I just bought an SSL cert for my site and I am trying to force HTTPS. It kinda works but not really. I am on Apache using PHP Slim framework for custom routing.
My folder struct
root/
.htaccess (A)
php/
public_html/
.htaccess (B)
.htaccess (A)
My main htaccess file has these rules
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
When I go to example.com it goes to the secure page. Great!
.htaccess (B)
My public_html file has these rules
<IfModule mod_rewrite.c>
RewriteEngine on
#RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php [QSA,L]
</IfModule>
# Always use https for secure connections
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
Problem:
If I go to http://www.example.com/login,
instead of redirected to https://www.example.com/login,
it redirects to https://www.example.com/index.php
Rules in htaccess-files get's validate from top to bottom. In your htaccess, it first check if the requested resource (/login) exists on the server or not. If it doesn't, it redirects the request to index.php.
It should work if you simply moved the https-check/redirect before the other rule.
<IfModule mod_rewrite.c>
RewriteEngine on
#RewriteBase /
# Always use https for secure connections
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
# Redirect requests to non existing resources to index.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php [QSA,L]
</IfModule>
I also removed the second RewriteEngine On. Having it once is enough.
Related
I'm failing in edit a .htaccess file.
I created a complete website in a php slim framework (let's call it website S).
My client have a wordpress website (let's call it website W) that will have links toward my website S.
I copied all the files of my website S inside a directory of the root directory of the website W.
My idea is to change the follow htaccess (created by wordpress) to allow public access to the directory without creating any problem to move inside website S.
First .htaccess
RewriteEngine On
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteCond %{QUERY_STRING} !wc-api [NC]
RewriteCond %{HTTP_HOST} ^website.pe$ [OR]
RewriteCond %{HTTP_HOST} ^www.website.pe
RewriteRule ^(.*)$ https://website.pe/$1 [R=301,L,NE]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Then, I guess I could use inside the directory where the website S would be, the typical htaccess that works properly for it.
Edited I added the structure of the website S. The index.php is inside a public directory there.
Second .htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
RewriteBase /
#RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]
</IfModule>
I try different ways but, or get the message
"Forbidden You don't have permission to access this resource."
Or get inside but the website W stop working.
Any suggestions? Thanks in advance.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
RewriteBase /
#RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]
</IfModule>
In the config you've posted you would just need to remove the RewriteBase / directive from the second .htaccess file in the "slim" subdirectory. This is causing requests to your slim website to be routed back through the WordPress site in the document root (which would presumably result in a 404).
My idea is to change the follow htaccess (created by wordpress) to allow public access to the directory without creating any problem to move inside website S
You shouldn't need to touch the WordPress .htaccess file in the document root. This already allows you to access website S.
By default, the .htaccess file (or rather, the mod_rewrite directives) in the slim subdirectory is going to completely override the WordPress .htaccess file in the root.
Consequently, you'll need to repeat the HTTP to HTTPS redirect in the slim subdirectory (with a difference*1), before the existing directives. Presumably, the intention is to also redirect www to non-www? Although your current redirect (in the root .htaccess file) is not doing this properly.
For example, at the top of your second .htaccess file in the slim directory add the following:
# Redirect HTTP to HTTPS and www to non-www
RewriteCond %{ENV:HTTPS} !on [NC,OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(website\.pe) [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
*1 Note the use of the REQUEST_URI variable instead of the $1 backreference as used in the root .htaccess file. This is necessary when used in the subdirectory, otherwise, the subdirectory will be omitted from the redirected URL.
NB: Test first with a 302 (temporary) redirect to avoid caching issues.
UPDATE:
But I can't make the website S to run because inside the website S directory exist a public subdirectory with the index.php, arranged like this:
website.pe/ (website W wordpress)
-slimdirectory/ (website S slim)
--vendor/
--public/
---css/
---fonts/
---images/
---js/
---index.php
--bootstrap/
---app.php
--etc..
This is a rather important bit of information missing from your initial question. I assume that the public subdirectory is not part of the visible URL, in which case your second .htaccess file in the slim subdirectory (the parent directory of public) should be something like this instead:
# /slimdirectory/.htaccess
RewriteEngine On
# Redirect HTTP to HTTPS and www to non-www
RewriteCond %{ENV:HTTPS} !on [NC,OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(website\.pe) [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
# Calculate base directory
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule (.*) - [E=BASE:%1]
# Slim front-controller
RewriteRule ^public/index\.php - [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . public/index.php [L]
RewriteRule ^$ public/index.php [L]
The QSA flag is not required.
You do not need the <IfModule> wrapper.
Yes MrWhite, I delete in the second .htaccess the RewriteBase / and now I can access a simple index.html in the directory where the slim website is that I used for testing.
But I can't make the website S to run because inside the website S directory exist a public subdirectory with the index.php, arranged like this:
website.pe/ (website W wordpress)
-slimdirectory/ (website S slim)
--.htacess
--vendor/
--public/
---css/
---fonts/
---images/
---js/
---index.php
--bootstrap/
---app.php
--etc..
I am new to htaccess and don't understand how one htaccess overwrite the other one, so if I use something like you told me in my second htaccess only like this
<IfModule mod_rewrite.c>
# Redirect HTTP to HTTPS and www to non-www
RewriteCond %{ENV:HTTPS} !on [NC,OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(website\.pe) [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
RewriteEngine on
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]
</IfModule>
That should work... but still not
I'm struggling to get my .htaccess configured properly to setup a subdomain redirect for specific subdomains. I want to redirect (not mask) a subdomain to a specific page and repeat this configuration multiple times.
I'm hosted on a Google Compute Engine currently using Cloud DNS (used to host on Godaddy in which subdomain management was very simple)
before:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
after:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^sat.theteachertutors.com$ [NC]
RewriteRule ^(.*)$ /private-sat-act-tutoring/$1 [L]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
I tried the config above but the redirect does not work. The target url is: https://www.theteachertutors.com/private-sat-act-tutoring/
Any guidance/tips would be most appreciated. I've search for other examples but can't get this configuration to work at all, ie: http://sat.theteachertutors.com
Thanks
You were close to the solution, change the rewrite rule to this:
RewriteRule ^(.*)$ https://www.theteachertutors.com/private-sat-act-tutoring/$1 [R=301,L]
When you are redirecting to another domain/subdomain you have to use the full URL. Also I use R=301 to mark the redirect as a permanent redirect (by default rules that point to another domain use a 302 redirect).
I have domain and its working with https for example
http://example.com/
Now I am creating sub domains like demo1.example.com, demo2.example.com and so on.
I need all sub domains must be redirect and access by only https.
I have write the code in my .htaccess see below but its always redirecting to the main domain when I access my sub domains.
My htaccess code is
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
EDIT
I have main website at root and all other sub-domains code at one of folder. So whenever any sub-domain created that will point to that folder only.
The following worked for me. NOTE: if your subdomain has its own .htaccess file (for example a WordPress site in your subdomain), you will have to edit that .htaccess file in addition to the main, domain .htaccess.
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^((?!www\.)[^.]+)\.domian\.com$
RewriteRule ^https://%1.domain.com%{REQUEST_URI} [NE,L,R]
You can add other rewrite conditions above or below this, depending on when you want them executed. For example, Reghbendra Nayak's "Handle Front Controller..." code can be placed blow the https 'force' and it will execute.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R=301,L]
I have the following .htaccess file
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}/ [L,R=301]
</IfModule>
# END WordPress
This is the link of the website.
Another domain hosted on the same server needs to be redirected to the login.php page and I am not the developer nor I have the knowledge of how that redirection is made. Yet I have to stop being redirected to the login.php. Is there a way to achieve this by .htaccess?
I actually want to enable https only on the home page and the signup page, which I can do with a HTTPS plugin. When I enable them, as I stated they go to the login.php file...
Important note: the link/domain above doesn't have an ssl configured but the other domain which needs to be redirected has it. But they have a CA bundle installed on the server.
Second important note: I actually need this to pass the data with https to securely use the fb - twitter - linkedin login buttons.
I'd be very glad for any advice. Thanks for your time!
Edit #1 - the other domain mentioned above has only these on the .htaccess
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
You need your redirect rule to come Before your wordpress routing rules. Otherwise the route happens first, rewriting whatever URL you requested, then the second rule redirects the internal route.
Try:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}/ [L,R=301]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Please I need a help. I am working on a site and wants to redirect all requests to an index file while allowing access to images, css, javascripts and other documents that are not php scripts. I am working on a local server (WAMP). The problem I have is that it redirects all requests to the index file including images. Below is my htaccess rule.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /myapp
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(\d{4})/(0?[1-9]|1[0-2])/([^/]+)/?$ app/$1-$2/$3 [R=301,L]
RewriteRule ^(.*)$ index.php [L]
</IfModule>
Is this not what you're aiming for?
RewriteRule ^(.*\.php)$ index.php [L]
You should also escape those slashes in your first rewrite rule
Thanks I have figured it out, I just modified the moved the first rewrite rule above the rewrite condition and it now working fine.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /myapp
RewriteRule ^(\d{4})/(0?[1-9]|1[0-2])/([^/]+)/?$ app/$1-$2/$3 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [L]
</IfModule>