Why won't this .htaccess force all subdirectories to use SSL?
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
RewriteBase /wordpress/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /wordpress/index.php [L]
My particular use case: I have WordPress installed in a subdirectory, and I'm using mod_rewrite to "hide" that from my site visitors (docs are stored in example.com/wordpress, but appear to the browser as example.com). All good there. I added the HTTPS rewrite per instructions found in countless posts. But when I browse to example.com/nextcloud, all files are served up via HTTP!
There is an .htaccess file in my /nextcloud subdirectory. The only section pertaining to mod_rewrite reads as follows:
RewriteEngine on
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
RewriteRule ^remote/(.*) remote.php [QSA,L]
RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
I only have a very basic knowledge of .htaccess files, but my understanding is that it works top-down (.htaccess in subdirectories can overwrite the settings of higher directories) except for mod_rewrite, which is a special case and works in the opposite fashion (the topmost directory takes precedence).
If my understanding is true, why is my code not working?
In your /.htaccess, add this above all other conditions/rules:
RewriteRule ^nextcloud(?:$|/) - [L]
That prevents WordPress from ever getting the requests.
In your /nextcloud/.htaccess, set
RewriteBase /nextcloud/
Also, shouldn't your root base should be just / since that is the public path to WordPress? How do static files route correctly? E.g. how does example.com/real/file get to example.com/wordpress/real/file?
Related
My site is a wordpress site. If a user lands on http://www.example.com/subfolder (non-ssl), they are being incorrectly redirected to https://www.example.com (ssl but without the subfolder).
How do I stop this? They need to stay within the subfolder after being redirected to https://.
I"m using Really Simple SSL plugin within Wordpress. My .htaccess file contains this code:
#BEGIN ReallySimpleSSL
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /subfolder/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /subfolder/index.php [L]
</IfModule>
I've never been great editing the .htaccess file. Any help would be appreciated!
EDIT:..........
My .htaccess file is located within the subfolder. There is another .htaccess file located in the root, along with another website. I'm trying to keep users of the subfolder within the subfolder. *I've added a second IfModule to the above code.
The .htaccess in the root contains this code:
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Running in a fresh browser window, that I haven't used yet, I am getting the same results.
The issue most likely is that rule you implemented atop the configuration file in the subfolder:
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
It gets applied before anything else in the subfolder and it inconditionally rewrites all non-ssl requests to ssl. The issue here:
The capturing pattern ^(.*)$ gets applied to the relative path in the requests, that is only the section of the path from the subfolder base on. That is how rules in distributed configuration files get applied, this is clearly documented. That actually is one of the reasons why distributed configuration files add a lot complexeity and cause so many issues...
So instead you will have to either implement the https-redirection on top level, or use the absolute path or manually add the subfolder to the redirection target. I'd go with the second option:
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
The Really simple ssl plugin can cause such issues. Check the stop editing htaccess file option in the plugin settings and test with your htaccess code or try using the below snippet which works for me fine for subfolders/subdomains everything
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"
I need to force https and www with .htaccess, and I'm looking for a solution that is not domain-specific, but will apply to any domain and any folder (using server variables).
The setup:
domain.com has WordPress installed
domain.com/folder2 is a physical folder and contains a separate site
The .htaccess file in domain.com currently contains:
# force www+https
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !on$ [NC]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
This seems to work for domain.com, but not for domain.com/folder2: while https is enforced there, the www redirect doesn't work.
I tried placing a second .htaccess file in domain.com/folder2; that doesn't do anything either.
Questions:
How can I make these rules apply to domain.com/folder2 as well?
I've kept the WordPress block separate because WordPress would probably duplicate it when e.g. permalinks are changed via admin, and it doesn't find this block as-is. Is this correct, or is there a better way to consolidate the two blocks?
Thanks!
In .htaccess in /folder2, add the following :
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www [OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)$
RewriteRule ^ https://www.%1%{REQUEST_URI} [NE,L,R]
Delete your /folder2/.htaccess if you want to place this in your root dir.
I just want to hide the /wordpress/ in the URL of my site (http://example.com/wordpress/) with htaccess (I don't want to change the real URLs because I would lose all my social media shares data). I use the following htaccess in the root directory:
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteCond %{REQUEST_URI} !/$
RewriteRule (.*) $1\.php [L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/+wordpress/([^\s]+) [NC]
RewriteRule ^ %1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule (?!^wordpress/)^(.*)$ /wordpress/$1 [L,NC]
It works smoothly for all the pages of my website (i.e. if I go to example.com/wordpress/post/ it directly shows example.com/post/). But I have a problem with the homepage. It still always shows as example.com/wordpress/. I can't find the way to hide /wordpress/ here. Can you help me?
More info:
I also have in the /wordpress/ subfolder the following default .htaccess:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /wordpress/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /wordpress/index.php [L]
</IfModule>
# END WordPress
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/+wordpress/([^\s]+) [NC]
In order to catch requests for /wordpress/ (effectively the root of the WP site) then you would need to change the CondPattern in this directive to allow 0 or more trailing characters (ie. *). Currently, it is looking for 1 or more (ie. +) which excludes the bare directory. In other words:
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/+wordpress/([^\s]*) [NC]
There are presumably other "WordPress" directives in your .htaccess file that are routing the request. The order of directives are important, so there could still be a conflict.
However, as mentioned in comments, you should consider changing the URL properly in WordPress itself and then redirecting the old URL (with the "wordpress" directory) to the new URL (without "wordpress) in .htaccess. Without changing the URL structure in WP then every internal link on your site is going to result in an external redirect.
I am having an issue with .htaccess files (something that I do not really understand) - therefore, if I could get an explanation along with an answer that would be incredible!
Anyway, the situation is as follows.
Aim : I am trying to remove the www portion of my website so that it loads up always as XXX.com.
I have a root directory with an .htaccess coded as follows :
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
</IfModule>
This works well for it's purpose. However, in a directory called "Info" I have an installation of Wordpress with it's own .htaccess which currently looks like :
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /info/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /info/index.php [L]
</IfModule>
This does not remove the www and is the standard WordPress installation .htaccess file. My question is, what do I have to do to this file or the root directory file to fix the canonical issue!
Thanks a bunch,
Alex
Rewrite rules that are in htaccess files have precedence in subfolders first. Meaning the htaccess file in the /info/ folder completely supercedes any rules in parent directories. That's why the rule in your root directory is being ignored.
If you're using apache 2.4, you can use the InheritBefore option:
RewriteOption InheritBefore
which makes any rules in the parent directory get applied before any rules in the current directory.
If you're not using apache 2.4, then you'll have to duplicate the rules before the wordpress rules:
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /info/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /info/index.php [L]
</IfModule>
I fixed the issue myself. In WP it was surprisingly easy to do.
I logged into wp-login.php and then proceeded through to General settings where I removed the "www." from both listed URLs... Worked a charm!
I have two domain names setup with sub-domains as follows...
blog.domain.com
www.blog.domain.com
blog.domain.info
www.blog.domain.info
Both domains are pointing to the same location on the same server, a directory containing WordPress. (domain.com/blog)
To keep Google happy, I want everything to redirect to this one domain...
blog.domain.com
Here is what's inside the .htaccess file contained in the WordPress directory...
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
So I went into my cPanel and added a 301 Domain Redirect as follows...
blog.domain.info -> blog.domain.com (with "www" optional and wildcard selected).
cPanel then automatically added the following to the same .htaccess file under the WordPress rewrite rules...
RewriteCond %{HTTP_HOST} ^blog.domain.info$ [OR]
RewriteCond %{HTTP_HOST} ^www.blog.domain.info$
RewriteRule ^(.*)$ "http\:\/\/blog\.domain\.com$1" [R=301,L]
The problem is that the wildcard portion does not seem to work.
When I go to blog.domain.info, I get redirected to blog.domain.com as expected.
But when I go to blog.domain.info/my-post, I do not get redirected at all.
How can I fix this? I've tried rewrite rules that I know work but all I can think of is that the WordPress rules are interfering.
Once it's fixed, can I move these mod-rewrites to the main .htaccess in the hosting account's www root keeping them separate from the WordPress rules? Edit: Answer- NO, they will not work because they are domains parked in directories off the root www.
Thank-you!
Looks like I simply had to move the new rules above the WordPress section. I also added a new one that is supposed to remove the 'www' from the dot com domain name.
This all seems to be working.
Any comments appreciated.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^blog.domain.info$ [OR]
RewriteCond %{HTTP_HOST} ^www.blog.domain.info$ [OR]
RewriteCond %{HTTP_HOST} ^www.blog.domain.com$
RewriteRule ^(.*)$ "http\:\/\/blog\.domain\.com\/$1" [R=301,L]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
EDIT
It should be noted that if you change anything in the htaccess file contained between these Wordpress comments, it might get overwritten by Wordpress at a later time. Moving your custom edits outside AND above this block also works and is immune from any changes to htaccess made by Wordpress itself.
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^blog.domain.info$ [OR]
RewriteCond %{HTTP_HOST} ^www.blog.domain.info$ [OR]
RewriteCond %{HTTP_HOST} ^www.blog.domain.com$
RewriteRule ^(.*)$ "http\:\/\/blog\.domain\.com\/$1" [R=301,L]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
i own multiple domains for my site MethodShop, including methodshop.com, methodshop.net, etc.. When doing maintenance, i'll divert traffic between the different sites so my users don't have their experience interrupted. below is the htaccess wildcard script i use. it takes whatever URL the user attempts to access and mirrors that link on another domain.
for example,
http://methodshop.NET/games/play/bubblewrap/index.shtml
would redirect to
http://methodshop.COM/games/play/bubblewrap/index.shtml
here's the htaccess script for methodshop.net that rewrites all methodshop.net URLs to methodshop.com. just edit it for your domain.
RewriteEngine on
RewriteRule (.*)$ http://www.methodshop.com\/$1 [R=301,L]