Force https in htaccess - apache

I got a certificate for my site and now I need to move it to https. This is my htaccess:
# Turn on URL rewriting
RewriteEngine On
# Installation directory
RewriteBase /
# Protect hidden files from being viewed
<Files .*>
Order Deny,Allow
Deny From All
</Files>
# Protect application and system files from being viewed
RewriteRule ^(?:application|modules|system)\b.* index.php/$0 [L]
# Allow any files or directories that exist to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Rewrite all other URLs to index.php/URL
RewriteRule .* index.php/$0 [PT]
How do I do it? Thanks

There's a few ways to do it; here's one:
## port requirement (bail if not 443)
RewriteCond %{SERVER_PORT} !^443$
## exceptions
RewriteCond %{REQUEST_URI} ^/somepath$ [OR]
RewriteCond %{REQUEST_URI} ^/anotherpath$
## force traffic to https equivalent
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I've added 2 optional RewriteCond entries that allow you to specify exceptions based on the first component of the URI.

Related

Redirect any domain to HTTPS and a specific path

I am looking for a piece of code that redirects any domain (wildcard ish), not just a specific domain and so that the redirect redirects to HTTPS and a specific path.
I have tried many pieces of code but pretty much 90% of the search results I could find are for redirecting specific domains.
Why do I need this? We use envoyer to deploy Statamic to our cpanel server. We use this for every single customer that we have. So for example the url for our Statamic instance is cms.example.com. I need this to be redirect to https://cms.example.com/cp but it can also be cms.totallydifferent.co.uk/cp, I can't for the life of me find a proper example.
I had the piece of code (below) running for a bit but its unreliable. It sometimes works but most of the time does not.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}cp [R=301,L]
</IfModule>
As requested the full .htaccess file:
SetEnv COMPOSER_HOME '/opt/cpanel/composer/bin'
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{REQUEST_URI} !^/cp [NC]
RewriteRule ^ https://%{HTTP_HOST}/cp [R=301,L]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Send Requests To Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
</IfModule>
# ------------------------------------------------------------------------------
# Cache-Control Headers
# ------------------------------------------------------------------------------
<filesMatch "\.(gif|jpg|png|svg|woff)$">
Header set Cache-Control "max-age=31536000"
</filesMatch>
Anyone who can point me into the right direction?
Kind regards
You may try this rule with 2 conditions joined with OR clause:
RewriteEngine On
# fix css/js
RewriteRule ^cp/(.+\.(?:css|js|png|jpe?g|gif))$ https://%{HTTP_HOST}/$1 [L,NC,R=301]
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{THE_REQUEST} !\s/+cp [NC]
RewriteCond %{HTTP_HOST} ^cms\. [NC]
RewriteRule !\.(?:css|js|png|jpe?g|gif)$ https://%{HTTP_HOST}/cp [R=301,L,NC]
Make sure this your topmost rule and clear your browser cache before testing this change.

Single Page Application - .htaccess config

This is a VueJS application. I have a .htaccess file duplicated from any Laravel project like following;
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Send Requests To Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.html [L]
</IfModule>
This is perfectly working what i want. But when I activated comment SSL Redirect rule lines redirects to SSL but routes not running index.html file, for example I have a /login route, /login request working without SSL redirect but if I add SSL redirect lines not working. Please show me when I'm wrong.
Okay, I was configure my Digitalocean server manually, I've forget to enable rewrite in SSL virtualhost. That's a solution :)

RewriteRule not doing the job on blog subfolder

The following code, which was discussed recently on another post here, works as a charm on my website and subdomain:
RewriteEngine On
# Force www.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
# Force https (SSL)
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
However, on the /blog subfolder, where I have my WordPress-based blog, it doesn't work. What do I mean that it doesn't work? When opening a page on my blog, a secure page (using https) is opened, and that is good. No issues there.
But if on the website or subdomain I manually enter a non-secure link (using just http, without the "s"), it automatically gets redirected to a secure one (https, with the "s"), but on the blog that doesn't happen, even though the same RewriteRule is used .htaccess of the blog subfolder as in the main domain and subdomain subfolder.
The full text of the blog's subfolder's .htaccess file is:
# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blog/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>
# END WordPress
RewriteEngine On
# Force www.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
# Force https (SSL)
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
# Use PHP70 as default
AddHandler application/x-httpd-php70 .php
<IfModule mod_suphp.c>
suPHP_ConfigPath /opt/php70/lib
</IfModule>
On a sidenote, I wasn't sure if I need the second RewriteEngine On, or if perhaps it even makes trouble, so I tried both with and without, with the same result.

opencart htaccess force ssl getting error redirect loop

im already set my opencart config to using SSL,
then i want redirect when user not use https in address to force use https
im browsing an got this tutorial
http://www.inmotionhosting.com/support/website/ssl/how-to-force-ssl-using-the-htaccess-file
Options +FollowSymlinks
# Prevent Directoy listing
Options -Indexes
# Prevent Direct Access to files
<FilesMatch "\.(tpl|ini|log)">
Order deny,allow
Deny from all
</FilesMatch>
# SEO URL Settings
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
# If your opencart installation does not run on the main web folder make sure you folder it does run in ie. / becomes /shop/
RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=feed/google_base [L]
RewriteRule ^download/(.*) /index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
but i got the error in chrome
this webpage has a redirect loop

Configuring Blogs on a multi site Magento setup

I have two websites say abc.com and pqr.com running from the same Magento installation. Now I want to create blogs for each of those domains through wordpress for which I have created a folder "blogs" in the root Magento directory and installed two instances of wordpress in folders named blogs/abc and blogs/pqr.
How do I configure my .htaccess or index.php in the root directory so that requests to www.abc.com/blog and www.pqr.com/blog are routed to the folders blogs/abc and blogs/pqr respectively.
Please note that I want my blog URL's to be of the form abc.com/blog and not blog.abc.com
############################################
## you can put here your magento root folder
## path relative to web root
RewriteBase /
############################################
## uncomment next line to enable light API calls processing
# RewriteRule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [QSA,L]
############################################
## rewrite API2 calls to api.php (by now it is REST only)
RewriteRule ^api/rest api.php?type=rest [QSA,L]
############################################
## workaround for HTTP authorization
## in CGI environment
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
############################################
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks
RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
RewriteRule .* - [L,R=405]
############################################
## redirect for mobile user agents
#RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
#RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
#RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]
############################################
## always send 404 on missing files in these folders
RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
############################################
## never rewrite for existing files, directories and links
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
#Redirect Blogs
#RewriteCond %{HTTP_HOST} ^(?:www\.)?(abc|pqr)\.com$ [NC]
#RewriteRule ^blog(?:/(.*))?$ /blogs/%1/$1 [NC,L]
############################################
## rewrite everything else to index.php
RewriteRule .* index.php [L]
</IfModule>
Add the following to your root .htaccess:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(?:www\.)?(abc|pqr)\.com$ [NC]
RewriteRule ^blog(?:/(.*))?$ /blogs/%1/$1 [NC,L]
Please rearrange the end part of your .htaccess as
#Redirect Blogs
RewriteCond %{HTTP_HOST} ^(?:www\.)?(abc|pqr)\.com$ [NC]
RewriteRule ^blog(?:/(.*))?$ /blogs/%1/$1 [NC,L]
############################################
## rewrite everything else to index.php
## but never rewrite for existing files, directories and links
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule .* index.php [L]
Please note that the RewriteCond and the immediately following RewriteRule come together to form a redirect rule. You were putting the blog related rules right between them breaking that functionality.
If you have access to the vhost configuration (usually /etc/apaches/sites-enabled/abc), just enter
Alias /blog /var/www/blogs/abc
into the vhost for abc.com and analog for the vhost of pqr.com.
You also need to have mod_alias enabled. This is not possible to be done in a .htaccess file, see also this document