I'm forcing https on all pages on our site, but because of complications with some old plugins we use (needing to connect over http), I need to set up an exception to the https forcing for one directory.
I can't quite work it out though. The rule I think should work is giving me a 403 error.
Can someone have a look?
I've got a bunch of stuff for redirecting non-www to www:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^subdomain1.site.com$
RewriteCond %{HTTP_HOST} !^subdomain2.site.com$
RewriteRule ^(.*)$ http://www.site.com/$1 [R=301]
Then there's the https forcing:
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://www.site.com/$1 [R,L]
But if I add another condition to exclude the directory from this rule:
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/subdir/sub-subdir/
RewriteRule ^(.*)$ https://www.site.com/$1 [R,L]
I get an error where I see the content from my 404 page, but the URL is https://www.site.com/403.shtml - but I don't have a 403.shtml in my web root. (This is a WHM/cPanel-driven server)
Related
I have tried using some rewrite to change my /welcome.php page to http. it is located in the root directory, but what I have done has seemingly forced all pages on my site to http instead of just the one. Here is what I have tried:
RewriteEngine On
#Force remove WWW
RewriteCond %{HTTP_HOST} ^www.w5unt.ga
RewriteRule (.*) http://w5unt.ga/$1 [R=301,L]
#Redirect HTTPS to HTTP
RewriteCond %{HTTP:X-Forwarded-Proto} =https
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
As you can see I am also force removing WWW from all urls at the same time I am trying to force my one page (welcome.php) to be http. I believe the error is in this bit of code
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
However I am not sure how to syntactically correct my issue, any advice?
Try with below I've edited the part of your rule and made a check to exclude welcome.php.
RewriteEngine On
#Force remove WWW
RewriteCond %{HTTP_HOST} ^www.w5unt.ga
RewriteCond %{REQUEST_URI} !^/welcome.php
RewriteRule (.*) https://w5unt.ga/$1 [R=301,L]
Currently I redirect all http users (www or non-www) of upscfever.com to http://upscfever.com/upsc-fever/index.html
using
RewriteEngine on
RewriteCond %{HTTP_HOST} ^upscfever\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.upscfever\.com$
RewriteRule ^/?$ "http\:\/\/upscfever\.com\/upsc\-fever\/index\.html" [R=301,L]
Now I want all users to shift to https so I modified as follows:
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^upscfever\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.upscfever\.com$
RewriteRule ^/?$ "https\:\/\/upscfever\.com\/upsc\-fever\/index\.html" [R=301,L]
So that all who type upscfever.com OR www.upscfever.com should go to
https://upscfever.com/upsc-fever/index.html - instead
Plus all links should be https. But its not working I get Page not found.
Your server has to setup the https first, depend on hosting vendor, if your hosting is vps you need to setup https for apache, install cert also.
You can find some instruction like this:
https://manual.seafile.com/deploy/https_with_apache.html
https://www.digicert.com/csr-ssl-installation/apache-openssl.htm
I think you want to make 3 different changes:
Change your .htaccess file to redirect requests to root to your custom index irrespective of the HTTPS or HTTP for the original request
RewriteEngine on
RewriteCond %{HTTP_HOST} ^upscfever\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.upscfever\.com$
RewriteRule ^/?$ "https://%{SERVER_NAME}/upsc-fever/index.html" [R,L]
There is no R=301 part here because I'm not sure it is really wise to make permanent such a redirect to an obscure inner URL.
Redirect all other non-HTTPS requests to HTTPS (preserving the rest of the URL):
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^upscfever\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.upscfever\.com$
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
Making this redirect permanent seems pretty safe.
Change all internal links in all of your HTML pages (or whatever backend generates them) to use protocol-relative // prefix or explicitly https:// instead of current http://. Preserve the protocol for the external links as is.
As for troubleshooting, you may use the Network tab of the Chrome DevTools (F12) to see exact server reply (note: enabling "Preserve log" and "Disable cache" flags is useful in such context)
You can do that using a single rule as follows in your site root .htaccess:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(?:www\.)?upscfever\.com$ [NC]
RewriteRule ^/?$ /upsc-fever/index.html [R=301,L]
This will redirect both http and https URLs.
You may try something like this:
RewriteEngine On
RewriteCond %{HTTP_HOST} !=""
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I hope below code will do the work for you
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://famebooking.net/$1 [R,L]
just simply add above code in .htaccess below authorization header condition is written under RewriteEngine On
Let me know if that helps.
I have been trying to rewrite a subdirectory from HTTP to HTTPS to no avail. I have looked at other posts and tried to implement the solutions:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} subdirectory
RewriteRule ^(.*)$ https://www.exmaple.com/subdirectory/$1 [R,L]
and also
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(subdirectory/.*)$ https://www.example.com/$1 [R=301,L]
and placing them either on the root directory .htaccess file or the Plesk's Apache and Ngnix settings. But whenever I typed
http://www.example.com/subdirectory/some.html
I will always get
https://www.example.com/subdirectory//subdirectory/some.html
which is of course 404 not found. Any assistance is appreciated.
To force HTTPs for just a single directory then what you can use is:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteCond %{REQUEST_URI} ^\/(subdirectory)
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L,R=301]
RewriteCond %{HTTP:X-Forwarded-SSL} =on
RewriteCond %{REQUEST_URI} !^\/(subdirectory)
RewriteRule (.*) http://%{HTTP_HOST}/$1 [L,R=301]
What is the above doing? The first condition checks if HTTPs is not on, if not, then it will check for the directory /subdirectory/ if found it will force this directory and only this directory to HTTPs.
The second set of rules is basically the opposite, forcing everything to HTTP except for the directory /subdirectory/.
Make sure you clear your cache before testing this.
I have multiple domains that end with .nl .com and .de. For each domain name I have a different language. My files are on the .nl domain. What I would like is the following for all domains:
Redirect http://* to https://*
Redirect http://example.* to https://www.example.*
I Have the files on 1 server, and want them to look like it is on 3.
This is what I have on the main server (.NL)
RewriteCond %{HTTP_HOST} !www.example.nl$ [NC]
RewriteRule ^(.*)$ https://www.example.nl/$1 [L,R=301]
And this for the .DE
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://www.example.de/$1 [L,R=301]
RewriteCond %{HTTP_HOST} !www.example.de$ [NC]
RewriteRule ^(.*)$ http://www.example.de/$1 [L,R=301]
RewriteRule ^(.*)$ http://www.example.nl/$1 [P]
And this for the .COM
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]
RewriteCond %{HTTP_HOST} !www.example.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
RewriteRule ^(.*)$ http://www.example.nl/$1 [P]
I've tried everything, but I could not figure it out.
# This rule will redirect users from their original location, to the same location but using HTTPS.
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://www.example.nl/$1 [R=301,L]
#primary site redirect
RewriteCond %{HTTP_HOST} !^www\.example\.nl [NC]
RewriteRule (.*) https://www.example.nl/$1 [R=301,L]
I believe that's all that's required, as you can see, you first redirect ALL requests that are not https to https example.nl, then you redirect anything that is NOT www.example.nl to https://www.example.nl
If I'm guessing wrong about what you need with [P] you can just replace I think [R=301,L] with [P], though I've never dealt with that configuration so I can't say for sure, but it's easy to test.
https://wiki.apache.org/httpd/RewriteHTTPToHTTPS
this is more or less what we use for https. I think you're getting confused and not realizing that all you need to know is that something is NOT example.nl/$1, there's no need to list all those nots, since all of them are not example.nl/$1
Note the following, which are all NOT the second rule, all will get redirected:
https://example.nl
https://www.example.com
https://example.de
https://www.example.de
Since these are all not:
https://www.example.nl
they get redirected. (.*) means everything, including /.
There's a subtle thing that you need to be aware of with https, you have to have a certificate for ALL versions of all the domains, that's www/non www, or you get those browser alert popups for any initial domain/subdomain that does not have certificate support when the page initially loads. For example, if you don't have a certificate for example.com but you have one for www.example.com if a url comes in: http://example.com you'll get that browser alert, which is very bad for usability and makes it look like it's a scammer site.
I can't remember the exact ordering of processing, but I think that's how it works.
I have 3 domains and one hosting. I am trying to use the same hosting for all of my three domains through htaccess. So, I created a subdomains with that name on my domain linked with hosting, which looks something like below.
www.site1.com [Main domain linked with hosting]
site2.site1.com [subdomain for www.site2.com]
site3.site1.com [subdomain for www.site3.com]
What I want to achieve is, user shouldn't go to subdomain site2.site1.com, instead they would be able to go to www.site2.com only and request will be sent to site2.site1.com at backend.
Up to here, all is done and worked well. The only problem comes afterwards, when I adds SSL on site. I have SSL for all of these domain and subdomain. If a user visit non-ssl, then he should be redirected to SSL one. Some of SSL works well but when I add SSL for all of them, then I start getting 500 error.
Here is my .htaccess file
RewriteEngine On
DirectoryIndex index.php
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^site2.com
RewriteRule ^(.*) https://site2.site1.com/$1 [P]
RewriteCond %{HTTP_HOST} ^www.site2.com
RewriteRule ^(.*) https://site2.site1.com/$1 [P]
RewriteCond %{HTTP_HOST} ^site3.com
RewriteRule ^(.*) https://site3.site1.com/$1 [P]
RewriteCond %{HTTP_HOST} ^www.site3.com
RewriteRule ^(.*) https://site3.site1.com/$1 [P]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
As I add https on redirection link, so it start giving me 500 error whereas when I make redirection to http then it will not load my page because non-secured site http://site2.site1.com will be loaded over secured https://www.site2.com and in a result, nothing will be shown.
Here I need help to resolve this problem. I have looked over different questions but haven't found any question relevant to me because I need to keep my .htaccess working with redirection and SSL. Moreover, I also need to redirect to www one, if not added in URL.
Any help will be appreciated.
Like, all the times I experienced here I have resolved my problem myself. The resolution to my problem was the following htaccess
RewriteEngine On
DirectoryIndex index.php
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^site2.com
RewriteRule ^(.*) site2/$1
RewriteCond %{HTTP_HOST} ^www.site2.com
RewriteRule ^(.*) site2/$1
RewriteCond %{HTTP_HOST} ^site3.com
RewriteRule ^(.*) site3/$1
RewriteCond %{HTTP_HOST} ^www.site3.com
RewriteRule ^(.*) site3/$1
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
In this way instead of pointing the URL to subdomain having https I have reference that to the directory instead because path will be same for that, and now when I enter the URL with https page opens and don't give any error.