I have two domains, DomainA and DomainB - they are hosted separately.
DomainB is secure with SSL, while DomainA is not. I want that if a user enters http://DomainA.com/donation he will see the content of the secured https://DomainB.com without any redirects. I figured that maybe Redirect rule will do the trick (I searched both Google and Stackoverflow, with no luck)
I wrote the following RewriteRule in DomainA .htaccess
RewriteCond %{HTTP_HOST} ^DomainA.com/donation
RewriteRule ^(.*) https://DomainB.com/$1 [P]
My question is - The SSL of DomainB will still work? Let's say a user will enter DomainA.com/donation, what will he see? the secured content of DomainB with the certificate as usual? If not, it means that the only way to keep DomainB certificate is to redirect the whole page of DomainA using [R=301] ?
I can't check it live due to the request of my client.
SSL is also provided to prevent precisely this sort of thing. So I hope this is not possible.
You can use that in your http://DomainA.com root .htaccess:
RewriteEngine on
RewriteRule ^donation/? https://DomainB.com/ [NC,R=301]
Related
I have a heroku application with a domain from godaddy.
My site is built with node and express.
My website is www.juanitacalendar.de and I want it to always redirect to HTTPS (no matter if the users types the www or not).
Should I handle this within Heroku? Within node/express? In my index.html?
I've read in another answer that I'm suppose to use this code that has to do with apache. I am clueless on where to put this piece of code though.
RewriteEngine On
RewriteCond %{HTTPS} !^on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
There are many ways you could achieve this.
In your situation, it looks like you can get Node/Express.js to redirect for you. See this answer for more information: Heroku NodeJS http to https ssl forced redirect.
checked the Forum but could not find an ideal answer. I have recently installed a SSL Certificate on my site and in the process of creating 301 redirects via the .htaccess file for nearly 400 page urls (to keep Google happy). I thought of using;
redirect 301 /contact.php https://www.mydomainname.co.uk/contact.php
but it breaks the site. The only solution I have seen is;
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^contact\.php$ https://www.mydomainname.co.uk/contact.php [L,R=301]
The above seems a lot of code to use for each of the 400 pages! is there a quicker way with less code I can use in the .htaccess file?
Many thanks. Hope someone can advise.
There are two basic ways of redirecting pages with Apache: Redirect (of mod_alias) and RewriteRule etc. (of mod_rewrite).
Redirect is very simple: it will just redirect a single URL to another. It can be useful sometimes, but it's usefulness is limited to its simplicity: in the case of HTTP-to-HTTPS redirection, it can't differentiate between HTTP and HTTPS connections, so it will just try to redirect to HTTPS even if you're already on HTTPS (and thus you end up in an infinite redirect loop).
RewriteRule, on the other hand, is more advanced and flexible. You can use RewriteCond to conditionally redirect requests; in your case, you'd want to redirect requests only if they're on a HTTP connection.
As you mentioned, you want to redirect to HTTPS for many (I presume all) requests; you can easily do this with only a single rule:
# Enable rewrites
RewriteEngine on
# Only run next RewriteRule on HTTP connections (not HTTPS)
RewriteCond ${HTTPS} off
# Redirect any page to the same URL with https:// schema
RewriteRule (.*) https://${SERVER_NAME}/$1 [L,R=301]
(The ${SERVER_NAME} variable will automatically be equal to your domain name, so you can even use this on web servers with multiple domain names.)
I have a weird issue where Google is indexing several of my site's pages as 'www.w.example.com' which is causing issues with my security certificate.
While I'm looking for a solution, I'd like to redirect this using .htaccess but I can't seem to get it to work.
Currently I have:
RewriteRule ^(.*)www\.w\.(.*)$/$ https://www.$1/$2 [R=301,L]
But it doesn't seem to work..
I have multiple domains for this site so ideally it needs to redirect to the correct domain e.g. https://www.example1.com or https://www.example2.com
It is a bad SEO practice to have the same content available on more than 1 URLs.
You need to decide on the best URL you would like to use and then do a 301 redirect of the others to it.
You need to use a RewriteCond for matching host name:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.w\.(.+) [NC]
RewriteRule ^ http://www.%1%{REQUEST_URI} [R=301,L,NE]
However you might still get SSL cert warning because cert negotiation happens before mod_rewrite rules are invoked.
Please help me with the htaccess. I tried to create a rule whereby a user visiting a particular web page is automatically redirected to another page on the site, but if I visit it page, this rule does not work for me (for a specific IP address).
LiteSpeed installed on the server, and I think fits the rule for Apache (correct if I'm wrong, I just do not understand the server software).
Sorry for bad english.
This is a 302-Moved Temporarily redirection.
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REMOTE_HOST} !^xxx\.xxx\.xxx\.xxx
RewriteRule \.html$ /anotherPage.html [R=302,L]
where xxx.xxx.xxx.xxx is your ip and anotherPage.html is the redirection page.
I am trying to redirect incoming requests to https://www.domain.com/ and all https://www.domain.com/{all pages} and having little trouble. Methods I tried:
Adding this line: Redirect permanent / https://www.domain.com/ to my httpd.conf is causing too many redirect
Using .htaccess to redirect with mod_rewrite is ending in 302 Moved page with a broken link.
What I want is:
Redirect all requests to https://www.domain.com/, including http://www.domain.com/signup and pages like that to https version
I've searched many threads on this but they don't seem to apply to my setup. How should I approach this?
There's a distinct problem with this approach - if you do a automatic non-SSL redirect to an SSL webpage, you lose the security that SSL should provide. i.e. If someone can MITM your non-SSL web server, they can redirect to their own valid SSL server (with a real certificate), and the browser won't know the difference.
i.e. http://www.example.com redirects to https://www.example.com, can be subverted by a man in the middle attack where fake http://www.example.com redirects to https://i-will-steal-your-credit-card.com, and as long as i-will-steal-your-creditcard.com has a valid certificate, the browser won't alert the user that anything is awry, the user will see the little lock icon and think everything's cool and start putting in credit card numbers.
It's a better practice to have a page that explains that what they really want is the SSL version of the URL and a clickable link. Of course, bad-guy could do the same exact thing, but paranoid people always verify the link they're clicking actually links to what it says.
Granted, most people aren't paranoid and will be grumpy about the extra step - so if you have any marketing people making decisions about this upstream from you - odds are you'll end up doing it http->https automatic redirect. This is because Marketing and customers usually don't understand SSL.
It goes like:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Source: http://systembash.com/content/force-https-ssl-access-url-apache/
RewriteEngine On
RewriteCond %{HTTPS} Off
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]
Notice the $1 which appends the path information