I have this really weird problem which I've already spent a lot of time investigating, but failed to find a solution.
Basically, I have a few domains parked in the server, but for simplicity, let's assume just 2 domains:
example.co.nz (main)
example.com
I have 2 requirements I'd like to satisfy:
a) I want all traffic from (2) redirected to (1)
b) I want all HTTP traffic to be redirected to HTTPS
So basically, in one sentence, I want all traffic to simply go to https://www.example.co.nz no matter what URL patterns I type into the location bar.
I have written a .htaccess file in the root like this:
SetEnv TZ
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !^on [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.co\.nz
RewriteRule (.*) https://www.example.co.nz/$1 [R=301,L]
RewriteCond %{REQUEST_URI} ^/(system|lib)(.*)$
RewriteRule ^(.*)$ index.php?/$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
The following works:
http://www.example.co.nz
https://www.example.co.nz
http://www.example.com
The following does not get redirected:
https://www.example.com
Would anyone happen to have any ideas why this is happening?
I was wondering if this is related to my htaccess or the server itself.
Any help would be high appreciated.
Found the problem.
The redirect is actually working. You get a warning about the certificate at https://www.example.com when you attempt to visit the website. Once you accept the warning, you are redirected to https://www.example.co.nz/.
That is because the SSL check is applied before the .htaccess rewrites. Since there is no certificate installed for www.example.com, you get a warning.
The only way around that is to install an SSL certificate for www.example.com as well.
Related
Lots of info nearly solves this, but nothing will quite crack it yet.
The site has a front-end (all in root basically), and an admin panel living in /admin. Basic stuff.
The site runs remotely on http://www.example.com and locally on http://foo
I want nothing locally redirected at all.
On the live server I just want front-end traffic redirected to a sub-folder /coming_soon but no redirection on the admin panel. So the client can start work in admin, but the public will only ever see the content in /coming_soon. (Plus I guess the admin login page, but that's fine).
Closest I came was:
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !=foo
RewriteRule ^$ /coming_soon [L]
</IfModule>
But that let me hit the "real" front-end by browsing directly to http://www.example.com/index.php
Your help much appreciated.
Hopefully I got your question right^^ Wasn't sure about the /admin part, who should access or if possible no one or...But the following is my take on your problem:
RewriteEngine On
#excludes HOST=foo and URI=/admin from rewrite to /coming_soon
RewriteCond %{HTTP_HOST} !^foo [OR]
RewriteCond %{REQUEST_URI} !^/admin
RewriteRule ^ http://www.example.com/coming_soon [R=301,L]
You can additionally set a location-directive and only allow entering /admin from specific IP(s).
<location /admin>
required ip 10.11.12.13
required ip 20.30.40.0/24
</location>
update
RewriteCond %{HTTP_HOST} !=foo
RewriteCond %{REQUEST_URI} !/(coming_soon|admin)
RewriteRule ^(.*)$ /coming_soon [R=302,L]
And R=302 is just temporary rewrite = won't be cached by browsers with target location. R=301 would tell browsers to save the target /coming_soon right away.
...if any one can improve this, or make it more elegant, I'd love to hear!
RewriteCond %{HTTP_HOST} !=foo
RewriteCond %{REQUEST_URI} !/coming_soon
RewriteCond %{REQUEST_URI} !/admin
RewriteRule ^(.*)$ /coming_soon [R=302,R]
I have been developing web application using php framework - codeigniter at apache server.
For example, My server address has three address - 10...*, www.test.com, test.com
In codeigniter framework, I set the base url in config.php
$config['base_url'] = 'http://www.test.com/';
so I want that clients' requests will be redirect the www.test.com address.
That is,
http://test.com/ =======> http://www.test.com/
http://10.*.*.*/ =======> http://www.test.com/
In documentation, it talk me I have to use .htaccess file.
But, I don't know about it.
How to redirect the several address to one address?
In your htaccess file for the site you can use the following
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.test\.com$ [NC]
RewriteRule ^(.*)$ http://www.test.com/$1 [L,R=301]
</IfModule>
In case you haven't used mod-rewrite before, it needs to be enabled on your server. The .htaccess file needs to go in your document root folder, usually public or public_html.
Here are some instructions for enabling modrewrite on apache under Ubuntu. If you let me know what server or hosting you are using I may be able to point you to some better instructions. Note: You will probably find it's already enabled for you!
https://www.digitalocean.com/community/tutorials/how-to-set-up-mod_rewrite-for-apache-on-ubuntu-14-04
That should do it.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} ^10\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
</IfModule>
1st condition of each block means: host is not empty
2nd condition of 1st block means: host doesn't match www.*
2nd condition on 2nd block means: host matches an ip address starting with 10, it would match invalid ip aswell such as. 10.256..
Then redirecting (or rewriting) the request where 301 means permanent and L means stop rewriting.
For this to work, you'll need mod_rewrite enabled in apache.
I am deploying a PHP web application into a linux server for my client.
Their linux webserver allows wildcard subdomain, the server have SSL on.
I have set up the virtualhost for the wildcard subdomain and no problem occurs,
the problem is when i tried to use http:// instead of https:// on a wildcard subdomain, it links to other URL, it links to the clients own application.
I tried asking them about their server setting that redirects the non-https and they said they have no idea.
I tried modifying the .htaccess to redirect any http request to https but it does not work too, I suspected that there must be a missing server setting that caused this.
I have little knowledge on linux web server, and am really confused where should I even begin to search for this kind of problem, I've tried google for days and have not been able to find any solution.
here is my .htaccess setting, i put it on the root application.
RewriteEngine on
RewriteCond $1 !^(index\.php|resources|robots\.txt)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [QSA]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301]
the first rule is to delete index.php from the link, it works perfectly fine.
the second one is to redirect from http to https.
Any kind of answer or insight are very appreciated
I have a URL www.site-name.com that has been moved to www.sitename.com and then an SSL certificate has been installed on the new site (sitename.com). I have an .htaccess file for both sites.
For the old site I have redirects for site-name.com to sitename.com as follows:
<IfModule mod_rewrite.c>
RewriteEngine on
Options +FollowSymLinks
RewriteCond %{HTTP_HOST} ^site-name.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.site-name.com$
RewriteRule (.*)$ http://www.sitename.com/$1 [R=301,L]
</IfModule>
This works except that if you type in https: //www.site-name.com you get a security message and no redirect. Most .htaccess knowledgebases tell you how to redirect from http to https or from site-name.com to sitename.com but I need to know how to redirect for both at once. I need http: //www.site-name.com to redirect completely to https: //wwwsitename.com. Can someone help me get the site redirected without the security message? I don't understand why the old url resolves with the https protocol.
UPDATE:
As requested the security warning I get is "Your connection is not private". The error code associated is NET::ERR_CERT_COMMON_NAME_INVALID
Here is some additional information that might be important in solving the problem:
When searching for the site in Google both sitename.com and site-name.com come up in the search. When you click site-name.com it tries to go to https: //site-name.com instead of redirecting to the correct site: https: //sitename.com
Looks like you need RewriteCond %{HTTPS} on:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^sitename.com[nc]
RewriteRule ^(.*)$ http://www.sitename.com/$1 [r=301,nc]
Try changing your redirect block to this:
RewriteBase /
RewriteCond %{HTTP_HOST} ^site-name\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.site-name\.com$ [NC]
RewriteRule ^(.*)$ https://www.sitename.com/$1 [R=301,L]
If that doesn't work, your SSL certificate might not be valid for both sitename.com and www.sitename.com. If that is the case, simply dropping the www. from the redirect should prevent the warning. However, if you want requests to sitename.com to also redirect to www.sitename.com (or vice versa), you will need to have a valid certificate for both.
EDIT:
Based on remarks in the comments below, you also need valid certificates for site-name.com and www.site-name.com if you want them to be accessible over HTTPS and get redirected.
I have a PHP website that I own. I want to temporarily disable the website while I am making my changes (there are a lot to do). I tried to rename the index.php file but the end-user can always navigate to a page by typing the URL ( or if he had bookmarked the page ). Is there a way I can disable the whole website temporarily?
Edit : This accepted answers work for an apache web server. What I am using presently is IIS6 ( and not IIS7 where the same rewrite can be done in web.config file ). Is there a way around for this problem in IIS6?
You can use .htaccess file to redirect to maintenance page:
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.000
RewriteCond %{REQUEST_URI} !^/maintenance\.html$
RewriteRule ^(.*)$ http://domain.com/maintenance.html [R=307,L]
Some useful links:
http://www.shellhacks.com/en/Redirect-Site-to-Maintenance-Page-using-Apache-and-HTAccess
http://perishablepress.com/htaccess-redirect-maintenance-page-site-updates/
http://wp-mix.com/maintenance-mode-htaccess/
While bartek beat me to an Apache mod_rewrite rule that would force the site to redirect all traffic to a maintenance/offline page, I wanted to post my variation on the idea which can allow a specific IP address to access the site:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^123.45.67.890$
RewriteCond %{REMOTE_ADDR} !^127.0.0.1$
RewriteCond %{REMOTE_ADDR} !^::1$
RewriteCond %{REQUEST_URI} !^/offline.html$
RewriteRule ^(.*)$ http://your.great.website/offline.html [R=302,L]
Just a note that depending on your version of Apache, you might have to escape the . and : in the IP addresses like this:
RewriteCond %{REMOTE_ADDR} !^123\.45\.67\.890$
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
RewriteCond %{REMOTE_ADDR} !^\:\:1$
The idea is if the visitor is not coming from the IP address 123.45.67.890—or the localhost addresses of 127.0.0.1 (IPv4) or ::1 (IPv6)—and the URI requested is not /offline.html then redirect that person to http://your.great.website/offline.html.
Which means you should just replace 123.45.67.890 with the IP address you would be connecting from to allow you to have a window into the website while you perform work. But anyone else who is not 123.45.67.890? Well, they see the offline.html page.
I would also propose this solution.
RewriteEngine On
RewriteCond %{QUERY_STRING} !access=dbcaf771cc0c4e23a0fc895d0afa106f
RewriteCond %{REQUEST_URI} !^/maintenance.html$
RewriteRule ^(.*)$ /maintenance.html [R=302,L]
The idea is unless your request contains access=dbcaf771cc0c4e23a0fc895d0afa106f within the query string, you'll simply get redirected to the maintenance page.