.htaccess rewrite rule is also rewriting a different url - apache

I'm using .htaccess to make a couple pages on my site secure -- /renew and /renew-result. I have a script that takes the user's inputs from /renew, sends them offsite to complete something, and then they should be returned to /renew-result. This works without the https rewrite rule, but when I try to implement the rule (see below), instead of returning to /renew-result, the user is redirected to /renew.
Here's the relevant part of my .htaccess file:
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^renew https://www.mydomain.com/renew [R,L]
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^renew\-result https://www.mydomain.com/renew-result [R,L]
Thanks in advance for any assistance.

The problem is that /renew-results matches the URL starting with /renew (this is your first rule). There are few ways to bypass this 'problem'..
First (the longest URL to match goes first):
RewriteCond %{HTTPS} off
RewriteRule ^renew-result https://www.mydomain.com/renew-result [R,L]
RewriteCond %{HTTPS} off
RewriteRule ^renew https://www.mydomain.com/renew [R,L]
Second (limit URL to exact match with $ at the end)
RewriteCond %{HTTPS} off
RewriteRule ^renew$ https://www.mydomain.com/renew [R,L]
RewriteCond %{HTTPS} off
RewriteRule ^renew-result$ https://www.mydomain.com/renew-result [R,L]
Third, combination of both cases in one rule. ^renew(-result)?$ matches only /renew or /renew-result capturing -result if it exists in request. While https://www.mydomain.com/renew$1 redirects to https version of /renew or /renew-result if capture presents.
RewriteCond %{HTTPS} off
RewriteRule ^renew(-result)?$ https://www.mydomain.com/renew$1 [R,L]

With out testing, this is something similar to what I have.
RewriteCond %{SERVER_PORT} 80
RewriteRule ^renew https://www.domain.com/renew [L,R=301]

Related

Using APACHE REWRITE To Force One Specific Page To Be HTTP (.htaccess)

I have tried using some rewrite to change my /welcome.php page to http. it is located in the root directory, but what I have done has seemingly forced all pages on my site to http instead of just the one. Here is what I have tried:
RewriteEngine On
#Force remove WWW
RewriteCond %{HTTP_HOST} ^www.w5unt.ga
RewriteRule (.*) http://w5unt.ga/$1 [R=301,L]
#Redirect HTTPS to HTTP
RewriteCond %{HTTP:X-Forwarded-Proto} =https
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
As you can see I am also force removing WWW from all urls at the same time I am trying to force my one page (welcome.php) to be http. I believe the error is in this bit of code
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
However I am not sure how to syntactically correct my issue, any advice?
Try with below I've edited the part of your rule and made a check to exclude welcome.php.
RewriteEngine On
#Force remove WWW
RewriteCond %{HTTP_HOST} ^www.w5unt.ga
RewriteCond %{REQUEST_URI} !^/welcome.php
RewriteRule (.*) https://w5unt.ga/$1 [R=301,L]

Enforce HTTPS across thousands of 301 RewriteRule entries

community. I'm migrating an ancient ColdFusion site (seriously), and we have literally thousands of 301 redirects from old versions of pages like
index.cfm?id=1&this=that
to more reasonable counterparts like
/what-this-page-really-is
Google says to list them out one by one, so that's what I'm doing. However, on ALL of these redirects we also want to enforce HTTPS. What we have now is this:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
RewriteRule ^thing.cfm$ /thing/? [R=301,L,NC]
RewriteCond %{QUERY_STRING} id=1 [NC]
RewriteRule ^blah.cfm$ /awesome-sauce/? [R=301,L,NC]
It works fine, but Google complains that it's technically two redirects for these old links. A possible solution would be to exclude *.cfm files from the HTTPS redirect and explicitly make every single *.cfm redirect go to the HTTPS version of the page, like so:
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !(.*)cfm$
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
RewriteRule ^thing.cfm$ https://%{HTTP_HOST}/thing/? [R=301,L,NC]
RewriteCond %{QUERY_STRING} id=1 [NC]
RewriteRule ^blah.cfm$ https://%{HTTP_HOST}/awesome-sauce/? [R=301,L,NC]
But over thousands of lines, that's a lot of extra characters in an .htaccess file. I know this is better in apache config, but I don't have that option right now.
My question: is there a way to set a flag that's going to apply the HTTPS parameter to ALL of the subsequent *.cfm 301 redirects?
Thank you!
Rather than enforcing https:// in each 301 handler you can move your http->https rule at the bottom and remove R flag from your redirect flags so that Google (or any external client) gets only one single redirect.
RewriteEngine On
RewriteRule ^thing\.cfm$ /thing/? [L,NC]
RewriteCond %{QUERY_STRING} id=1 [NC]
RewriteRule ^blah\.cfm$ /awesome-sauce/? [L,NC]
# all other rules here but remove R=301 flag
# finally do a http->https with rewritten URI
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L,NE]
Make sure to clear your browser cache before testing.

Can't get htaccess rule to work: force SSL on all pages, force non-SSL on two specific pages

I am no htaccess expert, but after Googling for two hours I gave up. Maybe you can help me?
I have my entire site on SSL. However, I have two pages that reference non-secure dynamic content from elsewhere. I need these to be on http instead of https.
The first part of my rules work. All the site is forced to SSL except for those two pages. However, the last part doesn't: force those two pages to non-SSL. It is probably very stupid but does anyone see where I go wrong?
#add www. if missing WORKS
RewriteEngine on
RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [L,R=301]
#force SSL/https WORKS
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/webshop2/localize\.php
RewriteCond %{REQUEST_URI} !^/webshop2/layoutstripper\.php
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#force http DOES NOT WORK
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} ^/webshop2/localize\.php [NC]
RewriteCond %{REQUEST_URI} ^/webshop2/layoutstripper\.php [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
You need an [OR] flag in your second SSL rule. The 2 conditions you have essentially say:
the request must be HTTPS
the URI must start with: /webshop2/localize.php
the URI must start with: /webshop2/layoutstripper.php
As you can see, the last 2 conditions will always fail, as the request can't be BOTH at the same time. If you add an [OR] flag in there, it makes it true if the URI is one or the other:
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} ^/webshop2/localize\.php [NC,OR]
RewriteCond %{REQUEST_URI} ^/webshop2/layoutstripper\.php [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteRule with greedy matches trying to redirect root to a page, and rewrite all other requests to https

I am trying to work with apache2 rewrite to perform two functions
rewrite (or redirect) / (root) requests to a specific page: /index
all requests (including / and /index) on port 80, are rewritten to HTTPS
Here is my failed attempt
RewriteEngine On
RewriteRule ^$ https://%{HTTP_HOST}%/index [R]
RewriteCond %{REQUEST_URI} !^$
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
My guess is that the last rule was being too aggressive/greedy (everything is rewriting to https) - so I tried to prevent the root match from getting there by adding a RewriteCond that matches on not root, but it is not working.
Edit: is my approach wrong? Is there an obvious mistake in Rules/Conditions?
RewriteCond %{REQUEST_URI} !^$
This will always match, %{REQUEST_URI} does not have the current per-directory prefix removed from it like the implicit thing you match a per-directory RewriteRule against. IOW add the slash in.
For completeness here is the final configuration:
RewriteEngine On
RewriteRule ^$ https://%{HTTP_HOST}%/index
RewriteCond %{REQUEST_URI} !^/$
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Problems with rewrite module and negation patterns

I have the following problem:
If the url contains the keyword "formulario-" and it is a http connection, I want to redirect to the https version.
If the url doesn't contain the keyword "formulario-" and it is a https connection, I want to redirecto to http version.
I tried the following .htaccess but it doens't work properly:
RewriteEngine On
RewriteCond %{HTTPS} =on
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTPS} !=on
RewriteRule ^formulario-(.*) http://%{HTTP_HOST}%{REQUEST_URI}
Thanks for your help!
Untested, but the general idea is:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule formulario- https://%{HTTP_HOST}%{REQUEST_URI} [R,L,QSA]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !formulario-
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R,L,QSA]
The theory being you cannot negate a RewriteRule, but you can negate a RewriteCond.
What exactly does not work?
One thing that comes to mind is: Try using the [L] flag for the first rule, so that apache stops to process the second rule, if the first rule applies.
I am not sure that's it though. You probably need some way to test whether the user was already redirected before.