Problems using .htaccess to make some pages secure and some unsecure - apache

I'm using .htaccess to make the membership renewal pages on my Drupal site secure, but I'm having trouble switching back to regular http when the user navigates away from that page. The page that should be secure is:
www.example.com/renew
I want everything else to use http, and I'm trying the following redirects to achieve this:
# Renewal page should be secure. Redirect.
RewriteCond %{HTTPS} off
RewriteRule ^renew$ https://www.example.com/renew [R,L]
# If user leaves the Renewal page, make sure we're no longer secure. Redirect.
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^renew$
RewriteRule (.*) http://www.example.com%{REQUEST_URI} [R,L]
I got the first redirect working fine. When I added the second, unsecure redirect, it breaks the first redirect -- Firefox says there's a redirect loop.
Can you tell me what I'm doing wrong here? Thanks in advance.

%{REQUEST_URI} is a variable that always starts with a /. Due to this, the second condition of the second rule will always be true, as %{REQUEST_URI} will never be equal to ^renew$. To fix this, change that condition to:
RewriteCond %{REQUEST_URI} !^/renew$

Related

How do I redirect all traffic to a new domain except for the home page

So I'm trying to redirect traffic that goes to other pages using htaccess from a domain to a new subdomain but I'd like to keep traffic to the homepage there.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^olddomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.olddomain\.com$
RewriteRule ^/?$ "http\:\/\/newsubdomain\.domain\.com\/" [R=301,L]
This just redirects everything to the new subdomain. That's where I'd like some help, how can I keep the traffic that comes to the homepage on olddmain.com and redirect queries to olddomain/post and have them go to newsubdomain.domain.com/post
Thanks
This just redirects everything to the new subdomain.
No it doesn't. (If everything is being redirected then either something else is doing that or you are seeing a cached redirect.)
The directives as posted actually do the exact opposite of what you're trying to do. These directives only redirect the homepage (ie. requests for the document root).
To redirect everything, except the homepage, you can do something like the following at the top of the .htaccess file:
# Redirect everything except the homepage
RewriteCond %{HTTP_HOST} ^(www\.)?olddomain\.com [NC]
RewriteRule !^$ https://newsubdomain.domain.com%{REQUEST_URI} [R=301,L]
The RewriteRule pattern !^$ matches everything except the root (an empty URL-path).
You will need to clear your browser cache before testing.
Test first with 302 (temporary) redirects to avoid potential caching issues.
Additional notes:
There is no need to backslash-escape colons, slashes and dots in the RewriteRule substitution string (2nd argument) - this is an "ordinary" string, not a regex. (This unnecessary escaping is quite typical of an attempt at using cPanel's "redirect" generation.)
I assume this should be HTTPS, not HTTP?
The two conditions (RewriteCond directives) can be combined into one.

Htaccess Redirect URL with two forward slashes (not double) won't work

I want to redirect from one domain to a new domain. At the same time, the URL structure has changed.
Old: https://www.olddomain.com/parentpage/oldtitle/
New: https://www.newdomain.com/newtitle
This is wordpress, and I placed this code above the Wordpress stuff, as well as tested it here: https://htaccess.madewithlove.be/
I tried this, which doesn't work:
Redirect 301 /parentpage/title https://www.newdomain.com/newtitle
Also, when testing it at https://htaccess.madewithlove.be/, I do have this redirect:
Redirect 301 /parentpage https://www.newdomain.com/parentpage
The tester would skip my preferred redirect above, and use this one, leaving me with this, which does not exist:
https://www.newdomain.com/parentpage/oldtitle
Even when I place the preferred redirect above this one. I need both, unfortunately.
Have also tried the following RewriteRules (not all at the same time)
ReWriteRule https://www.olddomain.com/parentpage/oldtitle/ https://www.newdomain.com/newtitle
ReWriteRule /parentpage/oldtitle/ https://www.newdomain.com/newtitle
ReWriteRule "https://www.olddomain.com/parentpage/oldtitle/" "https://www.newdomain.com/newtitle"
I think it has something to do with that second forward slash separating the parentpage name and page title, but I can't figure out how to fix it.
In RewriteRule it wouldn't match http or https in it, you may try following.
please make sure you clear your browser cache before testing your URLs.
RewriteEngine ON
RewriteCond %{HTTP_HOST} ^(?:www\.)olddomain\.com [NC]
RewriteCond %{REQUEST_URI} ^/parentage/oldtitle/?$ [NC]
RewriteRule ^(.*)$ https://www.newdomain.com/newtitle [R=301,L]

HTTPS Re-direct issue

I'm currently trying to re-direct my users to a https version of the site but only during the booking process and wp-admin sections.
This is the code i'm using courtesy of the answer to this post
RewriteEngine On
# force HTTPS
RewriteCond %{HTTPS} =off
RewriteRule ^(book-on-line|wp-admin) https://test.mysite.com%{REQUEST_URI} [L,R=301]
# force HTTP
RewriteCond %{HTTPS} =on
RewriteRule !^(book-on-line|wp-admin) http://test.mysite.com%{REQUEST_URI} [L,R=301]
The re-direct works fine if I use the first statement ONLY but doesn't work and just redirects to the homepage if i use the second statement.
The reason for the second statement is that when I go to a secure page, then click a link to move back to a non-secure page, the website still retains the HTTPS when it shouldn't.
Any ideas?

.htaccess redirect https url to http

I have a website with some areas that use https, however I'm having problems changing a few https urls to http ones. This is what I need:
change this url url
https://www.domain.com/somefile.php?PossibleGetParameters
to this:
http://www.domain.com/somefile.php?PossibleGetParameters
This is what I have on my .htaccess:
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^(/somefile.php)
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
With this condition all https urls are turned into http, and I only want this particular one to change. Is there any way to fix this?
Sure ... just remove the exclamation mark ! from second condition -- in that position it negates the rule.
The final rule will be:
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} ^/somefile.php
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I've simplified the rule a tiny bit (as you need it for a single URL only).
This rule may not work straight away as modern browsers do cache 301 redirects .. so browser may remember your previous attempts. Therefore clear browser caches and restart it before testing the rule (or try another browser).

Replace one URL with another by using mod_rewrite

Current situation
RewriteRule ^$ /index.php?page=Portal [R=301,L]
When a user comes to the website and goes to the "root" url of the domain (RegExp "^$") he's redirected to /index.php?page=Portal
That's working.
Now we have "index.php?page=Portal" in the google index and we have tons of links to that page on various locations all over the internet.
Intended new situation
We want the portal page to show up on the root url - no redirect. That's no problem... Just remove the redirect:
RewriteRule ^$ /index.php?page=Portal [L]
Now we also want the old url to redirect to the new location, and that's where I fail but can't see why:
RewriteCond %{QUERY_STRING} ^page=Portal$
RewriteRule ^index.php$ http://www.jacatu.de/? [R=301,L]
As soon as I do this I end up in a redirect loop:
(When I change to 302 in .htaccess I see 302 redirects, so the loop really seems to be caused by mod_rewrite)
But why? All rules are marked as last [L] - so I think I can rule out that rule 2 triggers rule 1.
I enabled logging as suggested by Jacek Prucia and in fact it looked like having [L] in the URL doesn't stop execution. Both rules were processed.
I now changed the first rewrite to
RewriteRule ^$ /index.php?page=Portal&int=1 [L]
so that it doesn't match the RewriteCond of the internal rewrite so theoretically my problem is solved. It would be nice to know, though, why it did what it did. :)