I'm trying to force all links on my website to be https instead of http.
I have tried by redirect the domain from my web-host control panel to https, but it's still the same.
Each time I enter the website the page become http.
I search around and I found this tiny code inside my config file.
// server url and base path, usually you don't need to change this
'base_url' => (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']),
'base_path' => getcwd(),
Is this responsible for this issue! if yes! what should I change to make it https?
you can use htaccess to do this:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
The best way to redirect all HTTP address to HTTPS is by using a .htaccess file.
Create a file named .htaccess in your root directory if you don't have any. then copy this in to the file
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R,L]
Related
I am trying to redirect my site to always open in HTTPS. I am using CloudFlare and they have a setting to "Always use HTTPS". But there is a page on my website where I do not want to use HTTPS as it opens other websites under an iFrame. And if that page also loads in HTTPS then under iFrame any website whose URL hasn't been mentioned with HTTPS doesn't open. Therefore, for that particular page I want to keep the website to be opened under HTTP.
Things I am doing:
In CloudFlare Crypto settings "Always Use HTTPS" is ON.
Then in my page where I want it to opened under HTTP say surf.php
I am using the following PHP code:
if($_SERVER['HTTP_HOST'] != 'localhost'){
if(isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'on'){
if(!headers_sent()){
header("Status: 301 Moved Permanently");
header(sprintf('Location: http://%s%s',$_SERVER['HTTP_HOST'],$_SERVER['REQUEST_URI']));
exit();
}
}
}
Now the page doesn't open and says "The page isn’t redirecting properly". What should I do? Is there any other method to accomplish this? I want to use HTTPS in whole website so "Always use HTTPS" settings in cloudflare should be ON except just surf.php. What should be the best method here?
It sounds like you are in a redirect loop. Where you have a .htaccess file that forces HTTPS, and then you redirect to HTTP using PHP. Then that new request has all the same rules applied to it so that it gets redirected by .htaccess again to HTTPS, and so on (to infinity)
So I would first make sure your not forcing HTTPS in your .htaccess file. If so you can add a RewriteCond to exclude your URL:
#RewriteEngine On #-- if not included elsewhere
#if HTTPS is not on (then continue)
RewriteCond %{HTTPS} !=on
#add this rule in (if not our page, then redirect to HTTPS)
RewriteCond %{REQUEST_URI} !^/surf\.php$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
When mod rewrite hits a Rewrite condition if it fails (is false) it will disregard the next rewrite rule. So with this in place your PHP code could do it's job, but you can also do this in htaccess alone. Because you will have dependence on the URL in there anyway, I don't see an issue doing it all in the .htaccess file.
This would basically be the opposite of the above except you know the url. Something like this:
#if HTTPS is not on (then continue)
RewriteCond %{HTTPS} !=on
#add this rule in (if not our page, then redirect to HTTPS)
RewriteCond %{REQUEST_URI} !^/surf\.php$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#if HTTPS is not off (then continue)
RewriteCond %{HTTPS}!=off
# (if is our page, then redirect to HTTP)
RewriteCond %{REQUEST_URI} ^/surf\.php$
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I can't really test this though, but that's the general idea. If HTTPS is no off, and the %{REQUEST_URI} is our page !^/surf.php$ redirect to HTTP... Basically you have to punch a hole through the HTTPS rule and then force http.
I am pretty sure with %{REQUEST_URI} you only have to check if it starts with your URL (minus the host and protocal).
I'll admit I'm a bit rusty with complex HTACCESS rules, spoiled by MVC routers, so this may very well not be 100% correct. But the general idea is sound.
Anyway hope it helps.
In my constants.php file, I have set site root.
define("SITEROOT","http://www.example.com/");
please see for difference in http:// and http://www. in following description.
Now session_start works only if I move from http://www.example.com/index.php to any other page. But if I use http://example.com and tried to echo session details on other page with http://www.example.com/pagename.php, session is not continued.
Is there any way to auto correct url in browser's address bar to http://www.example.com if user uses http://example.com ?
You can use your web server to force either www or non-www urls. It is highly recommended to use one of them (not allowing both) on live websites for search indexing perposes.
If you're using Apache you can do so by updating your site .htaccess file as follows for url's without www
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule .* http://%1%{REQUEST_URI} [R=301,L]
Update
As Vinny has pointed out in the comments it is recommended when ever possible to NOT use .htaccess and instead handle it in the Virtual Host Config file.
If you are using apache add this to your config.
<VirtualHost *:80>
ServerName example.com
Redirect permanent / http://www.example.com/
</VirtualHost>
You should be able to use something like this (before anything is displayed, or headers sent, so before your session creation code):
if( "www." != substr( $_SERVER["SERVER_NAME"], 0, 4 ) ){
header( "Location: http://www.example.com".$_SERVER["REQUEST_URI"] );
exit();
}
Alternately, you could create/modify your .htaccess file like this:
Rewritecond %{HTTP_HOST} !www.domain.com
RewriteRule ^/(.*)$ http://www.domain.com/$1 [R=301]
or maybe
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^/(.*)$ http://www.%{HTTP_HOST}/$1 [R=301]
I want to force to user to access my site using https:// so that I'm using following php code and .htaccess file.
php code:
if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on') {
if(!headers_sent()) {
header("Status: 301 Moved Permanently");
header(sprintf(
'Location: https://%s%s',
$_SERVER['HTTP_HOST'],
$_SERVER['REQUEST_URI']
));
exit();
}
}
.htaccess file
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
For example my site url name is : www.example.com. If change the url to http:// from https:// it's successfully redirect to https:// but if I change the url to http://www.example.com. then it's not going to https://. It's accepting http://.
Note: I've paid version of https://
I want that user can't access my site WITHOUT HTTPS:// anymore. HOW CAN I DO THIS ?
If you are running Apache, the easiest way is to use .htaccess to automatically redirect http access to https. Here is an example:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Save the above code in your existing .htaccess file in your root folder. If you do not have an .htaccess file, you can save the above as a plain text file and save it with the name .htaccess. Note the leading '.' in the file name. It is important. Upload that file to your root directory.
We have a section of our site which uses https to login securely, however when you visit this page and click away, you continue to view the site in HTTPS. This causes display issues on any pages using the http://www.domain.com/news/ URL.
How can we force all pages under the http://www.domain.com/news/ folder to use HTTP rather than HTTPS?
It's the opposite of requiring https, so with the condition of https on, rewrite this specific dir with deeper path to the http version.
RewriteEngine on
RewriteCond %{HTTPS} on
RewriteRule ^news/(.*) http://%{SERVER_NAME}/news/$1 [L]
Instead of SERVER_NAME, you can use HTTP_HOST when your site is accessed with a server-alias and you don't want to change that.
Be aware that links to https-requiring pages should be use https explicitly, or have a rewrite-rule of their own.
Place this 301 redirect rule in /news/.htaccess:
RewriteEngine on
RewriteBase /news/
RewriteCond %{HTTPS} on
RewriteRule ^ http://%{HTTP_HOST}/%{REQUEST_URI} [L,R=301,NE]
Due to my hosting company's policies I am using pretty url in CakePHP (without the Apache mod rewrite). My homepage is at:
http://stthomasedu.org/index.php/home
How can I redirect traffic from
'http://stthomasedu.org/' to 'http://stthomasedu.org/index.php/home' ?
I've tried to edit index.php with
header("Location:http://stthomasedu.org/index.php/home");
but it's not working, every time I have to manually enter the URL "http://stthomasedu.org/index.php/home"
Any ideas?
SOLVED : IN C-PANEL I HAVE AN OPTION TO REDIRECT ALL MY TRAFFIC TO (http://stthomasedu.org) ANY LOCATION (now i set it to http://stthomasedu.org/index.php/home)
Since you are using Apache, you can add these lines in a .htaccess:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^$
RewriteCond %{HTTP_HOST} ^stthomasedu.org$
RewriteRule ^$ http://stthomasedu.org/index.php/home [L,R=301]
Did you remember to exit after your header() call?
header('Location: /index.php/home');
exit;