https redirection rule at very first place only. Please clear your browser cache before testing your URLs(rest of the rules are from OP's tried rules + I have changed regex of matching hostname too here).
RewriteEngine ON
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
RewriteCond %{HTTP_HOST} ^(?:www\.)(example\.com) [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^ index.php [L]
Probably I'm overseeing something very basic, htaccess is not my field of expertise.
My site is https-only, to achieve this, the root folder / contains these lines:
RewriteEngine On
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [R=301,L]
This works just fine. Now we have a new folder called /projects, which contains its own htaccess rules to translate the url in a database query by a file called /projects/project.html
The working htaccess within the folder /projects is:
RewriteEngine On
RewriteBase /projects/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ project.html?project=$1 [QSA,L]
Now I would like to force https connection on this one, because the https rule in the main directory is not applied on /projects if you visit by http://URL directly. Therefore I modified the file to:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://example.com%{REQUEST_URI} [R=301,L,NE]
RewriteBase /projects/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ project.html?project=$1 [QSA,L]
With this, it switches to https, but I keep getting "ERR_TOO_MANY_REDIRECTS".
When I change the lines as #thickguru suggested, like this:
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
It will redirect me to https://example.com/index.html right away.
I fiddled around with the settings, also with the information of this post, however still I can't get it to work.
I just noticed it the variable you are matching against is %{ENV:HTTPS} , so , you can use the following rule in /projects/.htaccess :
RewriteEngine on
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R]
Clear your browser cache or try a diffrent browser to test this.
Use this in your .htaccess:
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://www.example.com%{REQUEST_URI} [R=301,L,NE]
Also, place this above your your other RewriteRule, so that your .htaccess will look like:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://www.example.com%{REQUEST_URI} [R=301,L,NE]
RewriteBase /projecten/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ project.html?project=$1 [QSA,L]
EDIT - Try this:
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Hi I have been working on this for a while and just know I am doing something stupid but just can not see it. What I want to do is to redirect certain pages so they are always shown using HTTPS and all other pages if they are requested through HTTPS they are redirected as HTTP.
I have done lots of searching around the issue and found accepted answers on Stackoverflow that just did not work for me. So here Is my .htaccess file.
RewriteCond %{HTTPS} on
RewriteCond ${REQUEST_URI} !(finance/enquiryForm)(.*)
RewriteCond ${REQUEST_URI} !(offerentry)(.*)
RewriteRule (.*) http://dev.staging.co.uk/$1 [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule ^(finance/enquiryForm|offerentry)(.*) https://dev.staging.co.uk/$1 [L,R=301]
What is currently happening is that the pages that I want to redirect from https to http work fine but the pages I want to show as HTTPS get a redirect loop and fail. If I comment out the top section the HTTPS pages I do want redirect fine. So how do I get the redirect loop to stop?
EDIT
The full .htaccess file with the codeigniter etc stuff.
Options +FollowSymLinks
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
<Files .*>
Order Deny,Allow
Deny From All
</Files>
#RewriteCond %{HTTPS} on
#RewriteCond ${REQUEST_URI} !/(finance/enquiryForm|offerentry) [NC]
#RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=302,NE]
#RewriteCond %{HTTPS} off
#RewriteCond ${REQUEST_URI} /(finance/enquiryForm|offerentry) [NC]
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302,NE]
# Protect application and system files from being viewed
RewriteRule ^(fuel/install/.+|fuel/crons/.+|fuel/data_backup/.+|fuel/codeigniter/.+|fuel/modules/.+|fuel/application/.+|\.$
# Remove trailing slashes
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} (.*)/$
RewriteCond %{REQUEST_URI} !fuel/.*$
RewriteRule ^(.*)/$ $1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php/$0 [L]
</IfModule>
Options -Indexes
Try these rules based on THE_REQUEST variable:
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} !/(finance/enquiryForm|offerentry) [NC]
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=302,NE]
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} /(finance/enquiryForm|offerentry) [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302,NE]
Test them in Chrome dev tool and see what redirects are you getting.
Try with:
RewriteCond %{HTTPS} on
RewriteCond ${REQUEST_URI} !(finance/enquiryForm|offerentry)
RewriteRule (.*) http://dev.staging.co.uk/$1 [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule (finance/enquiryForm|offerentry) https://dev.staging.co.uk%{REQUEST_URI} [NE,L,R=301]
Per: https://exp-resso.com/blog/post/2011/08/securing-your-expressionengine-website-with-https
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond $1 ^(member|account|checkout|system) [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This tells your server “If HTTPS is off, and the request starts with
member OR account OR checkout OR system (not case sensitive), redirect
to https://current-domain/current-page”. It’s a nice simple method of
locking down entire subfolders / template groups.
I've added this to my htaccess file like this:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond $1 ^(sign-in|sign-up) [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
However, when I go to my http://mydomain.com/sign-in, the URL doesn't change to https://mydomain.com/sign-in. Any idea what's wrong?
EDIT 1:
My htaccess also has the following (to remove "www") and I wonder if having both might be causing the problem?
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
EDIT 2:
Process of elimination, it turns out this is causing the problem:
<IfModule mod_rewrite.c>
RewriteEngine On
# Removes index.php from ExpressionEngine URLs
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
</IfModule>
When I comment out the RewriteRule, the https:// is forces. What's causing the conflict?
Try to put (sign-in|sign-up) condition inside RewriteRule:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(sign-in|sign-up)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,NC,R=301]
What about this? (If port == 80 then redirect )
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} member [OR]
RewriteCond %{REQUEST_URI} account [OR]
RewriteCond %{REQUEST_URI} checkout [OR]
RewriteCond %{REQUEST_URI} system
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
First make sure that rewrite works on your server and that the htaccess is read (e.g. by issuing a redirect on every URL).
Then use RewriteCond %{REQUEST_URI} ^/(sign-in|sign-up) instead of RewriteCond $1 ^(sign-in|sign-up) [NC]
It works and is easier to read too
So you htaccess should look like this
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} ^/(sign-in|sign-up) [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]