I have several domains under the same server, but my https certificated only works for one of them.
I need to force https for: mydomain1.com
All other domains (mydomain2.com, mydomain3.com ...) must use
http.
I know it must be a simple rule, but I wasn't able to figure it out.
I think you should edit your hosts file
if port is not SSL and domain is mydomain1.com, force redirect to https://
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP_HOST} mydomain1.com$
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L,QSA]
Related
I'm trying to redirect https://www.example.com to http://www.example.com. I tried the following code in the .htaccess file
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
This code successfully redirects https://example.com to http://www.example.com. However when I type in https://www.example.com then it gives me a "web page not available" error in the browser.
I have also tried the following 2 codes without success
Attempt 1
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*):NOSSL$ http://www.example.com/$1 [R=301,L]
Attempt 2
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
Both above attempts failed. Any suggestions?
Attempt 2 was close to perfect. Just modify it slightly:
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
UPDATE:
Above solution works from a technical point of view. BUT:
Since a few years now the user will receive a huge warning indicating that the connection is not private. That is to be expected: none of today's browsers will silently switch from an encrypted to a not encrypted connection, for obvious reasons ... You cannot get around that behavior of standard browsers. That however has nothing to do with the redirection itself. It is how the web works today, how users are protected from criminal intents.
However, if your website does not have a security certificate, it's on a shared hosting environment, and you don't want to get the "warning" when your website is being requested through https, you can't redirect it using htaccess. The reason is that the warning message gets triggered before the request even goes through to the htaccess file, so you have to fix it on the server. Go to /etc/httpd/conf.d/ssl.conf and comment out the part about the virtual server 443. But the odds are that your hosting provider won't give you that much control. So you would have to either move to a different host or buy the SSL just so the warning does not trigger before your htaccess has a chance to redirect.
You can use the following rule to redirect from https to http :
RewriteEngine On
RewriteCond %{HTTPS} ^on$
RewriteRule ^(.*)$ http://example.com/$1 [NC,L,R]
Explanation :
RewriteCond %{HTTPS} ^on$
Checks if the HTTPS is on (Request is made using https)
Then
RewriteRule ^(.*)$ http://example.com/$1 [NC,L,R]
Redirect any request (https://example.com/foo)
to http://example.com/foo .
$1 is part of the regex in RewriteRule pattern, it contains whatever value was captured in (.+) , in this case ,it captures the full request_uri everything after the domain name.
[NC,L,R] are the flags, NC makes the uri case senstive, you can use both uppercase or lowercase letters in the request.
L flag tells the server to stop proccessing other rules if the currunt rule has matched, it is important to use the L flag to avoid rule confliction when you have more then on rules in a block.
R flag is used to make an external redirection.
RewriteEngine On
RewriteCond %{SERVER_PORT} 443
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
The difference between http and https is that https requests are sent over an ssl-encrypted connection. The ssl-encrypted connection must be established between the browser and the server before the browser sends the http request.
Https requests are in fact http requests that are sent over an ssl encrypted connection. If the server rejects to establish an ssl encrypted connection then the browser will have no connection to send the request over. The browser and the server will have no way of talking to each other. The browser will not be able to send the url that it wants to access and the server will not be able to respond with a redirect to another url.
So this is not possible. If you want to respond to https links, then you need an ssl certificate.
RewriteCond %{HTTP:X-Forwarded-Proto} =https
Your code is correct. Just put them inside the <VirtualHost *:443>
Example:
<VirtualHost *:443>
SSLEnable
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
I have tried a zillion variations of .htaccess rewrites and cannot get this to work.
I have a previous HTTPS old-domain.com that I need to forward to new-domain.io. Both are HTTPS but only the new domain has SSL certs on the server. This makes the browser trying to load old-domain.com just spin in the browser.
I already have a DNS forward that works fine ONLY with http, not https. I am thinking that I need to use something like %{HTTP:X-Forwarded-Proto} but not exactly sure how. Nothing has worked so far.
https://old-domain.com
AND https://www.old-domain.com
both need to redirect to https://new-domain.io (along with any URI like/something/this.html)
Something like this looks like it should work, but redirects infinitely.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^old-domain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.old-domain\.com$
RewriteRule (.*)$ https://new-domain.io/$1 [R=301,L]
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*)$ https://new-domain.io/$1 [R=301,L]
SOLUTION --------
The new domain .htaccess file cannot fix a HTTPS redirected link by itself.
There are two ways to correctly fix it.
Remove DNS forwarding at the old domain DNS. Then make sure there are still valid SSL certs AND put a redirect on its .htaccess file to handle the redirects with something like this:
RewriteEngine On
RewriteCond %{HTTP_HOST} (w*)domain.com$ [NC]
RewriteRule ^ http://newdomain.com%{REQUEST_URI} [L,R=301]
Leave the DNS forwarding of the old domain and add a new multi-domain SSL cert at the new domain which includes BOTH domains. This is tricky because you will have to manually authenticate the old domain because the cert won't be living at the old domain host.
I choose and implemented #1 successfully.
I am facing an issue with the domain redirection.
I am trying to redirect my old domain to another new one, so the current domain is for example https://example.com and the new one is https://exampleapple.com the old is using SSL and I implement SSL on the new too, the old domain redirects fine without SSL (http) but is not redirecting on (https).
Can anyone please guide me as how this works?
You can easily do that with .htaccess file. There is no need to use GoDaddy's functionality. Just add these lines to the .htaccess file in the directory of your example.com domain on your server :
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^/?$ "https\:\/\/exampleapple\.com\/" [R=301,L]
I recently installed my SSL certificate, and I'm attempting to enforce a https connection to all my pages. However, previously I also redirected all requests to the www version of the request page. When combining an http redirect to https and concurrently redirecting traffic to www, I get a looping redirect warning on browsers. Hence, how can I make .htcaccess rule (I actually just use the directory config file) that will achieve what i want: always https://'www'
Here's the current combination that I have:
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}$1 [NC,R=301,L]
RewriteCond %{HTTP_HOST} ^mydomain.com
RewriteRule (.*) https://www.mydomain.com$1 [R=301,L]
Your question is a duplicate of htaccess redirect to https://www
Also, you can solve the WWW problem with DNS by simply pointing your naked domain to WWWizer's free naked domain redirect service's IP 174.129.25.170
I have the following rules on my .htaccess file
# to redirect http to https
RewriteCond %{HTTPS} off
RewriteRule (.*) https://www.example.com/$1 [R=301,L]
# to redirect urls with index.php to /
RewriteCond %{THE_REQUEST} ^.*/index.php
RewriteRule ^(.*)index.php$ /$1 [R=301,L]
# to redirect non www requests to www url
RewriteCond %{HTTP_HOST} !^www\.example\.com
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
When I am trying to access the website, it turns into a Redirect Loop. How to fix this issue and redirect properly?
Just in case somebody have redirect loop when using Apache http->https rewrite behind load balancer, here's solution that worked for me.
I had the same problem when used RewriteCond %{HTTPS} off for Apache behind load balancer, when load balancer does SSL stuff.
If https version of the site is not configured via Apache ModSSL it doesn't set %{HTTPS} variable to "on" and keeps redirecting infinitely.
The simplest solution to fix it is to target all https traffic to another Apache VirtualHost (when SSL is handled by load balancer) that is the copy of main one, but has different port (lets say 81). And in .htaccess do mod_rewrite for everything that is not on port 81:
ReWriteCond %{SERVER_PORT} !^81$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
The second way to do this is to send X-Forwarded-Proto header from load balancer to Apache and use it in rewrite condition:
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
I've seen a lot of people suffering redirect loops when trying to use .htaccess files to move from http to https. And there are a LOT of different answers to how to solve this issue. Some people say:
ReWriteCond %{SERVER_PORT} 80
OR
RewriteCond %{HTTPS} off
OR
RewriteCond %{HTTPS} !on
OR (as above)
RewriteCond %{HTTP:X-Forwarded-Proto} !https
OR EVEN
RewriteCond %{HTTP:X-Forwarded-SSL} =off
but none of these worked for me. I eventually discovered the underlying truth, that the different servers out there are configured in different ways, and they're all providing different server variables.
If none of the above work for you, then the trick is to use PHP to find out what env variables your particular server is sending you when you access an http page, and what env variables it sends you when you access an https page, and then you can use that variable to do the redirect. Just make a PHP file (such as showphpvars.php) on your server with this code:
<?php phpinfo() ?>
and then view it with a browser. Find the section of variables with _SERVER["HTTP_HOST" (etc)] in it, and have a scout around for one that changes for http versus https. Mine turned out to be a variable called SSL that was set to 1 when using https, and not set at all when using http.
I used that variable to redirect to https with PHP, which is so much nicer than using htaccess, but I think that any of the _SERVER variables can also be accessed using htaccess, if you're keen to continue to use that. Just use the name inside the quotes, without the _SERVER[""] bit that PHP adds.
For your information, it really depends on your hosting provider. It may be using a Load Balancer, as stated by Konstantin in another answer.
In my case (Infomaniak), nothing above actually worked and I got infinite redirect loop.
The right way to do this is actually explained in their support site:
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://your-domain.com/$1 [R=301,L]
So, always check with your hosting provider. Hopefully they have an article explaining how to do this. Otherwise, just ask the support.
If you get a redirect loop no matter what you do in htaccess, do the redirect in PHP instead.
I used phpinfo(), like #z-m suggests, to find the variable that changes when I'm on SSL. In my case it was $_SERVER['HTTP_X_PROTO'] == "https". When not on SSL, this variable is not set.
This is the code I use to redirect from HTTP to HTTPS:
if ($_SERVER['HTTP_X_PROTO'] != "https") {
header("HTTP/1.1 301 Moved Permanently");
$location = "https://" . $_SERVER[HTTP_HOST] . $_SERVER[REQUEST_URI];
header("Location: $location");
exit;
}
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{
In my case it was:
if ($_SERVER['HTTPS'] != "on")