How do you redirect HTTPS to HTTP? - apache

How do you redirect HTTPS to HTTP?. That is, the opposite of what (seemingly) everyone teaches.
I have a server on HTTPS for which I paid an SSL certification for and a mirror for which I haven't and keep around for just for emergencies so it doesn't merit getting a certification for.
On my client's desktops I have SOME shortcuts which point to http://production_server and https://production_server (both work). However, I know that if my production server goes down, then DNS forwarding kicks in and those clients which have "https" on their shortcut will be staring at https://mirror_server (which doesn't work) and a big fat Internet Explorer 7 red screen of uneasyness for my company.
Unfortunately, I can't just switch this around at the client level. These users are very computer illiterate: and are very likely to freak out from seeing HTTPS "insecurity" errors (especially the way Firefox 3 and Internet Explorer 7 handle it nowadays: FULL STOP, kind of thankfully, but not helping me here LOL).
It's very easy to find Apache solutions for http->https redirection, but for the life of me I can't do the opposite.
Ideas?

This has not been tested but I think this should work using mod_rewrite
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}

Keep in mind that the Rewrite engine only kicks in once the HTTP request has been received - which means you would still need a certificate, in order for the client to set up the connection to send the request over!
However if the backup machine will appear to have the same hostname (as far as the client is concerned), then there should be no reason you can't use the same certificate as the main production machine.

For those that are using a .conf file.
<VirtualHost *:443>
ServerName domain.com
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/domain.crt
SSLCertificateKeyFile /etc/apache2/ssl/domain.key
SSLCACertificateFile /etc/apache2/ssl/domain.crt
</VirtualHost>

Based on ejunker's answer, this is the solution working for me, not on a single server but on a cloud enviroment
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{ENV:HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

If none of the above solutions work for you (they did not for me) here is what worked on my server:
RewriteCond %{HTTPS} =on
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [L,R=301]

all the above did not work when i used cloudflare, this one worked for me:
RewriteCond %{HTTP:X-Forwarded-Proto} =https
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
and this one definitely works without proxies in the way:
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

this works for me.
<VirtualHost *:443>
ServerName www.example.com
# ... SSL configuration goes here
Redirect "https://www.example.com/" "http://www.example.com/"
</VirtualHost>
<VirtualHost *:80>
ServerName www.example.com
# ...
</VirtualHost>
be sure to listen to both ports 80 and 443.

It is better to avoid using mod_rewrite when you can.
In your case I would replace the Rewrite with this:
<If "%{HTTPS} == 'on'" >
Redirect permanent / http://production_server/
</If>
The <If> directive is only available in Apache 2.4+ as per this blog here.

None of the answer works for me on Wordpress website but following works ( it's similar to other answers but have a little change)
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

If you are looking for an answer where you can redirect specific url/s to http then please update your htaccess like below
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} !/(home/panel/videos|user/profile) [NC] # Multiple urls
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} /(home/panel/videos|user/profile) [NC] # Multiple urls
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
It worked for me :)

As far as I'm aware of a simple meta refresh also works without causing errors:
<meta http-equiv="refresh" content="0;URL='http://www.yourdomain.com/path'">

Related

Redirect all http requests (including subdomains) to https

I have already tried different solutions from other threads but somehow none is working. So I have a domain called my-domain.com and I want that all http requests to http://my-domain.com or http:///*.my-domain.com are redirected to the corresponding https page. In the folder /etc/apache2/sites-enabled/ I have a configuration file which looks like this:
<VirtualHost *:80>
ServerName my-domain.com
ServerAlias *.my-domain.com
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(.+)\.my-domain\.com$
RewriteRule ^(.*)$ https://%1.my-domain.com/$1 [R=302,L]
</VirtualHost>
But still there are no redirects. All requests are failing because of a timeout. Is there something I am missing?
In your RewriteRule, the %1 is not doing what you think it will be doing.
# bad
RewriteRule ^(.*)$ https://%1.my-domain.com/$1 [R=302,L]
Try this:
# good
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
What we are doing here is taking ANY request that is NOT HTTPS, and rewriting it. We don't care about looking at the %{HTTP_HOST}, nor the %{REQUEST_URI}, because we will just use them blindly.
This is a "blind forward" to HTTPS. I don't care what you asked for, but since you did it over HTTP, you will have to do it over HTTPS.
At that point, it becomes a different rule to redirect further.
Additionally, 302 is a temporary redirect. You may wish to consider a 301, for a permanent redirect across ports.

Force to SSL maintaining the URL

I don't have much experience with VHOST and SSL, I tried lot of possibilities but none of them is working.
I have a website with 2 folders:
www.example.com/userpage
www.example.com/adminpage
If I go to www.example.com, my loginsystem automatically redirect to www.example.com/userpage.
If I want to go to the admin section, I have to write manually www.example.com/adminpage.
Now I switched to SSL, and everything is working if I type https://....
But I cannot understand how to force the redirect from http to https.
I wrote this in my apache vhost file:
<VirtualHost *:80>
DocumentRoot "C:/xampp/htdocs"
ServerName example.com
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com
RewriteCond ${HTTPS} !=on
RewriteRule (.*) https://example.com/$1 [R=301,L]
</VirtualHost>
But it's not working.
How can I manage it?
If I write www.example.com/adminpage it have to redirect me to https://www.example.com/adminpage.
Actually it should work for every subfolder, if for example I send an email to a user saying "hey user, please check your account www.example.com/user/check_account.php?userid=14125114
it have to then redirect it to automatically:
https://www.example.com/user/check_account.php?userid=14125114
so it should work for every page and every subfolder.
Thank you for your suggestions
Should be quite simple. Replace this block:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com
RewriteCond ${HTTPS} !=on
RewriteRule (.*) https://example.com/$1 [R=301,L]
With this:
Redirect permanent "/" "https://example.com/"

Trace 301 Redirect Rule and move all request to www subdomain

I have a domain example.com added to the DigitalOcean (Ubuntu 16.04) with Apache2.4.18 and have Wordpress installed on it. The site is running properly.
The problem is, that all the request www.example.com redirects to example.com. I need example.com to redirect to www.example.com.
I see there are 2 ways to do it. 1. .htaccess and 2. Apache config file, currently using 000-default.conf file. I installed letsencrypt ssl, which added the following RewriteRule to 000-default.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com [OR]
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
based on the research online, I did modify the 000-default.conf to
RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
and also tried the following code in .htaccess file.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
Upon doing either of these, I get error of multiple redirection loop. Which basically redirecting example.com to www.example.com and www.example.com to example.com and so on. I tested the same on Redirectcheck.com.
The main issue is I can't seem to find out the first 301 Redirect which is all the request being redirected to exmple.com. If I can disable or overwrite the main 301 Redirect rule then I can achieve all the request to be redirected to www.example.com.
I did my research but I'm hitting my head hard here, any help would be really appreciated. Thank You!
So, I finally traced it down, all the configuration were correct, the only issue was in the WordPress -> Admin Panel -> Setting -> General. I have placed the site_url and main_url as example.com and when I updated it to www.example.com and tested again, It did fix it.

Redirect all requests to HTTPS AND www to non-www

I'm fixing my Apache (2.4.12) config files on a server that serves three different domain names. I have a different config file for each site. I cannot for the life of me figure out how to accomplish both of the following:
Redirect all http requests to https, keeping the entire rest of the request (subdomain/host AND document path) exactly the same
Redirect all www requests to non-www
I've read that this can be done in one step if I have only one *:80 VirtualHost and put the rewrite rules there (the remainder of my subdomains are all *:443 VirtualHosts with the exception of www), but I can't figure out how to do it. These answers on SO did not work:
The accepted answer in this question is not correct (only does the https redirect)
This answer does not work for me--only the https redirect works.
This question doesn't deal with a wildcard subdomain and is thus inapplicable.
This question is also inapplicable because it doesn't deal with subdomains.
EDIT: This is the code I reference in the comments for mike.k's answer below.
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP_HOST} www.example.com
RewriteRule ^(.*)$ https://example.com/$1 [R=permanent,L]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://example.com%{REQUEST_URI}
</VirtualHost>
This is from my production system and works.
THE_HOSTNAME is for instance server, and then THE_FQHN is server.domain.edu, which helps for SSL certificates if you don't want to support wildcards and multiple domain names.
# redirect to FQHN
RewriteEngine on
RewriteCond %{HTTP_HOST} THE_HOSTNAME$
RewriteRule ^(.*)$ https://THE_FQHN/ $1 [R=permanent,L]
# redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteRule (.*) https://THE_FQHN%{REQUEST_URI}
In your case www.domain.com would be where THE_HOSTNAME is, and THE_FQHN would be domain.com, just flipped around

Redirect the login page from HTTP to HTTPS via httpd.conf

I want my users who type login.abcde.com to be redirected to https://client1.abcde.com and BLOCK all other HTTP URLs. So if someone types http://client1.abcde.com/thispage/isawesome.html, it will show some error message or a 404. So far I tried to add the following to my httpd.conf, but no success. I keep getting the Apache page saying: This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the web server installed at this site is working properly, but has not yet been configured.
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^client1.abcde.com$ https://client1.abcde.com [L,R=301]
I am using Apache by the way, with WSGI. My virtualhost for port 80 is basically just:
<VirtualHost *:80>
ServerAdmin abisson#abcde.com
DocumentRoot /srv/www/abcde/html
ErrorLog "logs/error_log"
CustomLog "logs/access_log" common
</VirtualHost>
Since no one else has replied yet I will give it a try, it's untested but maybe it will give you some ideas on how to proceed. Maybe this could work:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^login\.abcde\.com
RewriteCond %{REQUEST_URI} ^\/$
RewriteRule ^/(.+)$ https://client1.abcde.com/$1 [L,R]
RewriteCond %{HTTP_HOST} ^login\.abcde\.com
RewriteCond ${HTTPS} !=on
RewriteRule ^/(.+)$ [F]
Also it looks like in your case you have ^client1.abcde.com$ instead of ^login.abcde.com$ in your RewriteRule, not sure if changing it will make your solution work.
Maybe you could do the redirect in the VirtualHost as described in this RedirectSSL wiki page?