I want to force to user to access my site using https:// so that I'm using following php code and .htaccess file.
php code:
if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on') {
if(!headers_sent()) {
header("Status: 301 Moved Permanently");
header(sprintf(
'Location: https://%s%s',
$_SERVER['HTTP_HOST'],
$_SERVER['REQUEST_URI']
));
exit();
}
}
.htaccess file
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
For example my site url name is : www.example.com. If change the url to http:// from https:// it's successfully redirect to https:// but if I change the url to http://www.example.com. then it's not going to https://. It's accepting http://.
Note: I've paid version of https://
I want that user can't access my site WITHOUT HTTPS:// anymore. HOW CAN I DO THIS ?
If you are running Apache, the easiest way is to use .htaccess to automatically redirect http access to https. Here is an example:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Save the above code in your existing .htaccess file in your root folder. If you do not have an .htaccess file, you can save the above as a plain text file and save it with the name .htaccess. Note the leading '.' in the file name. It is important. Upload that file to your root directory.
Related
I'm trying to force all links on my website to be https instead of http.
I have tried by redirect the domain from my web-host control panel to https, but it's still the same.
Each time I enter the website the page become http.
I search around and I found this tiny code inside my config file.
// server url and base path, usually you don't need to change this
'base_url' => (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']),
'base_path' => getcwd(),
Is this responsible for this issue! if yes! what should I change to make it https?
you can use htaccess to do this:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
The best way to redirect all HTTP address to HTTPS is by using a .htaccess file.
Create a file named .htaccess in your root directory if you don't have any. then copy this in to the file
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R,L]
I am trying to redirect my site to always open in HTTPS. I am using CloudFlare and they have a setting to "Always use HTTPS". But there is a page on my website where I do not want to use HTTPS as it opens other websites under an iFrame. And if that page also loads in HTTPS then under iFrame any website whose URL hasn't been mentioned with HTTPS doesn't open. Therefore, for that particular page I want to keep the website to be opened under HTTP.
Things I am doing:
In CloudFlare Crypto settings "Always Use HTTPS" is ON.
Then in my page where I want it to opened under HTTP say surf.php
I am using the following PHP code:
if($_SERVER['HTTP_HOST'] != 'localhost'){
if(isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'on'){
if(!headers_sent()){
header("Status: 301 Moved Permanently");
header(sprintf('Location: http://%s%s',$_SERVER['HTTP_HOST'],$_SERVER['REQUEST_URI']));
exit();
}
}
}
Now the page doesn't open and says "The page isn’t redirecting properly". What should I do? Is there any other method to accomplish this? I want to use HTTPS in whole website so "Always use HTTPS" settings in cloudflare should be ON except just surf.php. What should be the best method here?
It sounds like you are in a redirect loop. Where you have a .htaccess file that forces HTTPS, and then you redirect to HTTP using PHP. Then that new request has all the same rules applied to it so that it gets redirected by .htaccess again to HTTPS, and so on (to infinity)
So I would first make sure your not forcing HTTPS in your .htaccess file. If so you can add a RewriteCond to exclude your URL:
#RewriteEngine On #-- if not included elsewhere
#if HTTPS is not on (then continue)
RewriteCond %{HTTPS} !=on
#add this rule in (if not our page, then redirect to HTTPS)
RewriteCond %{REQUEST_URI} !^/surf\.php$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
When mod rewrite hits a Rewrite condition if it fails (is false) it will disregard the next rewrite rule. So with this in place your PHP code could do it's job, but you can also do this in htaccess alone. Because you will have dependence on the URL in there anyway, I don't see an issue doing it all in the .htaccess file.
This would basically be the opposite of the above except you know the url. Something like this:
#if HTTPS is not on (then continue)
RewriteCond %{HTTPS} !=on
#add this rule in (if not our page, then redirect to HTTPS)
RewriteCond %{REQUEST_URI} !^/surf\.php$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#if HTTPS is not off (then continue)
RewriteCond %{HTTPS}!=off
# (if is our page, then redirect to HTTP)
RewriteCond %{REQUEST_URI} ^/surf\.php$
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I can't really test this though, but that's the general idea. If HTTPS is no off, and the %{REQUEST_URI} is our page !^/surf.php$ redirect to HTTP... Basically you have to punch a hole through the HTTPS rule and then force http.
I am pretty sure with %{REQUEST_URI} you only have to check if it starts with your URL (minus the host and protocal).
I'll admit I'm a bit rusty with complex HTACCESS rules, spoiled by MVC routers, so this may very well not be 100% correct. But the general idea is sound.
Anyway hope it helps.
I am using one webserver for hosting two different websites, each having it's own domain and located in it's own subdirectory on the server. Both domains point to the root directory of my server.
This is my file structure:
root/
domain1/
domain2/
In my root directory i am using a small PHP script to determine which URL is coming in and than forward it to corresponding subdirectory.
if (($_SERVER['SERVER_NAME'] == "www.domain1.com" || $_SERVER['SERVER_NAME'] == "domain1.com") ) {
Header( "HTTP/1.1 301 Moved Permanently" );
header("location: http://www.domain1.com/domain1");
}
else if (($_SERVER['SERVER_NAME'] == "www.domain2.com" || $_SERVER['SERVER_NAME'] == "domain2.com") ) {
Header( "HTTP/1.1 301 Moved Permanently" );
header("location: http://www.domain2.com/domain2");
}
Up to here it works totally fine. When I call ww.domain1.com I get forwarded to the corresponding subdirecoty and the domain changes to www.domain1.com/domain1. This is where my question arrises: How can I hide the subdirectory in the URL? I have been struggeling with this for ages, reading guides to mod_rewrite and searching SO but didn't get anny success.
I have tested my server for RewriteEngine On, which works fine, I Just cant get the desired behaviour.
Edit:Here is my htaccess code, located in the subdirectory domain1. The same code is located in directory2, changed to the naming conventions.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?domain1.com$
RewriteRule !^domain1/ domain1%{REQUEST_URI} [L]
I got the idea for this from SO: SO Article
Thanks in advance ;)
you can use apache conditions in htaccess for this. create a file .htaccess with following code
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(.*)\.domain1\.com
RewriteRule ^(.*)$ /domain1/$1 [L,NC,QSA]
RewriteCond %{HTTP_HOST} ^(.*)\.domain2\.com
RewriteRule ^(.*)$ /domain2/$1 [L,NC,QSA]
this will pass all params too, in addition to silently redirecting to sub directory. your url in browser wont show the redirection.
You can use the following code in Root/.htaccess :
RewriteEngine on
#--Rewrite domain1 to /domain1 folder--#
RewriteCond %{HTTP_HOST} ^(www\.)?domain1.com$
RewriteRule ^((?!domain1).*)$ /domain1/$1 [NC,L]
#--Rewrite domain2 to /domain2 folder--#
RewriteCond %{HTTP_HOST} ^(www\.)?domain2.com$
RewriteRule ^((?!domain2).*)$ /domain2/$1 [NC,L]
In my constants.php file, I have set site root.
define("SITEROOT","http://www.example.com/");
please see for difference in http:// and http://www. in following description.
Now session_start works only if I move from http://www.example.com/index.php to any other page. But if I use http://example.com and tried to echo session details on other page with http://www.example.com/pagename.php, session is not continued.
Is there any way to auto correct url in browser's address bar to http://www.example.com if user uses http://example.com ?
You can use your web server to force either www or non-www urls. It is highly recommended to use one of them (not allowing both) on live websites for search indexing perposes.
If you're using Apache you can do so by updating your site .htaccess file as follows for url's without www
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule .* http://%1%{REQUEST_URI} [R=301,L]
Update
As Vinny has pointed out in the comments it is recommended when ever possible to NOT use .htaccess and instead handle it in the Virtual Host Config file.
If you are using apache add this to your config.
<VirtualHost *:80>
ServerName example.com
Redirect permanent / http://www.example.com/
</VirtualHost>
You should be able to use something like this (before anything is displayed, or headers sent, so before your session creation code):
if( "www." != substr( $_SERVER["SERVER_NAME"], 0, 4 ) ){
header( "Location: http://www.example.com".$_SERVER["REQUEST_URI"] );
exit();
}
Alternately, you could create/modify your .htaccess file like this:
Rewritecond %{HTTP_HOST} !www.domain.com
RewriteRule ^/(.*)$ http://www.domain.com/$1 [R=301]
or maybe
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^/(.*)$ http://www.%{HTTP_HOST}/$1 [R=301]
I have encountered a rather strange issue while adding www to the urls in .htaccess. I have a codeigniter based site and adding www to all urls. But my Post request have stopped working.
Here is the content of my apache .htaccess file
RewriteEngine on
#for adding www
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
RewriteCond $1 !^(index\.php|img|public) [NC]
RewriteRule ^(.*)$ /index.php?/$1 [L]
I am using $config['uri_protocol'] = 'AUTO';
and it does work fine with non www urls but it stops POST requests working after adding www as stated in above. I have even tried REQUEST_URI, but it didn't help.
some other settings i have are.
$config['base_url'] = 'http://example.com';
and in autoload $autoload['helper'] = array('url');
I guess the problem is that the 302 redirect after adding www does not understand POST data.
Change your base URL from:
http://example.com
to:
http://www.example.com
Instead of having the 301 redirect within .htaccess, just bake that logic into your app.
For example on every request you could do:
if (strstr($_SERVER['HTTP_HOST'], 'www') === FALSE) {
$domain_with_www = 'http://www.example.com';
header ('HTTP/1.1 301 Moved Permanently');
header ("location: ".$domain_with_www.$this->uri->uri_string);
}
You can get this to run on every request by extending CI_Controller. See this for more info on that: http://codeigniter.tv/a-10/Extending-the-core-MY_Controller-and-beyond