I am trying to make SSL and Redirection work perfectly with my web application. I wish to achieve that always https://www.mydomain.com/ should be loaded in the browser - although, if he types a subdomain - it should be redirected to https://subdomain.mydomain.com/ instead.
I mean to say, everything should be SSL - here is what I am doing currently
Options -Indexes
Options +FollowSymLinks
DirectoryIndex index.php
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^(www) [NC]
RewriteRule ^(.*)$ http://www.mydomain.com/$1 [L,R=301]
RewriteCond %{REQUEST_FILENAME} !index.php
RewriteRule (.*)\.php$ index.php/$1
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [QSA,L]
</IfModule>
<IfModule !mod_rewrite.c>
ErrorDocument 404 index.php
</IfModule>
Also, I wish to improve this .htaccess file so to introduce more security measures plus also allow only js, css and images files to be accessible by everyone - rest everything hidden or redirected to a 404 page.
Please guide, I would be greatly thankful!
These rewrite conditions may help you, I use this to make my CodeIgniter go to HTTPS:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
Related
I have a domain with a working htaccess file, which redirects all http traffic to https. This is/was working all fine.
Here is that .htaccess file:
RewriteEngine on
RewriteCond %{REQUEST_URI} !\.well-known/acme-challenge
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.html [NC,L]
Just now, I have installed wordpress in a sub-folder called "blogg" like this:
www.example.com/blogg/
I noticed right away that the blog was not https. So I went to wordpress admin and changed the URL in general settings from "http" to "https". This seems to have made all links in wordpress, as well as the admin page, use https.
Unfortunately it didnt help when going to the blogg in the web browser, it is still http, although https works if I enter it manually in the browser.
Here is the htaccess file in the wordpress directory (example.com/blogg/.htaccess):
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blogg/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blogg/index.php [L]
</IfModule>
# END WordPress
I am new to .htaccess, and would like some help in finding the right code for all my domain to be https, including the blog. Help is appreciated.
To be clear, I want all http requests to automatically go to https instead.
I have tried adding this line in the second .htaccess file: (no luck though).
RewriteCond %{HTTPS} off RewriteRule ^(.*)$
https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
BR
You can try something like this:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blogg/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blogg/index.php [L]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L] //SERVER_NAME = your actual domain name for WP
</IfModule>
# END WordPress
You can also look into this code since its an easier version. It will give you idea about WP htaccess if in root folder as well. :)
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L,NE]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I have read many answers on the subject but none is mentionning how to combine :
redirecting all traffic to index.php + redirect all http to httpS
the following works great for redirecting all to index.php :
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond $1 !^(index\.php|public|css|js|robots\.txt)
RewriteRule ^(.*) index.php/params=$1 [L,QSA]
before I was doing this I was able to force http to https using this :
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
I just cannot find a way to mix both, so that It would redirect all traffic to index.php using the same conditions and force https.
* edit *
in case somebody else gets confused like I did.
The reason why https was systematically returning a 404 when I was calling rewritten urls is because... My domain configuration file was incomplete, my website-ssl.conf was missing the AllowOverride All directive, this is why it was all working fine until I added the url rewriting. My non-ssl was correctly setup for url-rewriting so this is why it took me a little while to realise this was not working when https.
I have then added the necessary in my /etc/apache2website-ssl.conf
<Directory /var/www/vhosts/exemple.com>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
and this in my .htaccess
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://exemple.com/$1 [R,L]
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond $1 !^(index\.php|public|css|js|robots\.txt)
RewriteRule ^(.*) index.php/params=$1 [L,QSA]
ErrorDocument 404 /index.php
I hope that'll help somebody.
Thank you for your help
Just keep the https redirection rule above other rules :
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NC,L,R]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond $1 !^(index\.php|public|css|js|robots\.txt)
RewriteRule ^(.*) index.php/params=$1 [L,QSA]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}/index.php
</IfModule>
So in the above case, if user is going to http link, both(re-write to https and forward to index.php) will happen (i tried and its working). but if user is going to https directly, then you should have simple rewriting to index.php in your default-ssl
Im using the following .htaccess for my website. I redirect all urls to index.php if their isn't a file located at the url.
Options +FollowSymLinks
IndexIgnore */*
# Turn on the RewriteEngine
RewriteEngine On
# Rules
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php
This way http://website.com/user/user_name/ goes to index.php
and
http://website.com/css/style.css gives the actual css file (if style.css exists).
This works great, only i want to force https:// on the urls and i can't manage to get it to work. Any help is greatly appreciated.
Edit:
Using Jeroen's answer I got it working with the following .htaccess
Options +FollowSymLinks
IndexIgnore */*
# Turn on the RewriteEngine
RewriteEngine On
# Rules
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L,QSA]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php
As you are using CloudFlare's ssl - I assume Flexible SSL - you need a different solution although #Fox's solution is correct for a "normal" ssl connection.
For CloudFlare you need something like:
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L,QSA]
Also see CloudFlare's support article.
Try this
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
I am curious to find out how people are doing site wide https with links and forms. I am familiar with URL::secure for generating a form link. It looks like you can pass https to a route to force https. Does this mean I have to set https on every route definition?
Why don't you do it using your web server? I think it's safer and you don't have to do anything else on your application.
This is my configuration for apache:
<IfModule mod_rewrite.c>
#Options -MultiViews
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?/$1 [L]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain.com/$1 [R,L]
</IfModule>
Please I need a help. I am working on a site and wants to redirect all requests to an index file while allowing access to images, css, javascripts and other documents that are not php scripts. I am working on a local server (WAMP). The problem I have is that it redirects all requests to the index file including images. Below is my htaccess rule.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /myapp
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(\d{4})/(0?[1-9]|1[0-2])/([^/]+)/?$ app/$1-$2/$3 [R=301,L]
RewriteRule ^(.*)$ index.php [L]
</IfModule>
Is this not what you're aiming for?
RewriteRule ^(.*\.php)$ index.php [L]
You should also escape those slashes in your first rewrite rule
Thanks I have figured it out, I just modified the moved the first rewrite rule above the rewrite condition and it now working fine.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /myapp
RewriteRule ^(\d{4})/(0?[1-9]|1[0-2])/([^/]+)/?$ app/$1-$2/$3 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [L]
</IfModule>