We Keep Coding

Drupal 7 .htaccess File Not Forcing Redirects to HTTPS

I installed a security certificate installed on my website, and want to force all urls to use 'https' as well as 'www'. I updated the .htaccess by uncommenting:
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
However, upon saving, the site was not enforcing either the https or the www. I cleared cache and even restarted the server, and still no change- so I suspect there is a conflict in the file somewhere, but it may be something else as well. What would be the most efficient way to trouble shoot this to get the redirect to work properly? The file is currently as follows:
#
# Apache/PHP/Drupal settings:
#
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$">
Order allow,deny
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Follow symbolic links in this directory.
Options +FollowSymLinks
# Make Drupal handle any 404 errors.
ErrorDocument 404 /index.php
# Set the default handler.
DirectoryIndex index.php index.html index.htm
# Override PHP settings that cannot be changed at runtime. See
# sites/default/default.settings.php and drupal_environment_initialize() in
# includes/bootstrap.inc for settings that can be changed at runtime.
# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_flag magic_quotes_gpc off
php_flag magic_quotes_sybase off
php_flag register_globals off
php_flag session.auto_start off
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_flag mbstring.encoding_translation off
</IfModule>
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
<FilesMatch \.php$>
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior. This may
# fail if an error occurs early in the bootstrap process, and it may cause
# problems if a non-Drupal PHP file is installed in a subdirectory.
ExpiresActive Off
</FilesMatch>
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
# Make sure Authorization HTTP header is available to PHP
# even when running as CGI or FastCGI.
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or
# Git to store control files. Files whose names begin with a period, as well
# as the control files used by CVS, are protected by the FilesMatch directive
# above.
#
# NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, it is
# not possible to block access to entire directories from .htaccess, because
# <DirectoryMatch> is not allowed here.
#
# If you do not have mod_rewrite installed, you should remove these
# directories from your webroot or otherwise protect them from being
# downloaded.
RewriteRule "(^|/)\." - [F]
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/... will be redirected to http://www.example.com/...)
# uncomment the following:
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment the following:
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
# RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
# Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/drupal uncomment and
# modify the following line:
# RewriteBase /drupal
#
# If your site is running in a VirtualDocumentRoot at http://example.com/,
# uncomment the following line:
# RewriteBase /
# Pass all requests not referring directly to files in the filesystem to
# index.php. Clean URLs are handled in drupal_environment_initialize().
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
# Rules to correctly serve gzip compressed CSS and JS files.
# Requires both mod_rewrite and mod_headers to be enabled.
<IfModule mod_headers.c>
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header set Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
Bonus question (and thank you for making it this far!)- I downloaded a copy of Drupal to replace the htaccess file in case there was an issue, and it came unformatted, while the version that had been installed is certainly easier to read as it is formatted nicely w/ breaks and such. I'm assuming there's a trick to viewing the file so it is not crunched together- but any insight on that would be greatly appreciated!
**Formatting was indeed notepad- once dropping into sublime it worked as expected, thanks to msg.
**Update to issue:
Thank you msg - so with your comment about working out of the box, I decided to redownload the same version of Drupal and copied over the htaccess file, then uncommented as before, and added the 3 lines of code just below "RewriteEngine" - www is now properly working, but the force to use secure is still not. the section of relevant code (as far as I can tell) is:
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
# Make sure Authorization HTTP header is available to PHP
# even when running as CGI or FastCGI.
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Are the lines added potentially conflicting with other code that was uncommented?

The default .htaccess should work out of the box, so I'd begin with the checklist:
Verify that mod_rewrite is loaded: apache2ctl -D DUMP_MODULES
Make sure that .htaccess files aren't forbidden: There is no AllowOverride None in the server configuration.
Enable rewrite log
As for the formatting, looks like the editor doesn't show line feeds properly. Notepad by any chance?
EDIT: Upon having a second look, this doesn't actually redirect to the https version of the page, just makes sure that keeps the same protocol as the original request. Try adding this after RewriteEngine on:
RewriteCond %{HTTPS} off
RewriteRule ^ https://www.yoursitehere.com [R,L]
EDIT2: It shouldn't, but I've a couple of things to point out:
X-Forwarded-Proto could be causing problems if it's not set. If you don't have a loadbalancer or proxy, try commenting it out.
I have sometimes encountered instances where %{HTTPS} isn't set and I resorted to using %{SERVER_PORT} o %{SERVER_PROTOCOL}.
I'm not sure if it's a bug or just behaviour dependent on apache version. This is where some debugging or trial and error comes in.
Other than that, some of the rules are now a bit inefficient. Let's have a look:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This checks if the request came via regular HTTP and if that the case, it redirects to https in whatever ServerAlias the request came in and stops further processing ([L]). This is the perfect opportunity to redirect to a canonical version.
You still have to check if the request came in via the canonical version, just in case, as it's done in the block:
RewriteCond %{HTTP_HOST} !^www\.
That would cause another redirection for the client.
Or you could combine that Cond with ours with [OR] flag and be done.

Thank you for your help #msg. Unfortunately in my case that I ultimately ended up using iis to redirect, which I noticed only updated settings.config. If you have any insight on what connection there might be there I'd be very interested to hear it though.

Altering the URI value that all subsequent RewriteRule's use to match against

I have a production and development server that are clones of each other.
I also have an apache24 reverse proxy server that is handling all incomming
requests and proxying content from different back end servers based on the URI.
I want the proxy to pull the content from our development server if the URI
starts with '/test', eg: https://ourdomain.com/test/some/app/index.php?foo=bar
However, I don't want to have to create duplicate rules for everything, one for
production and one for test so I am trying to figure out how to acomplish this
with a single rule for each of the rewrite rules that pull in content from a
backend server
I have figured everything out except how to effectively remove the '/test'
portion from the URI (if it's there) that RewriteCond, RewriteRule, and
<Location ..> all use to match against.
The end result that I am looking for is:
Incomming request of https://ourdomain.com/some/app/index.php?foo=bar the proxy server does this:
RewriteRule ^/some$ /some/ [R=301,L]
<Location "/some/">
ProxyPass https://BackendProductionHost/some/app/index.php?foo=bar
ProxyPassReverse https://BackendProductionHost/some/app/index.php?foo=bar
</Location>
Incomming request of https://ourdomain.com/test/some/app/index.php?foo=bar the proxy server does this:
RewriteRule ^/test/some$ /test/some/ [R=301,L]
<Location "/test/some/">
ProxyPass https://BackendDevelopmentHost/some/app/index.php?foo=bar
ProxyPassReverse https://BackendDevelopmentHost/some/app/index.php?foo=bar
## Note that '/test' is NOT part of the URI sent to the backend development server
</Location>
But using just ONE set of rules to handle both situations.
Why? We have a lot of different backend servers and each of those have a
development clone. I am trying to reduce the duplication of rules.
The following is what I have:
## fyi - These are located in a <VirtaulHost> .. and not a .htaccess, if it matters
RewriteEngine On
ProxyPassInterpolateEnv On
## Set an environment variable named 'serverhost' to the production server
## host value (BackendProductionHost)
## Note:
## -- I have to use 'SetEnvIfExpr' because "The SetEnv directive runs
## late during request processing meaning that directives such as
## SetEnvIf and RewriteCond will not see the variables set with it."
## -- The expression "1==1" always evaluates to true which allows me
## to set a default value.
SetEnvIfExpr "1==1" serverhost=BackendProductionHost
## Change the 'serverhost' env value to the development server host value
## If the URI begins with a path of '/test', eg:
RewriteCond %{REQUEST_URI} ^/test
RewriteRule .* - [E=serverhost:BackendDevelopmentHost]
## Remove /test from the URI
RewriteCond %{REQUEST_URI} ^/test
#RewriteRule ^/test(.*)$ $1
RewriteRule ^/test(.*)$ $1 [E=REQUEST_URI:$1]
## -- Neither of the above change the URI value that RewriteCond, RewriteRule,
## and <Location ..> use for their matching, IS THIS POSSIBLE?
## If the URI used for the matching can be changed to remove '/test' when it
## is present then the following would work:
RewriteRule ^/some$ /some/ [R=301,L]
<Location /some/>
ProxyPass https://${serverhost}/some/app/ interpolate
ProxyPassReverse https://${serverhost}/some/app/ interpolate
</Location>
## The rules above only work for the production URL and never the test URL
## (no request sent to BackendDevelopmentServer)
## I have also tried the following:
ProxyPassMatch "^(/test)?/some/" https://${serverhost}/some/app/ interpolate
## The rule above works for the production URL and at least generates a
## request to the back end development server but the request from the proxy
## to the dev server looks like:
## "GET /some/app//test/some/index.php?foo=bar HTTP/1.1"
Is what I am trying to do possible or should I just stick to having a duplicate set of rules for test ??

I figured out how to acheive what I was asking. In a nutshell, the configuration below allows us to browse production websites as usual and browse to it's development counterpart by adding '/test' after the domain portion of the URL.
For example:
https://our_public_domain.example/somewebstuff/thing.htm
and
https://our_public_domain.example/test/somewebstuff/thing.htm
RewriteEngine On
ProxyPassInterpolateEnv On
# --------------------------------------------------------------------------
# - We are creating some environement variables and assigning default values
# - pertaining to a production environment. If the URI begins with '/test/'
# - then we are overwriting the environment variables with variables
# - pertaining to a test environment.
# --------------------------------------------------------------------------
# - set default environment variables to production values
# - Note that the 'test' variable is set to nothing
SetEnvIfExpr "1==1" lnxhost=192.168.1.1
SetEnvIfExpr "1==1" winhost=prodserver.example
SetEnvIfExpr "1==1" apihost=another.example/some/production/enpoint/base
SetEnvIfExpr "1==1" test=
# - override environment variable values to development values if URI matches: ^/test/
# - phrased differently, if the request was *not* ^/test/, skip these next four rules aka: [S=4]
RewriteCond %{REQUEST_URI} !^/test/
RewriteRule .? - [S=4]
RewriteRule .* - [E=lnxhost:192.168.1.100]
RewriteRule .* - [E=winhost:devserver.example]
RewriteRule .* - [E=apihost:another.example/some/development/enpoint/base]
RewriteRule .* - [E=test:/test]
# /somewebstuff is proxied to the lnxhost backend server
RewriteRule ^(/test)?/somewebstuff$ $1/somewebstuff/ [R=301,L]
ProxyPassMatch "^(?:/test)?/somewebstuff/(.*)$" "https://${lnxhost}/somewebstuff/$1" interpolate
<LocationMatch "(/test)?/somewebstuff/">
ProxyPassReverse https://${lnxhost}${test}/somewebstuff/ interpolate
</LocationMatch>
RewriteRule ^(/test)?/somewebstuff/ "-" [L]
# /someapistuff is proxied to the apihost backend server
RewriteRule ^(/test)?/someapistuff$ $1/someapistuff/ [R=301,L]
ProxyPassMatch "^(?:/test)?/someapistuff/(.*)$" "https://${apihost}/$1" interpolate
# Note: ProxyPassReverse is not needed for the someapistuff API usage
RewriteRule ^(/test)?/someapistuff/ "-" [L]
# anything not handled by a rule above is proxied by default to the winhost backend server
ProxyPassMatch "^(?:/test)?/(.*)$" "https://${winhost}/$1" interpolate
<LocationMatch "(/test)?/">
ProxyPassReverse https://${winhost}${test}/ interpolate
</LocationMatch>
I've also inclulded a heavily commented explanation of the syntax I am using:
# - Any URI's that are exactly 'example' or 'test/example' (without a trailing slash)
# - are redirected to 'example/' or 'test/example/' (with a trailing slash)
# - The 'L' flag stops any further rule prosessing
#RewriteRule ^(/test)?/example$ $1/example/ [R=301,L]
# - Content is retrieved from the backend content location for URI's that
# - begin with 'example/' or 'test/example/':
#ProxyPassMatch "^(?:/test)?/example/(.*)$" "https://${lnxhost}/backend/content/$1" interpolate
# - The locationMatch and ProxyPassReverse allow for proper proxy handling of redirects
# - sent from the backend server in both a test and production context:
#<LocationMatch "(/test)?/example/">
# ProxyPassReverse https://${lnxhost}${test}/backend/content/ interpolate
#</LocationMatch>
# - Stop any further processing of rules
#RewriteRule ^(/test)?/example/ "-" [L]

How to set url parameter in header

I have a client request that cannot contains custom headers, but server-side I need a hearder (let's call him foo).
So I have this url path/to/bar?foo=value
I want that my apache conf that the foo value and put it in a header.
I haven't so far find a solution :(.

Finaly I find a solution
RewriteEngine On
RewriteCond %{QUERY_STRING} ^(?:.*&)?foo=(.*)$
RewriteRule ^ - [env=foo:%1]
<IfDefine !foo>
RequestHeader set Foo %{foo}e env=foo
</IfDefine>

RequestHeader not getting set on RewriteRule in htaccess

The following RewriteRule in my htaccess file isn't getting the request header set.
Header set Access-Control-Allow-Origin "*"
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} ^(.*)&someUser=(.*)$
RewriteRule ^(.*)SDM$ http://some.domain.com/SDM/Publish.aspx [E=SOME:%2,R,L]
RequestHeader set Some-User: "%{SOME}e"
I don't think the SOME environment variable has anything to do with it because I tried a generic header value as well and it wasn't set either. I did make sure that mod-headers is installed. I am looking for the header in my chrome developer tools. Is it possible that it won't show up there?

Env variables won't be set while doing external redirect, you must do internal rewrite for setting env variables like this:
Header set Access-Control-Allow-Origin "*"
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (^|&)someUser=([^&]+) [NC]
RewriteRule ^(.*)SDM$ /SDM/Publish.aspx [E=SOME:%2,L]
RequestHeader set Some-User "%{SOME}e"

apache SetEnvIf access query string

How do you access the query string from SetEnvIf? Somethig like:
SetEnvIf Query_String "p=path/to/file$" got_path
UPDATE:
In htaccess, I have:
SetEnvIf Request_URI !/folder/page1\.html$ NO_COOKIE
Header unset Cookie env=NO_COOKIE
RewriteRule (.*) /h.php?ref=$1 [L]
Basically, I ask h.php to take control of all user requests. And I use SetEnvIf to allow cookies only for /folder/page1.html.
However, it seems like Request_URI is always set to "h.php" and never to " /folder/page1.html" (maybe because of the redirection). For that reason I added ref=$1 to try to recognize which url it is being redirected from. Therefore I need to read the query string from SetEnvIf.
I hope I am making some sense.

You don't need to add a query string for this.
You can use:
# always start with NO_COOKIE=1
RewriteRule ^ - [E=NO_COOKIE:1]
# unset NO_COOKIE when URI is /folder/page1.html
RewriteCond %{THE_REQUEST} /folder/page1\.html
RewriteRule ^ - [E=!NO_COOKIE]
Header set NoCookie %{NO_COOKIE}e
RequestHeader set NoCookie %{NO_COOKIE}e