I have a website running with https on all pages. I would like to make a 301 redirection for a specific page to make it available only with http (not https).
This is my code :
Redirect 301 https://www.example.com/a-page http://www.example.com/a-page
This does not work, i run a Wordpress website. How to make it runs with a simple way ?
Thanks
What do your .htaccess do to HTTP/HTTPS?
Are you forcing all users to use HTTPS?
Because you can make both be usable depending on how you want your server to handle the requests and what the browser user has requested.
Related
I have a Wordpress website and want to have in form of https://website.com. When I test it on GTmertix in form of http://www.website.com, I receive multiple landing page redirects like this:
Avoid landing page redirects for the following chain of redirected URLs.
http://www.website.com/
http://website.com/
https://website.com/
I have set the base domain on https://website.com format in Wordpress, and also I have done many things on .htaccess file to redirect http to https, but could not solve this issue.
May you help me please?
Without the domain, it is difficult to diagnose (and even then it may be difficult without seeing your .htaccess). Something is obviously redirecting http://www.example.com to http://example.com rather than directly to HTTPS.
You could try looking further up the chain, such as at your domain registrar/DNS provider. If you are behind a proxy like Cloudflare, I'd also be curious if this happens when you add the instance's IP address in your hosts file and try connecting directly - that would at least determine if the issue exists on the host itself or further up the chain.
I am working on a Wordpress website, and I ran gtmetrix to see its performance. I keep getting:
Avoid landing page redirects for the following chain of redirected URLs.
http://inspiringworm.com/
https://inspiringworm.com/
https://www.inspiringworm.com/
Does anyone know how to get rid of these redirects? Is it coming from a certain module?
Search for the link and make sure you have the full address: https://www.inspiringworm.com/. The other two just redirect, as gtmetrix explains.
Generally, a website is working based on protocols and URL.
There are 4 kind of possible URL combinations: 1) HTTP + WWW 2) HTTP + NON_WWW 3) HTTPS + WWW 4) HTTPS + NON_WWW.
Your website is forcefully running with HTTPS protocol and with WWW. If you will check in GTMATRIX/any other tool/browser, it will load the content from HTTPS and WWW, better to check it with inspiringworm website like https://gtmetrix.com/reports/www.inspiringworm.com/MIPLD7Co
I have the following scenario. I have a website in IIS 8 and I am trying to secure it (https). I have made the web with web forms. In the process to secure it I have to change the page at the beginning (default page in the IIS administrator). When I do it, I don't get the change and I go to the website that was set by default.
I have seen the log and when trying to access the new homepage it gives an error 302 (object moved). I have seen the response header and I see that the location is configured with the old home page.
Example:
Old default page: www.namedomain.com/start.aspx
New default page: www. namedomain.com/home.aspx
The new website has as in the response header: location = /start.aspx and as I said before when trying to access it gives error 302.
Thanks.
There's a few things going on here, "securing" the site with HTTPS and also potentially <authentication mode="Forms"> in your web.config where it will try and redirect any unauthorised requests to a login page. It seems like you are just doing the HTTPS though at this stage, and maybe trying to set up a redirect from HTTP to HTTPS?
It sounds like you are also trying to change the default page for the website (in IIS or the web.config?) from default.aspx to home.aspx? I'm not sure I understand why you want to do that as it isn't necessary for HTTPS, but the effect of that will mean you can go to https://www.namedomain.com/ and you will get served the content from home.aspx instead of start.aspx (or default.aspx) but the URL will stay as just https://www.namedomain.com/
Normally to set up HTTPS, all you do is go into IIS, Bindings, and add a HTTPS binding (you'll need a TLS certificate to make the https work properly). then just make sure you include the "https://" at the start of your URL.
If you think it might be caching problem on your machine, just add a nonsense querystring to the end of your URL (like https://www.namedomain.com?blah=blahblah) and it will cause your browser to get a fresh copy of the page.
I'm not sure what is causing the 302 redirect, have you added any special code to swap HTTP requests over to HTTPS? Can you update your answer with any more info?
Yes, it is what I put in my last comment Jalpa. I do not understand very well the relationship between not configuring the session variables and the default page but once corrected in code, the application correctly loads the web by default.
In a situation where a browser has to be redirected back to a http site from a https site, can this be done using a 302 (or 303) redirect without causing any security alerts from the browser?
The redirect target could be a different domain to the system that was providing the https content, so the browser may of been accessing pages from https://server.domain1.com/ and now needs to be redirected to http://different.domain2.com/
The redirect may also be in response to a form post, but without re-posting the data. Will browsers bring up a security warning as a result of the 302 redirect in this instance? Does 303 help with any security alerts? I'd like to avoid displaying what would essentially be a blank page with only a meta-refresh or javascript function to trigger the redirection.
I've been trying to find a list of browsers and their responses to both 302 and 303 in this situation, but can't find any such list.
A normal redirect http to https should not trigger a warning (expect in iframe for example) but a POST from an https page to an http page may trigger a warning.
And in any case, you should think about the safety of your users and use https rather than trying to avoid legitimate warnings.
I have a site https:// www.mysite.com that runs completely using HTTPS (I redirect http to https in IIS). This all works fine.
I have an old version of the site http:// old.mysite.com which some users are still running on that is running over HTTP only. This all works fine.
There is 1 URL that my new site redirects (using a Response.Redirect in the global.asax) to my old site. For example the user requests https:// www.mysite.com/page.aspx?query=string and I redirect them to the old site http:// old.mysite.com/page.aspx?query=string. The redirect works well except that the query string is missing when it gets to the old site.
The URL that I have to redirect comes from a url embedded at customer sites, so I can't just update them all to point to the old site. I tested and this all works fine when I run my new site under HTTP so the transfer is HTTP to HTTP, but it fails when I do HTTPS to HTTP.
Any ideas on what the problem is?
Thanks,
Jim
Alright I got it figured out so I'll post in case anyone else hits the issue. I was using the HTTP Redirect module in IIS 7 to redirect any HTTP traffic to HTTPS for my new website. For the url to redirect to I just had 'https://www.mysite.com'. I found some variables that you can add to the redirect url to keep the query string. So once I updated it to 'https://www.mysite.com$S$Q' it worked.