I am running a site in Magento version 1.9.1.0 which is SSL enabled. When I open that site's admin panel on a browser either after refresh the cache of browser or in private mode then first time it shows site's homepage rather than admin login page i.e. sitename.com/admin URL redirects to https://sitename.com URL automatically on first time.
Same issue happened when I try to access inner page of the site directly first time.
After this when I enter again URL in browser's address bar as sitename.com/admin then it open admin login page which is good on next time(seems cache works).
I am using Login and Pay with Amazon extension in my Magento site. So when I go for login with Amazon then after inject the credentials it shows me error as follows:
No data received. Unable to load the webpage because the server sent no data on chrome.
secure connection failed on firefox
I am using Base URLs (unsecured and secured as https://sitename.com) in admin panel under System > configuration > General > web which seems to be right? I have doubt in my .htaccess file this part of code. I have used the following code in my .htaccess file:
############################################
## workaround for HTTP authorization
## in CGI environment
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.sitename.com/$1 [R,L]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
############################################
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks
RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
RewriteRule .* - [L,R=405]
############################################
## redirect for mobile user agents
#RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
#RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
#RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]
My Requirements are:
Site always open with https which is working fine.
When user access the site either with www or without www site always open with https://sitename.com. and avoid index.php in the URL which is working fine.
When I access admin panel at any time either first or next to first, it should display admin login screen.
Remove error which is occurring after login with Amazon.
Kindly please help me to resolve this issue. If any other code required please let me know.
I think if you place in .htaccess the following rewrite, it will bypass this Magento stupidity; apache will rewrite it appropriately before Magento get a chance:
RewriteCond %{HTTP_HOST} ^www\.domain\.com$
RewriteRule ^(.*)$ http://domain.com/$1 [R=301,L]
Related
I cannot login to the admin account on my wordpress site from the normal link: https://www.my_site.com/wp-admin. Every time I load https://www.my_site.com/wp-admin in the browser, the URL is rewritten to this URL:
https://www.my_site.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.my_site.com%2Fmy_subdirectory%2Fwp-admin%2F&reauth=1
(NOTE, in the re-written URL above, "my_subdirectory" is the subdirectory under root where my wordpress site exists).
When I enter the admin login credentials, the login page reloads and the URL stays the same in the browser. I'm stuck in this loop.
Here are the strange things:
If I remove the "www." from the redirect parameter in the URL, I can login. So, this URL works correctly:
https://www.my_site.com/wp-login.php?redirect_to=https%3A%2F%2Fmy_site.com%2Fmy_subdirectory%2Fwp-admin%2F&reauth=1
Or, if I remove "my_subdirectory%2F" from the redirect parameter in the URL, I can login. So, this URL also works correctly:
https://www.my_site.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.my_site.com%2Fwp-admin%2F&reauth=1
This URL also works fine:
https://www.my_site.com/wp-login.php
And, if I change the Wordpress site settings for "WordPress Address (URL)" and "Site Address (URL)" from "https://www.my_site.com" to "https://my_site.com" (note, I removed the "www"), I can also login without a problem.
I have also followed the wordpress conventions for having the wordpress set in its own directory here: https://wordpress.org/support/article/giving-wordpress-its-own-directory/
And, my .htaccess file mimics the one shown on that page:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteCond %{REQUEST_URI} !^/my_subdir/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /my_subdir/$1
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteRule ^(/)?$ my_subdir/index.php [L]
</IfModule>
I would really like to have the Wordpress site settings include the "www." part of the site URL and I would like to login to my admin account from "www.my_site.com/wp-admin".
Can someone please help?
Cheers!!
For me it worked by deleting the Wp Cerber Plugin.
I need to develop a plugin that can write into the WP htaccess file and "simulate" subdomains.
I have a new WP installation with basic htaccess on example.com
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Is there a way via htaccess that if I go to about.example.com I see the page example.com/about, without changing the URL (meaning that I still see about.example.com in the browser address bar)?
And also, is it possible that if I go to about.example.com/category1 I see the page example.com/about/category1?
I tried using the following code by adding it to the end of the htaccess, but it doesn't work:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?example.com.com$
RewriteRule ^(/)?$ about [L]
You should be able to do that using the following rule in your .htaccess:
RewirieEngine On
RewriteCond %{HTTP_HOST} ^about.example.com [OR]
RewriteCond %{HTTP_HOST} ^www.about.example.com
RewriteRule ^(.*) http://example.com/about/$1 [P]
What this does is check for the address about.example.com, if the condition is met it should redirect to example.com/about/.... but keeping the original address.
The [P] flag causes the request to be handled by mod_proxy, and handled via a proxy request.
However, keep in mind that using mod_proxy can cause security issues:
Take care when constructing the target URL of the rule, considering
the security impact from allowing the client influence over the set of
URLs to which your server will act as a proxy. Ensure that the scheme
and hostname part of the URL is either fixed, or does not allow the
client undue influence.
Normally using .htaccess you cannot go from one domain to another domain keeping the original URL. It can be a security nightmare as mentioned above. However, since this is a subdomain it should work.
Make sure you clear your cache before testing this.
Alternative
You can use ProxyPass - which would be a more secure option. You can find more information on how to use this via the Apache Documentation via this link. But this would need to done on a level higher than .htaccess. Through the config files.
I hope this helps.
My site is sometimes shown in Google as https://www.example.com. But I don't have a SSL certificate (and it's not needed in my view).
How do I redirect them to HTTP?
My current .htaccess is:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
When I type https://example.com, it redirects to http://www.example.com. But when I type https://www.example.com, it doesn't do anything.
Write this code in htaccess file.
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Your redirection code seems perfect to me. You may be perplexed at another area.
As per my knowledge, there may be an issue with Google Webmasters tools alternatively we can say Google Search Console. To track your website performance, you might have entered website URL with HTTPS (https://www.example.com) and that might be indicating Google search to display HTTPS URLs for your website. Search Console gives significant idea to Google Search to display proper URL in organic search result.
Now let us talk about importance of SSL certificate for website. Whether you've eCommerce website or a simple blog, every data traveling between browser and server needs to be protected, SSL certificate gives that facility. If you are thinking, why does my blog need SSL when it is not processing payment or allowing users to login?
Let me clear your view: It is obvious that every website owners want to rank top of the Google, here also SSL can be helpful as Google has given elucidated intention to push organic ranking for SSL secured website. So it is advisable to choose any cheap price certificate for your website instead of changing URL on Search Console.
Useful URLs:
Https to http redirect using htaccess
https://www.cheapsslshop.com/blog/google-says-companies-frivolous-attitude-on-https
https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html
Happy Friday!
I'm trying to create a redirect via .htaccess, basically when a user visits our old support system, it will send them to the IP of the new support system... Via HTACCESS I created the following:
RewriteCond %{HTTP_REFERER} oldsystem.domain.com [NC]
RewriteRule .* http://newsystem.domain.com/pages/wiki-has-moved/ [R,L]
However, this fails to point the user from the homepage of the new system.... Please could someone help me achieve this redirect?
Note - I followed this question, but the results aren't working with the redirect from .htaccess:
Allow access to a certain page on a site, only if they come from a link on another certain page
Note 2 -
The systems are on two separate servers, both with different IP's. However, they DO use the same domain oldsystem1.domain.com & newsystem1.domain.com.
Note 3-
We still want users to be able to access the old content (staff members) but non staff members will be redirected to the new system. This is why we have had to point the redirect to an IP.
This is how I managed to overcome the issue:
RewriteCond %{HTTP_HOST} ^wiki.volocommerce.com$
RewriteRule ^(.*)$ http://hub.volocommerce.com/pages/wiki-has-moved/ [R=301,L]
RewriteCond %{HTTP_HOST} ^wiki.esellerpro.com$
RewriteRule ^(.*)$ http://hub.volocommerce.com/pages/wiki-has-moved/ [R=301,L]
Hope this helps anyone else :)
Have you activated the rewrite engine? Your htaccess should look like this:
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^1.2.3.4 . // replace with allowed ip address
RewriteRule .* http://newsystem.domain.com/pages/wiki-has-moved/ [R,L]
If it should be a permanent redirect add this [L,R=301] instead of [R,L], so the browser will keep the redirect in cache and directly switch to the new site without getting redirected again.
If you want to allow multiple ip addresses you can add multiple conditions like:
RewriteCond %{REMOTE_HOST} !^1.2.3.4 [OR]
RewriteCond %{REMOTE_HOST} !^5.6.7.8
I want to run few pages on https while all others pages run on http
I wrote below code in .htaccess and on config.inc.php file
.htaccess
RewriteEngine on
Options +FollowSymLinks
RewriteBase /
RewriteRule ^login/?$ login.php [NC]
# Rewrite non www to www.charityrummage.com
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
# Rewrite to https
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} /login [OR]
RewriteCond %{REQUEST_URI} /do_login.php [OR]
RewriteCond %{REQUEST_URI} /payment/?.*$
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA]
# traffic to http://, except login.php and payment.php
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !(/login|/do_login.php|/payment)
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA]
also made some changes in config.inc.php which is required and first file of the website
config.inc.php
$ssl_page = array('login.php','do_login.php','payment.php');
// Note: do_login.php is intermediate page
if(in_array(trim($_SERVER['SCRIPT_NAME'],'/'),$ssl_page)){
define('PROTOCOL','https://');
}else{
define('PROTOCOL','http://');
}
define('DS','/');
define('URL',PROTOCOL.$_SERVER['HTTP_HOST'].DS);
// based on URL i made CSS and JS Path
here is the website link :
http://www.charityrummage.com.
login page is ssl enabled :
https://www.charityrummage.com/login
BUT
when I run the website, it gives different errors on different browsers and its really annoying. below are the error description on different browsers
IE8
it always prompt for security error and
if i click on Yes then display everything fine except left panel
if i click on NO then certificate error near web address but website works fine.
Chrome ( v :20.0.1132.8 )
display multiple warning about css and js ( see in console ) in below format:
The page at https://www.charityrummage.com/login ran insecure content
from http://www.charityrummage.com/css/reset.css
but if you view source of login page then you can see that every
css and js running with https://
Firefox (v 16.0)
it display lock sign ( secure ) just for few seconds and then gone away
( i m surprised it never prompt security alert for https )
but when we go with page info -> media then many of images are coming from http://
Will you please examine and tell me what is exact problem?
One more thing i want to know.
if https:// pages are not displaying properly then which one is responsible
Operating system OR
Browser OR
server OR
Programming issue OR
SSL certificate issue
and at the end what is the solution of this problem?
Thanks
Try with this rule:
# Force files ending in X to use same protocol as initial request
RewriteRule \.(gif|jpe?g|png|ico|css|js)$ - [S=1]
or this one:
# don't do anything for images/css/js (leave protocol as is)
RewriteRule \.(gif|jpe?g|png|ico|css|js)$ - [NC,L]
Before the # traffic to http://
I got round this problem before by setting the base href on the page like so
<base href="<?php echo HTTPS_BASE_REF; ?>"></base>
This meant that all links derived from this and resolved correctly.
The constant of HTTPS_BASE_REF was set in my config.inc.php file.