I want to run few pages on https while all others pages run on http
I wrote below code in .htaccess and on config.inc.php file
.htaccess
RewriteEngine on
Options +FollowSymLinks
RewriteBase /
RewriteRule ^login/?$ login.php [NC]
# Rewrite non www to www.charityrummage.com
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
# Rewrite to https
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} /login [OR]
RewriteCond %{REQUEST_URI} /do_login.php [OR]
RewriteCond %{REQUEST_URI} /payment/?.*$
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA]
# traffic to http://, except login.php and payment.php
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !(/login|/do_login.php|/payment)
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA]
also made some changes in config.inc.php which is required and first file of the website
config.inc.php
$ssl_page = array('login.php','do_login.php','payment.php');
// Note: do_login.php is intermediate page
if(in_array(trim($_SERVER['SCRIPT_NAME'],'/'),$ssl_page)){
define('PROTOCOL','https://');
}else{
define('PROTOCOL','http://');
}
define('DS','/');
define('URL',PROTOCOL.$_SERVER['HTTP_HOST'].DS);
// based on URL i made CSS and JS Path
here is the website link :
http://www.charityrummage.com.
login page is ssl enabled :
https://www.charityrummage.com/login
BUT
when I run the website, it gives different errors on different browsers and its really annoying. below are the error description on different browsers
IE8
it always prompt for security error and
if i click on Yes then display everything fine except left panel
if i click on NO then certificate error near web address but website works fine.
Chrome ( v :20.0.1132.8 )
display multiple warning about css and js ( see in console ) in below format:
The page at https://www.charityrummage.com/login ran insecure content
from http://www.charityrummage.com/css/reset.css
but if you view source of login page then you can see that every
css and js running with https://
Firefox (v 16.0)
it display lock sign ( secure ) just for few seconds and then gone away
( i m surprised it never prompt security alert for https )
but when we go with page info -> media then many of images are coming from http://
Will you please examine and tell me what is exact problem?
One more thing i want to know.
if https:// pages are not displaying properly then which one is responsible
Operating system OR
Browser OR
server OR
Programming issue OR
SSL certificate issue
and at the end what is the solution of this problem?
Thanks
Try with this rule:
# Force files ending in X to use same protocol as initial request
RewriteRule \.(gif|jpe?g|png|ico|css|js)$ - [S=1]
or this one:
# don't do anything for images/css/js (leave protocol as is)
RewriteRule \.(gif|jpe?g|png|ico|css|js)$ - [NC,L]
Before the # traffic to http://
I got round this problem before by setting the base href on the page like so
<base href="<?php echo HTTPS_BASE_REF; ?>"></base>
This meant that all links derived from this and resolved correctly.
The constant of HTTPS_BASE_REF was set in my config.inc.php file.
Related
Happy Friday!
I'm trying to create a redirect via .htaccess, basically when a user visits our old support system, it will send them to the IP of the new support system... Via HTACCESS I created the following:
RewriteCond %{HTTP_REFERER} oldsystem.domain.com [NC]
RewriteRule .* http://newsystem.domain.com/pages/wiki-has-moved/ [R,L]
However, this fails to point the user from the homepage of the new system.... Please could someone help me achieve this redirect?
Note - I followed this question, but the results aren't working with the redirect from .htaccess:
Allow access to a certain page on a site, only if they come from a link on another certain page
Note 2 -
The systems are on two separate servers, both with different IP's. However, they DO use the same domain oldsystem1.domain.com & newsystem1.domain.com.
Note 3-
We still want users to be able to access the old content (staff members) but non staff members will be redirected to the new system. This is why we have had to point the redirect to an IP.
This is how I managed to overcome the issue:
RewriteCond %{HTTP_HOST} ^wiki.volocommerce.com$
RewriteRule ^(.*)$ http://hub.volocommerce.com/pages/wiki-has-moved/ [R=301,L]
RewriteCond %{HTTP_HOST} ^wiki.esellerpro.com$
RewriteRule ^(.*)$ http://hub.volocommerce.com/pages/wiki-has-moved/ [R=301,L]
Hope this helps anyone else :)
Have you activated the rewrite engine? Your htaccess should look like this:
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^1.2.3.4 . // replace with allowed ip address
RewriteRule .* http://newsystem.domain.com/pages/wiki-has-moved/ [R,L]
If it should be a permanent redirect add this [L,R=301] instead of [R,L], so the browser will keep the redirect in cache and directly switch to the new site without getting redirected again.
If you want to allow multiple ip addresses you can add multiple conditions like:
RewriteCond %{REMOTE_HOST} !^1.2.3.4 [OR]
RewriteCond %{REMOTE_HOST} !^5.6.7.8
I am running a site in Magento version 1.9.1.0 which is SSL enabled. When I open that site's admin panel on a browser either after refresh the cache of browser or in private mode then first time it shows site's homepage rather than admin login page i.e. sitename.com/admin URL redirects to https://sitename.com URL automatically on first time.
Same issue happened when I try to access inner page of the site directly first time.
After this when I enter again URL in browser's address bar as sitename.com/admin then it open admin login page which is good on next time(seems cache works).
I am using Login and Pay with Amazon extension in my Magento site. So when I go for login with Amazon then after inject the credentials it shows me error as follows:
No data received. Unable to load the webpage because the server sent no data on chrome.
secure connection failed on firefox
I am using Base URLs (unsecured and secured as https://sitename.com) in admin panel under System > configuration > General > web which seems to be right? I have doubt in my .htaccess file this part of code. I have used the following code in my .htaccess file:
############################################
## workaround for HTTP authorization
## in CGI environment
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.sitename.com/$1 [R,L]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
############################################
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks
RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
RewriteRule .* - [L,R=405]
############################################
## redirect for mobile user agents
#RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
#RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
#RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]
My Requirements are:
Site always open with https which is working fine.
When user access the site either with www or without www site always open with https://sitename.com. and avoid index.php in the URL which is working fine.
When I access admin panel at any time either first or next to first, it should display admin login screen.
Remove error which is occurring after login with Amazon.
Kindly please help me to resolve this issue. If any other code required please let me know.
I think if you place in .htaccess the following rewrite, it will bypass this Magento stupidity; apache will rewrite it appropriately before Magento get a chance:
RewriteCond %{HTTP_HOST} ^www\.domain\.com$
RewriteRule ^(.*)$ http://domain.com/$1 [R=301,L]
My objective is apply an EV SSL to redirect using htaccess all the .HTML pages on my site to https, however, I created the site in DW CS6 and the majority (over 1,000) of the pages are .php and cannot be https, since they are all syndicated content feeds from EMC, VMware, etc. I also built dozens of deep links for all the .php pages.
Extensive searching through all the pages here provided what seemed like the best and most logical solution.
Step 1. Redirect the entire site first to https
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} Off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} !^\.php$ [NC]
RewriteCond %{HTTPS} Off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Then
Step 2.
RewriteCond %{HTTP_HOST} !^\.php$ [NC]
RewriteCond %{HTTPS} Off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
The problem is I never got to test step 2 because step 1 did not work, the site remains http://www.erpsaa.com/ but of course if you simply add the "s" https://www.erpsaa.com/ which was my objective, it works perfectly, and if you hit any of the deep link .php pages, it also works and goes directly back to http. However, that then kicks the entire site back to http. I have what I believe to be a partial solution for step 2.The parent.php links are effected, because with an entire site redirect (manual) the 4 .php parents are destroyed, SSL gives the "mixed content issue". I could set it up so that none of the links are the parent .php, but make all the links deep links and achieve the same purpose. However, I am still left with the problem of what I found here to be confirmed by more than one person was the exact way to redirect one's entire site from http to https. Perhaps in my case overall, is a 301 code for the entire site better, with the bandaid for the .php pages, whose deep links always force https to http.
Thank you in advance for any help.
You cannot match php extension using %{HTTP_HOST} variable (that is used for matching domains only).
You can use:
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteCond %{HTTPS} Off
RewriteRule !\.php$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,NE,NC,L]
I uploaded Php file on online, that is login system that is working properly, but that same code its not working in localhost. I am using WAMP Server. It always says "The page isn't redirecting properly".
This is My .htaccess file
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^74\.208\.90\.60
RewriteCond %{HTTP_HOST} !^localhost:8080/gdev
RewriteRule (.*) [localhost] [R=301,L,QSA]
There are a lot of problems with this:
Drop the \s in your first RewriteCond.
Your second RewriteCond makes no sense. The only portion of localhost:8080/gdev that is relevant to %{HTTP_HOST} is localhost. You can't use this one rule to check the host, the port, and the path.
Your RewriteRule doesn't make sense. Redirecting to [localhost] is like redirecting to http://whatever/[localhost]. It doesn't change the port.
I'm not 100% what you're trying to do, but I'd suggest you start by reading up on RewriteCond and RewriteRule directives.
User clicks link (from their email): http://www.site.com/edit/wih293f73y
Browser window opens and gets them to the correct page.
But now the browser's address bar shows: http://www.site.com/editor.php?editCode=wih293f73y
Extra info:
My rewrite rule is:RewriteRule ^edit/([A-Za-z0-9-]+)/?$ editor.php?editCode=$1 [NC,L]
This problem ONLY occurs when the user has clicked a link. It works perfectly when you just type the pretty url into the address bar.
This problem ONLY occurs for links that include the www. - the link http://site.com/edit/wih293f73y works like a charm.
My .htaccess file includes the following code (from HTML5 boilerplate, which I wasn't aware of previously):
# Rewrite www.example.com → example.com
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
</IfModule>
If it's important, this occurs after my other rewrite rules.
I just took a look and it is apparent that your www rules is causing this. Question is do you want it be fixed? If you do then move this rule on top of all other rules and your problem should be fixed.
Move this to top of all other rules
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
You can use use the redirect directive
redirect 301 ^edit/([A-Za-z0-9-]+)/?$ editor.php?editCode=$1
There are some pros and cons to this strategy. The pros being;
It's super fast. You don't even need to load up your application for this to work.
It's minimal code.
Redirects are an intrinsic part of Apache (or any http server) and aren't going anywhere soon.
The cons being;
It's not part of your application proper. Should you decide to change logic or URLs, you'll have to change this, too.
It's slower, as you need to invoke php, as opposed to just having Apache issue the redirect.