We have a section of our site which uses https to login securely, however when you visit this page and click away, you continue to view the site in HTTPS. This causes display issues on any pages using the http://www.domain.com/news/ URL.
How can we force all pages under the http://www.domain.com/news/ folder to use HTTP rather than HTTPS?
It's the opposite of requiring https, so with the condition of https on, rewrite this specific dir with deeper path to the http version.
RewriteEngine on
RewriteCond %{HTTPS} on
RewriteRule ^news/(.*) http://%{SERVER_NAME}/news/$1 [L]
Instead of SERVER_NAME, you can use HTTP_HOST when your site is accessed with a server-alias and you don't want to change that.
Be aware that links to https-requiring pages should be use https explicitly, or have a rewrite-rule of their own.
Place this 301 redirect rule in /news/.htaccess:
RewriteEngine on
RewriteBase /news/
RewriteCond %{HTTPS} on
RewriteRule ^ http://%{HTTP_HOST}/%{REQUEST_URI} [L,R=301,NE]
Related
This might sound like a stupid question to some, but I've only just noticed it while trying to implement an SSL certificate to my site.
There's a default value in the 'out of the box' .htaccess file:
# Rewrite "www.example.com -> example.com"
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
Am I right in thinking this code forces the removal of the www. part of the canonical links on my website?
If so - is this really best practice? Is that why the base_url example in the Config/App.php is http://example.com?
Secondly, as I mentioned, I'm trying to add this code to the .htaccess file to implement the SSL certificate and force https for every URL - but it's causing an error if I use www. (whereas it didn't cause an error before) and my speed tests are indicating redirects galore which is slowing everything down:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Is anyone able to point me in the right direction with the correct canonical link structure for the base_url in the Config/App.php file, whether I need to alter (or scrap) the first snippet of code, and how I can force https to work with my SSL certificate (and www. in my URLs).
I would much rather my URLs had the structure of https://www.example.com as opposed to https://example.com
Am I right in thinking this code forces the removal of the www.
Yes, but only for HTTP (not HTTPS) requests, as governed by the first condition %{HTTPS} !=on.
If you are implementing HTTPS then you should remove the first condition and change the RewriteRule substitution string to redirect to https://.... But if you are wanting to redirect to www then you'll need to reverse the logic also:
# Redirect "example.com -> www.example.com"
# (In fact, redirect hostname that does not start "www.")
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Although, this particular method (as I've implied in the comment) will not necessarily work if you have other subdomains, unless you want all subdomains to have www sub-subdomains?!
Note that this is an external "redirect", not an internal "rewrite" as you'd stated in the comment.
If so - is this really best practice?
In terms of SEO or from a technical perspective? In terms of SEO there is no difference. Using a www subdomain can arguably have some technical benefits (isolating cookies and staging sites, etc.) - although this is mostly a matter of opinion and depends on your environment. It is really up to you. For some domain names, using a www subdomain just looks cumbersome.
But what is important is that you choose one or the other and redirect to the canonical URL in order to avoid potential duplicate content issues.
Using the domain apex (ie. no www subdomain) is simply CodeIgniters default.
force https for every URL - but it's causing an error if I use www.
To clarify, the SSL cert you implement must include both the domain apex, ie. exmaple.com and the www subdomain, ie. www.example.com. Otherwise, you will naturally get browser security warnings when requesting the "other" (non-SSL) hostname.
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This code is generally OK to force HTTP to HTTPS (providing the SSL cert is installed on your application server, ie. you're not using a front-end SSL proxy or non-standard implementation). However, the order you put this rule in relation to the rule above will depend on whether you intend to implement HSTS or not.
If you are intending to implement HSTS then you will need to redirect to HTTPS on the same host first, before the redirect to www. This will result in an unavoidable double redirect when requesting the non-canonical http://example.com/ (but that is not "bad").
For example:
# 1. Redirect to HTTPS on the same host
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# 2. Redirect to non-www to www
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
If, however, you are not intending to implement HSTS then you can reverse the two rules above and get at most one redirect for any non-canonical URL request.
You need to update the CodeIgniter base_url to match your preference of www or not.
I am trying to redirect my site to always open in HTTPS. I am using CloudFlare and they have a setting to "Always use HTTPS". But there is a page on my website where I do not want to use HTTPS as it opens other websites under an iFrame. And if that page also loads in HTTPS then under iFrame any website whose URL hasn't been mentioned with HTTPS doesn't open. Therefore, for that particular page I want to keep the website to be opened under HTTP.
Things I am doing:
In CloudFlare Crypto settings "Always Use HTTPS" is ON.
Then in my page where I want it to opened under HTTP say surf.php
I am using the following PHP code:
if($_SERVER['HTTP_HOST'] != 'localhost'){
if(isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'on'){
if(!headers_sent()){
header("Status: 301 Moved Permanently");
header(sprintf('Location: http://%s%s',$_SERVER['HTTP_HOST'],$_SERVER['REQUEST_URI']));
exit();
}
}
}
Now the page doesn't open and says "The page isn’t redirecting properly". What should I do? Is there any other method to accomplish this? I want to use HTTPS in whole website so "Always use HTTPS" settings in cloudflare should be ON except just surf.php. What should be the best method here?
It sounds like you are in a redirect loop. Where you have a .htaccess file that forces HTTPS, and then you redirect to HTTP using PHP. Then that new request has all the same rules applied to it so that it gets redirected by .htaccess again to HTTPS, and so on (to infinity)
So I would first make sure your not forcing HTTPS in your .htaccess file. If so you can add a RewriteCond to exclude your URL:
#RewriteEngine On #-- if not included elsewhere
#if HTTPS is not on (then continue)
RewriteCond %{HTTPS} !=on
#add this rule in (if not our page, then redirect to HTTPS)
RewriteCond %{REQUEST_URI} !^/surf\.php$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
When mod rewrite hits a Rewrite condition if it fails (is false) it will disregard the next rewrite rule. So with this in place your PHP code could do it's job, but you can also do this in htaccess alone. Because you will have dependence on the URL in there anyway, I don't see an issue doing it all in the .htaccess file.
This would basically be the opposite of the above except you know the url. Something like this:
#if HTTPS is not on (then continue)
RewriteCond %{HTTPS} !=on
#add this rule in (if not our page, then redirect to HTTPS)
RewriteCond %{REQUEST_URI} !^/surf\.php$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#if HTTPS is not off (then continue)
RewriteCond %{HTTPS}!=off
# (if is our page, then redirect to HTTP)
RewriteCond %{REQUEST_URI} ^/surf\.php$
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I can't really test this though, but that's the general idea. If HTTPS is no off, and the %{REQUEST_URI} is our page !^/surf.php$ redirect to HTTP... Basically you have to punch a hole through the HTTPS rule and then force http.
I am pretty sure with %{REQUEST_URI} you only have to check if it starts with your URL (minus the host and protocal).
I'll admit I'm a bit rusty with complex HTACCESS rules, spoiled by MVC routers, so this may very well not be 100% correct. But the general idea is sound.
Anyway hope it helps.
I've been facing a problem with my WordPress app for over a month now and I couldn't make it work. I thought it was a problem with DNS server, then I thought I had a problem of caching, then a problem with the application (the wordpress redirecting it wrongly) and now I believe I have a problem with .htaccess
If you go to www.porta8080.com.br my website work fine, but when I remove the WWW it makes a redirect loop. Somehow it is not changing the URL, so it reloads the page and it's redirected again and again and again. I checked with cURL and same happens.
If I remove the .htaccess and change the permalinks settings to Query Strings it works. But anything that relies on URL rewriting (friendly URLs and stuff like that) fail.
Since I'm using OpenShift I think my conditions and rules are wrong. I'm using the default WP .htaccess and I added some things to force the WWW
This is my htaccess at the moment
RewriteBase /
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
First of all to enforce "www" in WordPress, there is simple, non-htaccess based solution.
i.e. Keep using standard htaccess file of WordPress and for www version. Go to WordPress Settings -> General
There you have two fields for your site's url: WordPress Address (URL) & Site Address (URL) , make sure both urls have http://www version in it.
Then WordPress will enforce www version for all Urls of your website.
This may solve your htaccess and redirect loop issue also?
I'm using Cloudflare's SSL on Flexible (Free) and it works perfectly fine.
I have setup all files and links from https:// to // to make them work over https.
I have also set the following in my .htaccess file to make any client go from http to https automatically:
RewriteCond %{SERVER_PORT}s ^(443(s)|[0-9]+s)$
RewriteRule ^(.*)$ - [env=askapache:%2]
The issue with the .htaccess code is that it only changes http to https on the root index file of my site for example, http://example.com/index.php will redirect to https but http://example.com/folder/index.php wont.
My second issue is even if I do a simple href="https://example.com/folder/index.php" or href="//example.com/folder/index.php" it will just bring me to the basic http url.
If you are using CloudFlare, you can define to always use SSL in the page rules.
For .htaccess (recursive):
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I am looking for a way to remove the extension of a file through .htaccess. For example, I want http://example.com/blog.php to be rewritten to http://example.com/blog. BUT I only want blog.php's extension to be removed, not any other file.
I tried this...
RewriteRule ^blog$ blog.php [L]
But it lets http://example.com/blog AND http://example.com/blog.php to be loaded. It doesn't rewrite the URL. \
I mainly want to do this so I don't have to go through all my code, changing all the links going to http://example.com/blog.php to http://example.com/blog
It doesn't rewrite the URL.
Rewriting happens internally within the server. Your rule rewrites the request URI from /blog to /blog.php. It doesn't interact with the browser at all. What you are asking for is an external redirect. You want mod_rewrite to return a redirect to the browser and have the browser send a whole different request. That can be done using:
RewriteCond %{THE_REQUEST} \ /+blog\.php
RewriteRule ^ /blog [L,R=301]
This worked for me :
RewriteCond %{REQUEST_URI} blog
RewriteRule ^(.*)$ blog.php [R=301,L]
Basically, if someone accesses your site using the URL <yoursite>/blog, the .htaccess will rewrite it to <yoursite>/blog.php