Basically I'm using drupal and can current redirect to an SSL page. But once on that page and continuing navigation all the pages continue over HTTPS. There is a single page I need SSL on and I need to redirect back after you leave that page. Currently I have this:
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^conference https://url/conference/ [R=301,L]
RewriteCond %{SERVER_PORT} =443
RewriteRule !^conference http://url%{REQUEST_URI} [R=301,L]
Thanks
The Secure Pages module can do exactly what you describe, in a highly configurable manner, so adding additional pages in the future can be done w/o editing .htaccess.
Add this rule to return to HTTP:
RewriteCond %{SERVER_PORT} =443
RewriteRule !^join http://www.example.com%{REQUEST_URI} [R=301,L]
After the form data has been POSTed, redirect to an absolute HTTP URL.
Also, note that the form page itself does not need to use SSL; it is enough for the data to be POSTed to a HTTPS URL. This means that you do not need to use mod_rewrite at all for this.
Related
I'm using .htaccess to make the membership renewal pages on my Drupal site secure, but I'm having trouble switching back to regular http when the user navigates away from that page. The page that should be secure is:
www.example.com/renew
I want everything else to use http, and I'm trying the following redirects to achieve this:
# Renewal page should be secure. Redirect.
RewriteCond %{HTTPS} off
RewriteRule ^renew$ https://www.example.com/renew [R,L]
# If user leaves the Renewal page, make sure we're no longer secure. Redirect.
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^renew$
RewriteRule (.*) http://www.example.com%{REQUEST_URI} [R,L]
I got the first redirect working fine. When I added the second, unsecure redirect, it breaks the first redirect -- Firefox says there's a redirect loop.
Can you tell me what I'm doing wrong here? Thanks in advance.
%{REQUEST_URI} is a variable that always starts with a /. Due to this, the second condition of the second rule will always be true, as %{REQUEST_URI} will never be equal to ^renew$. To fix this, change that condition to:
RewriteCond %{REQUEST_URI} !^/renew$
I'm currently trying to re-direct my users to a https version of the site but only during the booking process and wp-admin sections.
This is the code i'm using courtesy of the answer to this post
RewriteEngine On
# force HTTPS
RewriteCond %{HTTPS} =off
RewriteRule ^(book-on-line|wp-admin) https://test.mysite.com%{REQUEST_URI} [L,R=301]
# force HTTP
RewriteCond %{HTTPS} =on
RewriteRule !^(book-on-line|wp-admin) http://test.mysite.com%{REQUEST_URI} [L,R=301]
The re-direct works fine if I use the first statement ONLY but doesn't work and just redirects to the homepage if i use the second statement.
The reason for the second statement is that when I go to a secure page, then click a link to move back to a non-secure page, the website still retains the HTTPS when it shouldn't.
Any ideas?
After several hours of trying a myriad of suggestions for .htaccess I have given up and decided to ask here.
I have a single html page that needs to be served via SSL. It is a single file with the .htm extension and it contains no php whatsoever. If anybody accesses this page via typing it in or clicking on a link from a non SSL page, I want that person to be redirected to or shown the SSL version of that page. Only https://example.com/myfile.htm should be allowed. The rest of the site can go without SSL, just this one page needs it.
Please help.
Try this in your .htaccess file.
RewriteEngine On
RewriteCond %{HTTPS} !^on$
RewriteRule ^myfile\.htm$ https://www.example.com/myfile.htm [R=301,L]
Try:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^myfile\.htm$ https://example.com/myfile.htm [L,R]
SSL for HTML only page / SSL for JavaScript only page:
If anyone needs to set SSL (HTTPS) for page that uses html only (without PHP, nodeJS etc.) just put .htaccess file in the same folder as index.htm page.
Content of the .htaccess have to be:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I had trouble finding how to, so I think that this thread is the best to hold this answer.
Google has been indexing duped content. SEO nightmare...
I have two forms which need SSL.
/single
/joint
I'd like everything else to be redirected back to non ssl (http://)
I've tried various different things from the forums here, numerous times...
How do I enable https only on certain pages with htaccess?
The first part always works, that is, https redirects to http but the /single & /joint will redirect to index.php or the "home page"
Thanks in advance for any advice.
Try to be more clear...
With Jon's code added to the .htaccess file
https .com/other-page
redirects to http .com/other-page
But the ones that matter
https .com/single & .com/joint
Both redirect to
http .com/index.php
Here is a link to the standard Joomla .htaccess file
http://docs.joomla.org/Preconfigured_htaccess
In addition I am using rewrite rules to redirect www to non www
RewriteCond %{HTTP_HOST} !^website.com
RewriteRule (.*) http://website.com/$1 [R=301,L]
Add these rules to the htaccess file in your document root:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(single|joint) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} on
RewriteRule !^(single|joint) http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
as long as the form is submitted as a GET request. The request body in a POST submission may not be included after a redirect.
I have the following rules on my .htaccess file
# to redirect http to https
RewriteCond %{HTTPS} off
RewriteRule (.*) https://www.example.com/$1 [R=301,L]
# to redirect urls with index.php to /
RewriteCond %{THE_REQUEST} ^.*/index.php
RewriteRule ^(.*)index.php$ /$1 [R=301,L]
# to redirect non www requests to www url
RewriteCond %{HTTP_HOST} !^www\.example\.com
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
When I am trying to access the website, it turns into a Redirect Loop. How to fix this issue and redirect properly?
Just in case somebody have redirect loop when using Apache http->https rewrite behind load balancer, here's solution that worked for me.
I had the same problem when used RewriteCond %{HTTPS} off for Apache behind load balancer, when load balancer does SSL stuff.
If https version of the site is not configured via Apache ModSSL it doesn't set %{HTTPS} variable to "on" and keeps redirecting infinitely.
The simplest solution to fix it is to target all https traffic to another Apache VirtualHost (when SSL is handled by load balancer) that is the copy of main one, but has different port (lets say 81). And in .htaccess do mod_rewrite for everything that is not on port 81:
ReWriteCond %{SERVER_PORT} !^81$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
The second way to do this is to send X-Forwarded-Proto header from load balancer to Apache and use it in rewrite condition:
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
I've seen a lot of people suffering redirect loops when trying to use .htaccess files to move from http to https. And there are a LOT of different answers to how to solve this issue. Some people say:
ReWriteCond %{SERVER_PORT} 80
OR
RewriteCond %{HTTPS} off
OR
RewriteCond %{HTTPS} !on
OR (as above)
RewriteCond %{HTTP:X-Forwarded-Proto} !https
OR EVEN
RewriteCond %{HTTP:X-Forwarded-SSL} =off
but none of these worked for me. I eventually discovered the underlying truth, that the different servers out there are configured in different ways, and they're all providing different server variables.
If none of the above work for you, then the trick is to use PHP to find out what env variables your particular server is sending you when you access an http page, and what env variables it sends you when you access an https page, and then you can use that variable to do the redirect. Just make a PHP file (such as showphpvars.php) on your server with this code:
<?php phpinfo() ?>
and then view it with a browser. Find the section of variables with _SERVER["HTTP_HOST" (etc)] in it, and have a scout around for one that changes for http versus https. Mine turned out to be a variable called SSL that was set to 1 when using https, and not set at all when using http.
I used that variable to redirect to https with PHP, which is so much nicer than using htaccess, but I think that any of the _SERVER variables can also be accessed using htaccess, if you're keen to continue to use that. Just use the name inside the quotes, without the _SERVER[""] bit that PHP adds.
For your information, it really depends on your hosting provider. It may be using a Load Balancer, as stated by Konstantin in another answer.
In my case (Infomaniak), nothing above actually worked and I got infinite redirect loop.
The right way to do this is actually explained in their support site:
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://your-domain.com/$1 [R=301,L]
So, always check with your hosting provider. Hopefully they have an article explaining how to do this. Otherwise, just ask the support.
If you get a redirect loop no matter what you do in htaccess, do the redirect in PHP instead.
I used phpinfo(), like #z-m suggests, to find the variable that changes when I'm on SSL. In my case it was $_SERVER['HTTP_X_PROTO'] == "https". When not on SSL, this variable is not set.
This is the code I use to redirect from HTTP to HTTPS:
if ($_SERVER['HTTP_X_PROTO'] != "https") {
header("HTTP/1.1 301 Moved Permanently");
$location = "https://" . $_SERVER[HTTP_HOST] . $_SERVER[REQUEST_URI];
header("Location: $location");
exit;
}
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{
In my case it was:
if ($_SERVER['HTTPS'] != "on")