I have some rules that force any http URL to be rewritten with https
These rules should only apply for a specific HTTP Host (i.e. if the user is accessing the site through a specific subdomain name).
All working good, but now I want to disable the https redirect if the user is accessing a specific URL
e.g.
http://subdomain.domain.com/test/abc.html or http://subdomain.domain.com/test/123456.html
This is my code, but Apache seems to be ignoring my 2nd last line
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^subdomain\.domain\.com [NC]
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/test/
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}
Have your rule like this:
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^subdomain\.domain\.com$ [NC]
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} !\s/+talent/ [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=302]
Better to use %{THE_REQUEST} since THE_REQUEST variable represents original request received by Apache from your browser and it doesn't get overwritten after execution of some rewrite rules.
Related
Currently I redirect all http users (www or non-www) of upscfever.com to http://upscfever.com/upsc-fever/index.html
using
RewriteEngine on
RewriteCond %{HTTP_HOST} ^upscfever\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.upscfever\.com$
RewriteRule ^/?$ "http\:\/\/upscfever\.com\/upsc\-fever\/index\.html" [R=301,L]
Now I want all users to shift to https so I modified as follows:
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^upscfever\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.upscfever\.com$
RewriteRule ^/?$ "https\:\/\/upscfever\.com\/upsc\-fever\/index\.html" [R=301,L]
So that all who type upscfever.com OR www.upscfever.com should go to
https://upscfever.com/upsc-fever/index.html - instead
Plus all links should be https. But its not working I get Page not found.
Your server has to setup the https first, depend on hosting vendor, if your hosting is vps you need to setup https for apache, install cert also.
You can find some instruction like this:
https://manual.seafile.com/deploy/https_with_apache.html
https://www.digicert.com/csr-ssl-installation/apache-openssl.htm
I think you want to make 3 different changes:
Change your .htaccess file to redirect requests to root to your custom index irrespective of the HTTPS or HTTP for the original request
RewriteEngine on
RewriteCond %{HTTP_HOST} ^upscfever\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.upscfever\.com$
RewriteRule ^/?$ "https://%{SERVER_NAME}/upsc-fever/index.html" [R,L]
There is no R=301 part here because I'm not sure it is really wise to make permanent such a redirect to an obscure inner URL.
Redirect all other non-HTTPS requests to HTTPS (preserving the rest of the URL):
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^upscfever\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.upscfever\.com$
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
Making this redirect permanent seems pretty safe.
Change all internal links in all of your HTML pages (or whatever backend generates them) to use protocol-relative // prefix or explicitly https:// instead of current http://. Preserve the protocol for the external links as is.
As for troubleshooting, you may use the Network tab of the Chrome DevTools (F12) to see exact server reply (note: enabling "Preserve log" and "Disable cache" flags is useful in such context)
You can do that using a single rule as follows in your site root .htaccess:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(?:www\.)?upscfever\.com$ [NC]
RewriteRule ^/?$ /upsc-fever/index.html [R=301,L]
This will redirect both http and https URLs.
You may try something like this:
RewriteEngine On
RewriteCond %{HTTP_HOST} !=""
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I hope below code will do the work for you
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://famebooking.net/$1 [R,L]
just simply add above code in .htaccess below authorization header condition is written under RewriteEngine On
Let me know if that helps.
I start reading about a similar topic at this page .htaccess - how to force "www." in a generic way? and the solution was not, well almost what I am looking to do.
The problem : I need the user to be on HTTPS and on WWW to make my application working properly. But if some one click on a html link like:
www.example.com
The user will fall on my website with this :
https://www.www.example.com/
Here is my current .htaccess file.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://www.%{SERVER_NAME}/$1 [R=301,L]
</IfModule>
Is there any way to detect that the user already entered the WWW or is there a best practice to get the result I am looking for?
Thank you.
You are getting this behavior because http -> https rule is adding www\. in target URL without checking if URL is already starting with www.
You should replace both of your rules with this single rule and as a bonus avoid multiple redirects:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L,NE]
I've read through many of the similar requests such as:
Apache rewrite rule - prevent rewritten URL appearing in browser URL bar
But I can't figure out what I'm doing wrong, any help would be much appreciated.
I'm using codeigniter 3 and it's root is at the following location:
https://example.com/api/v1.0
I've set up a basic route and all is working fine with Codeigniter E.g. If I navigate to:
/api/v1.0/index.php/pages/view/about
the appropriate page appears so all seams well. What I really want is for the URL to get rewritten so that when I enter:
/api/v1.0/pages/view/about
it goes to the same page. I've added a htaccess file that rewrites the rule and all works as expected:
Options +FollowSymlinks
RewriteEngine on
RewriteBase /api/v1.0/
RewriteCond $1 !^(index.php|resources|robots.txt)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L,QSA]
The problem is, when I enter the the url:
/api/v1.0/pages/view/about
it goes to the correct page, but the browser URL gets updated to:
/api/v1.0/index.php/pages/view/about
My question is, how can I stop the browser URL from being updated?
Update - my web servers site behind an AWS ELB that acts as the https end point. I have the following in the httpd.conf to ensure that any non 'www' prefixed URLS and any http calls are redirected to https://www
<VirtualHost *:80>
RequestHeader set X-Forwarded-Proto "http"
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{REQUEST_URI} !^/_hostmanager/
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} !^test\. [NC]
RewriteCond %{HTTP_HOST} !^signup\. [NC]
RewriteCond %{REQUEST_URI} !^/_hostmanager/
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
I don't think this rule is causing an issue as its not being invoked, I'm providing the correct prefix and protocol.
Many thanks in advance,
Rob
Check that index.php isn't set for $config['index_page'].
If it is change it to:
$config['index_page'] = '';
OK, after much testing it would appear that my virtual host settings in httpd.conf were causing the issue. If I removed these rules and then the local .htaccess rules worked exactly as expected.
I've removed the local .htaccess rules and added the following to rule to httpd.conf:
RewriteRule ^/api/v1\.0/([A-Za-z0-9-/]+)/?$ /api/v1.0/index\.php/$1 [NC,L,QSA] # Process API Call
My Virtual Host section now looks like this:
RequestHeader set X-Forwarded-Proto "http"
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{REQUEST_URI} !^/_hostmanager/
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} !^test\. [NC]
RewriteCond %{HTTP_HOST} !^signup\. [NC]
RewriteCond %{REQUEST_URI} !^/_hostmanager/
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteRule ^/api/v1\.0/([A-Za-z0-9-/]+)/?$ /api/v1.0/index\.php/$1 [NC,L,QSA] # Process API Call
So now calls to:
/api/v1.0/some/directory
Will get rewritten to this:
/api/v1.0/index.php/some/directory
And this happens without redirecting the browser or affecting the browser URL. What I don't understand is why this is not entering into an infinite loop as I have no rewrite precondition to check for calls to the /api/v1.0/index.php/*
Anybody know why this is no entering into an infinite loop?
I have a htaccess file that forces everything to load a specific https address.
We have two domains, lets say web.no and website.no.
web.no points to website.no, but i have a subdomain dev.web.no that i dont want to redirect to website.no
The rules is
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://website.no/%{REQUEST_URI} [L,R=301]
How do I make an exception for dev.web.no?
You can use:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !=dev.web.no
RewriteRule ^ https://website.no/%{REQUEST_URI} [L,R=301,NE]
I have setup my .htaccess to redirect requests from http ://subdomain.domain.com.tld, http ://www.subdomain.domain.com.tld and http ://domain.com.tld/folder (folder that contains contents of subdomain) to https ://subdomain.domain.com.tld so my single domain SSL certificate setup for subdomain.domain.com.tld is used at all times.
My problem is http ://domain.com.tld also redirects to https ://subdomain.domain.com.tld. How do I stop this?
RewriteOptions inherit
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^subdomain.domain\.com.tld
RewriteRule ^(.*)$ https://subdomain.domain.com.tld/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^folder$ "https\:\/\/subdomain\.domain\.com\.tld\/" [R=301,L]
Thank you.
These rules should replace everything after RewriteEngine on:
RewriteCond %{HTTP_HOST} ^(www\.)?subdomain\.domain\.com\.tld$ [NC]
RewriteRule ^(.*)$ https://subdomain.domain.com.tld$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^domain\.com\.tld$ [NC]
RewriteRule ^folder/?(.*)$ https://subdomain.domain.com.tld$1 [R=301,L]
The first set of rules matches http://subdomain.domain.com.tld and http://www.subdomain.domain.com.tld
The second set matches http://domain.com.tld/folder, but does not match http://domain.com.tld without the "folder" part.
Edit: Corrected typo as noted in comments and escaped dots in RewriteConds.