I'm trying to add some secure pages to a site. The links in the site all use the current protocol (i.e. are protocol independent, paths start with //).
I need the paths /info/season-tickets/* and /ticketcontroller/* to use https, and all others using http.
I've tried building rules to do the following (ignoring the ticketcontroller part for now):
If Port==80 and Path==/info/season-tickets/, rewrite with https
If Port==443 and Path!=/info/season-tickets/, rewrite with http
However, when I access /info/season-tickets/, rather than redirecting to the https version, I get example.com/index.php/info/season-tickets
The .htaccess is below - my attempts are below # Force https on certain pages and # Force http everywhere else, and the other bits are from the Kohana framework
# Turn on URL rewriting
RewriteEngine On
# Installation directory
RewriteBase /
# Force https on certain pages
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} ^/info/season-tickets/?
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
# Force http everywhere else
RewriteCond %{SERVER_PORT} 443
RewriteCond %{REQUEST_URI} !^/info/season-tickets/?
RewriteRule ^(.*)$ http://www.example.com/$1 [R,L]
# Protect hidden files from being viewed
<Files .*>
Order Deny,Allow
Deny From All
</Files>
# Protect application and system files from being viewed
RewriteRule ^(?:application|modules|system)\b index.php/$0 [L]
# Allow any files or directories that exist to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Rewrite all other URLs to index.php/URL
RewriteRule .* index.php/$0 [PT]
I tried re-ordering the rules to see if that fixed it, but it didn't.
Any ideas why this isn't working (http://htaccess.madewithlove.be/ shows that it should work)...
Thanks!
I've solved this issue, not with htaccess, but in the index.php file (all requests go through this).
By default, I assume port 80. Then, if $_SERVER['REQUEST_URI'] is in an array of secure paths, I switch the variable to 443.
Then, if $required_port != $_SERVER['SERVER_PORT'], I redirect and exit().
Related
for our client project we need to redirect all url calls to the matching .php file extension. this is done for SEO (google) ranking. avoiding indexing both url (with *.php and without)
we try to do this using the .htaccess file (shared host) but it seemed to only work for redirects that have a different url and not to the one that just adding the ".php" extension.
different url works
abc -> abc2.php
same url doesnt work
abc -> abc.php
here is our code sample:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.abc\.co.uk
RewriteRule (.*) http://www.abc.co.uk/$1 [R=301,L]
# this doesn't work
Redirect 301 /test http://www.abc.co.uk/test.php
# this redirect works as the url is different
Redirect 301 /test-abc http://www.abc.co.uk/abc.php
we host with 1&1 shared host server.
php version is 5.5
I also tried this code that redirects but the page not loading now:
RewriteRule ^(.+)\.(.*)$ http://abc.co.uk/$1.php [R,NC]
also noticed url without file extension (.*|html) will not redirect
Try this .htaccess in DocumentRoot:
Options +FollowSymlinks -MultiViews
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.abc\.co\.uk$ [NC]
RewriteRule (.*) http://www.abc.co.uk/$1 [R=302,L]
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.+?)/?$ /$1.php [L,R=302]
This appears to be a 302 re-direct, which is not SEO freindly. I tested the above and it doesnt work, also, if it did I wonder what would happen to url's that did not require the .php extension on the URL.
Basically we're trying to get a 301 re-direct working, but it seems to be conflicting with the rules set up that contain the same url. (IE abc > abc.php)
I wonder if there could be some kind of Apache setting or even and unlikely a PHP setting? the 301's work on any other linux server that I try.
I have a SSL on my site and would like to redirect all my http pages to https
I find something below and work for www.yourdomain.com.
If I also need transfer all yourdomain.com(without www) to https what should I add to htaccess? Thanks!
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
<!-- Please put the redirect without www here, thanks-->
A simple Google search reveals hundreds of results. For example, this official FAQ.
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e. http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context
I have two questions regarding pointing subdomains to a directory:
Currently I run local, but I can run my site on a fake domain i have set up (with hosts file), its called mysite.com. How can i (by server settings?) do so All subdomains will point to / ? Example anders.mysite.com should show mysite.com and asdassdd.mysite.com also.
Maybe 1. is not necessary, but how do i by htaccess point anders.mysite.com to mysite.com/anders ? Important notice is that should not redirect.
Why i thought of 1. is because I do not want to specify anywhere in the htaccess or any apache/domain setting, what the subdomain are, since this will be dynamic (created by logged in users in my webapplication)
Currently the users can use mysite.com/anders/ which is a URI they have created, and not a real directory. In the Kohana bootstrap I am then grabbing the URI and showing the relevant user page.
I am using Kohana MVC framework and have this in my htaccess:
# Turn on URL rewriting
RewriteEngine On
# Installation directory
RewriteBase /
# Protect hidden files from being viewed
<Files .*>
Order Deny,Allow
Deny From All
</Files>
# Protect application and system files from being viewed
RewriteRule ^(?:application|modules|system)\b.* index.php/$0 [L]
# Allow any files or directories that exist to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Rewrite all other URLs to index.php/URL
RewriteRule .* index.php/$0 [PT]
Any help appreciated!
For 1, in your vhost just add a ServerAlias:
ServerAlias *.mysite.com
Then any subdomain (www included) will get pointed to the same document root.
If you want to put subdomains in their own directory (and since you have access to server config), you can use mod_vhost_alias and the VirtualDocumentRoot directive:
VirtualDocumentRoot /path/to/your/htdocs/%1
So if you request blah.mysite.com, you'll end up in /path/to/your/htdocs/blah as the doc root.
If it's a matter of you needing directory names of non-existent directories in the URI so that Kohana can route them, you'll need to make sure you have mod_proxy loaded:
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^([^.]+)\.
RewriteCond %{REQUEST_URI} !^/%1/
RewriteRule ^(.*)$ /%1/$1 [L,P]
To proxy the request back to Kohana with the right URI.
how do i by htaccess point anders.mysite.com to mysite.com/anders ? Important notice is that should not redirect.
You can use this rule:
RewriteCond %{HTTP_HOST}:%{REQUEST_URI} ^([^.]+)\.[^:]+:(?!/\1/).*$
RewriteRule ^ /%1%{REQUEST_URI} [L]
I've been able to use makecert to make a self signed cert which currently enables HTTPS on all directories in C://XAMPP/htdocs
I have two directories which I want to be different,
c:/XAMPP/htdocs/PLACEHOLDER1
c:/XAMPP/htdocs/PLACEHOLDER2
I was wondering if it'd be possible have the SSL scope limited to one directory, say in this case 'placeholder1'.
It's my first time using SSL so sorry for any confusions.
http://robsnotebook.com/xampp-ssl-encrypt-passwords has some good information on how to make folders accessible by SSL encryption only. It specifically covers these two items, this is not a direct quote, but is an excerpt of the essence to answer your question:
Make folders accessible with SSL encryption only
First, we need to inform Apache that the folders you want to encrypt should use always use encryption (and never go in the clear). This is accomplished by putting an SSLRequireSSL directive inside of each desired <Directory> listing in the config files (it is ok to put it at the end, just before the </Directory>).
Alias /web_folder_name "C:/xampp/foldername"
<Directory "C:/xampp/foldername">
...
...
SSLRequireSSL
</Directory>
Redirect “http” to “https” for certain folders
This next optional step is to redirect “http” requests to “https” requests for the pages we want to secure. This is more user friendly and allows you to still use http when you type in the address (and automatically switch to https:// and encryption). If you don’t do this, and you used SSLRequireSSL, you will only be able to access these pages by typing https://. This is fine and probably a little bit more secure, but is not so user friendly. To accomplish the redirection, we will use mod_rewrite so that we don’t have to use the server name in this part of the config file. This helps keep small the number of places in the config files where the server name is written (making your config files more maintainable).
First, we need to make sure that mod_rewrite is enabled. To do this, edit c:\xampp\apache\conf\httpd.conf and get rid of the comment (# character) in this line:
#LoadModule rewrite_module modules/mod_rewrite.so
to make it look like this:
LoadModule rewrite_module modules/mod_rewrite.so
Now, paste the following text into the top of c:\xampp\apache\conf\extra\httpd-xampp.conf:
<IfModule mod_rewrite.c>
RewriteEngine On
# Redirect /xampp folder to https
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} xampp
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
# Redirect /phpMyAdmin folder to https
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} phpmyadmin
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
# Redirect /security folder to https
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} security
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
# Redirect /webalizer folder to https
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} webalizer
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
</IfModule>
If you have other folders you want to redirect to https://, add the generic text below (but substitute your folder name):
# Redirect /folder_name folder to https
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} folder_name
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
I have to redirect from one domain to another domain. Both the domains have http and https protocol enabled. so in order to map http and https i have tried various combinations in conf file as below:
#RewriteCond %{HTTPS} =on
#RewriteCond %{SERVER_PORT} ^443$
#RewriteRule ^(.+)$ - [env=askapache:https]
#RewriteCond %{HTTPS} !=on
#RewriteRule ^(.+)$ - [env=askapache:http]
RewriteCond %{SERVER_PORT}s ^(443(s)|[0-9]+s)$
RewriteRule ^(.+)$ - [env=askapache:%2]
RewriteCond %{HTTP_HOST} ^([www.]+)?test-redirect\.com$ [NC]
RewriteRule ^(.*)$ http%{ENV:askapache}//amit.test.com/content/test/category/6 [L]
#RewriteCond %{HTTP_HOST} ^([www.]+)?test-redirect\.com$ [NC] <BR>
#RewriteCond %{HTTPS} !on
#RewriteRule .? http://amit.test.com/content/test/category/6 [L]`
But every time https condition is skipped/ignored. there is nothing rewrite logs as well. i have seen so many examples on net. but fail to understand why it is not detecting https? where http is working perfectly fine.
Rewrite logs may very well be in 2 diff locations for https and http. You can try using HTTP_AA instead of using "askapache" for the name of the env. The prefix HTTP_ANYTHING is a more fail safe way to make sure the var is available since some setups don't allow custom vars that start with anything other than HTTP_ which they have to allow due to it represents a HTTP header usually.
Make sure your https port is actually 443 or you will need to change the code.
Make sure your mod_rewrite block of code works by trying the first and second methods here: Even Newer HTTP/HTTPS Rewrite Code If it doesn't work using the first example you need to get it working using that rule first.
Try setting the HTTP_AA var above the rewrite code using the SetEnvIfNoCase directive or with
SetEnv HTTP_AA
Verify your vhost/httpd.conf settings for both SSL and non-SSL like the document root and Options and AllowOverrides, Logs and maybe StdEnvVars for SSLOptions.
Build a shtml file using mod_includes that just does a printenv. Then view both the ssl and non-ssl outputs and pay particular attention to the vars with the prefix REDIRECT_ and obviously make sure the HTTP_AA var shows up correctly in the printenv output. Or you could use the printenv cgi script or the shtml example on the askapache site.
Don't forget http://httpd.apache.org/.
Or try this
Options +FollowSymLinks +ExecCGI
# Set var now to try to try to have it availabe for mod_rewrite
SetEnv HTTP_AA
RewriteEngine On
RewriteBase /
# HTTP_AA is set to either s or is blank
RewriteCond %{SERVER_PORT}s ^(443(s)|[0-9]+s)$
RewriteRule ^(.+)$ - [env=HTTP_AA:%2]
# if host not new domain, its old so redirect both http/https to new
RewriteCond %{HTTP_HOST} !^amit\.example\.com$ [NC]
RewriteRule .* http%{ENV:HTTP_AA}://amit.example.com/content/test/category/6 [R=301,L]