I‘m trying to force my website to load via https:// and supressing the www. hostname in my .htaccess file located in the topmost public directory.
mod_rewrite is on. I know that this is easily possible in PHP but I’m trying to do this in my .htaccess file.
Here is my approach:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{HTTP_HOST} ^(www\.)(.+)$ [NC,OR]
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)$ [NC]
RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]
</IfModule>
This works in Google Chrome (37.0.2062.124) what kinda surprises me since I thought the whole process is handled on the server side and should behave the same way on the client side.
I have also tried to use %{HTTPS} =off and %{HTTPS} !=on instead of checking the port.
Related
Please be kind, this is my first question on here :)
My Setup
Apache served on my Raspberry Pi 4
My .htaccess file
# Force HTTPS on all pages
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
The Problem
Typing in "tyler.cloud" successfully redirects to https://www.tyler.cloud, but typing in "tyler.cloud/react" stays at http://tyler.cloud/react (not HTTPS).
What I've tried in addition to above with the same results
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
and
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
and a few other variations.
It turns out "AllowOverride" in /var/www has to be "All" in /etc/apache2/apache2.conf.
It was set to "None", and that means it ignored all of my .htaccess files.
I used this:
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
and it seems to work!
Consider using apache2.conf instead of .htaccess. Because using .htaccess in a server where you have root access is a bad idea. It can slow your website down unnecessarily.
Try using this instead of .htaccess:
<Directory "/path/to/web/directory">
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Directory>
And if you are using VirtualHosts, add:
RewriteEngine On
RewriteOptions Inherit
inside the virtualhost.
And also, if someone points their domain to your IP address, then they will be able to show your website through their IP address (unless you are using Name based virtual hosting i.e. https://httpd.apache.org/docs/2.4/vhosts/name-based.html, but still they will be able to access your main Apache host with the IP address of course). Although because you are using HTTPS, their domain probably will fail HTTPS. But, because you do not have HSTS (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) set up, users can still access the website.
So, I would also suggest you to redirect to your domain if the domain doesn't match https://www.tyler.cloud, using the following: (add the following to inside <Directory> directive)
(If you are planning to add HSTS preload see the next solution please)
#Do not use RewriteEngine On more than once. see the next solution if you are planning to use HSTS preload
RewriteCond %{HTTP_HOST} !^www\.tyler\.cloud [OR]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://www\.tyler\.cloud%{REQUEST_URI} [R=301,L]
Use the next solution if planning to use HSTS preload:
RewriteCond %{HTTP_HOST} ^tyler\.cloud
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://tyler\.c%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} !^www\.tyler\.cloud [OR]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://www\.tyler\.cloud%{REQUEST_URI} [R=301,L]
And you are good to go!
Currently I redirect all http users (www or non-www) of upscfever.com to http://upscfever.com/upsc-fever/index.html
using
RewriteEngine on
RewriteCond %{HTTP_HOST} ^upscfever\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.upscfever\.com$
RewriteRule ^/?$ "http\:\/\/upscfever\.com\/upsc\-fever\/index\.html" [R=301,L]
Now I want all users to shift to https so I modified as follows:
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^upscfever\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.upscfever\.com$
RewriteRule ^/?$ "https\:\/\/upscfever\.com\/upsc\-fever\/index\.html" [R=301,L]
So that all who type upscfever.com OR www.upscfever.com should go to
https://upscfever.com/upsc-fever/index.html - instead
Plus all links should be https. But its not working I get Page not found.
Your server has to setup the https first, depend on hosting vendor, if your hosting is vps you need to setup https for apache, install cert also.
You can find some instruction like this:
https://manual.seafile.com/deploy/https_with_apache.html
https://www.digicert.com/csr-ssl-installation/apache-openssl.htm
I think you want to make 3 different changes:
Change your .htaccess file to redirect requests to root to your custom index irrespective of the HTTPS or HTTP for the original request
RewriteEngine on
RewriteCond %{HTTP_HOST} ^upscfever\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.upscfever\.com$
RewriteRule ^/?$ "https://%{SERVER_NAME}/upsc-fever/index.html" [R,L]
There is no R=301 part here because I'm not sure it is really wise to make permanent such a redirect to an obscure inner URL.
Redirect all other non-HTTPS requests to HTTPS (preserving the rest of the URL):
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^upscfever\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.upscfever\.com$
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
Making this redirect permanent seems pretty safe.
Change all internal links in all of your HTML pages (or whatever backend generates them) to use protocol-relative // prefix or explicitly https:// instead of current http://. Preserve the protocol for the external links as is.
As for troubleshooting, you may use the Network tab of the Chrome DevTools (F12) to see exact server reply (note: enabling "Preserve log" and "Disable cache" flags is useful in such context)
You can do that using a single rule as follows in your site root .htaccess:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(?:www\.)?upscfever\.com$ [NC]
RewriteRule ^/?$ /upsc-fever/index.html [R=301,L]
This will redirect both http and https URLs.
You may try something like this:
RewriteEngine On
RewriteCond %{HTTP_HOST} !=""
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I hope below code will do the work for you
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://famebooking.net/$1 [R,L]
just simply add above code in .htaccess below authorization header condition is written under RewriteEngine On
Let me know if that helps.
I have an account with a webhost that uses Apache servers. The webhost's file structure uses subfolders for secondary domains of the primary account domain.
What do I need to add to this .htaccess file to redirect if someone types https:mysubdomain in the browser URL. I want to redirect from https to http, ie. http:mysubdomain.
RewriteEngine on
# Use PHP5.4 as default
AddHandler application/x-httpd-php54 .php
RewriteCond %{HTTP_HOST} ^myseconddomain\.myprimarydomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.myseconddomain\.myprimarydomain\.com$
RewriteRule ^/?$ "http\:\/\/mysedonddomain\.com" [R=301,L]
Edit Update:
Thank you for suggestions. The approach of modifying the .htaccess file for the subdomain in the subfolder didn't work, even after clearing browser cache. What about modifying the .htaccess for the maindomain. I tried this but it didn't work either. Maybe my syntax?
RewriteEngine on
RewriteCond %{HTTP_HOST} ^https:\/\/myseconddomain.com$
RewriteRule ^www.myseonddomain.com/ [R=301,L]
I have spoken at length with the webhost, Hostmonster, and all they could tell me was that the SSL certificate was working "correctly" - even thought it is associating with unrelated domain names that are not supposed to have any certificate. I guess that is what User82217 was saying, there is no other way than to purchase a wildcard SSL?
Edit Update: I tried putting this in the .htaccess of the maindomain and the seconddomain and nothing works to redirect from https to http when the user types https:// in front of mysecondubdomain.com in the URL
RewriteEngine on
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^https
RewriteRule ^.*$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Anybody got any more ideas? Thank you.
To force HTTPs to HTTP then you can use the following in your .htaccess file:
#Force HTTP on everything
RewriteCond %{HTTPS} =on
RewriteRule ^.*$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
You didn't specifiy if you wanted to remove www or not, but on the assumption that you do, you can also remove that by including the following rule:
RewriteCond %{HTTP_HOST} ^www\. [OR]
Therefore checking if www is in the URL or not, so altogether using:
RewriteCond %{HTTP_HOST} ^www\. [OR]
RewriteCond %{HTTPS} =on
RewriteRule ^.*$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Make sure you clear your cache before testing this.
I start reading about a similar topic at this page .htaccess - how to force "www." in a generic way? and the solution was not, well almost what I am looking to do.
The problem : I need the user to be on HTTPS and on WWW to make my application working properly. But if some one click on a html link like:
www.example.com
The user will fall on my website with this :
https://www.www.example.com/
Here is my current .htaccess file.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://www.%{SERVER_NAME}/$1 [R=301,L]
</IfModule>
Is there any way to detect that the user already entered the WWW or is there a best practice to get the result I am looking for?
Thank you.
You are getting this behavior because http -> https rule is adding www\. in target URL without checking if URL is already starting with www.
You should replace both of your rules with this single rule and as a bonus avoid multiple redirects:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L,NE]
I would like to redirect all connections from htt_p://www.example.com/abc.html to HTTP_S://www.example.com/abc.html . What mod_alias or mod_rewrite commands would work for this? I've tried:
RewriteEngine on
RewriteCond %{HTTPS} =off
RewriteRule $abc\.html^ https://www.example.com/abc.html [R]
in both .htaccess and httpd.conf but that doesn't work. It works if the first string in the RewriteRule is anything else (like abz.html) but not if it is abc.html. abc.html is a real file on the server (not another redirect). Options FollowSymlinks is present in the appropriate Directory directive.
Many thanks.
Something along the lines of the following will allow you to redirect non-SSL pages to SSL versions (assuming that you are running SSL on port 443):
RewriteEngine on
# Limited redirects
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_URI} ^/abc\.html$ [OR,NC]
RewriteCond %{REQUEST_URI} ^/def\.html$ [OR,NC]
RewriteCond %{REQUEST_URI} ^/ghi\.html$ [NC]
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
The [OR] flag after the RewriteCond is literally that, "or", which is why the last condition doesn't have it