My Wordpress site's URL is set to HTTPS in the WP settings. If you type domain.com, it redirects to www.domain.com. If you click on the logo, it'll take you to https:/www.domain.com. I'd like https to be enabled by default on all pages.
I tried using this as Brandozz recommended and it turns out my caching plugin as well but it keeps causing the loop error.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
My server used Nginx. The caching plugin is recommending adding a few lines of code but I'm not sure where or how. See http://docs.wp-rocket.me/article/36-fix-for-ssl-redirection-issue.. Cloudways is my host and I'm on a DigitalOcean server.
Here is what I'm currently using to redirect everything to https
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
Related
I am using WordPress. I need to force all pages to use HTTPS, expect one specific page that has an iframe with insecure content that cannot be replaced.
I have tried many different configurations in my .htaccess file. Some of them have worked better than other, but none of them have worked completely.
The problem I'm running into is that the navigation menus on the site use relative links. I've found some options that have allowed me to force HTTP on the iframe page, but then any navigation links clicked on that page (outside of the iframe) do not redirect back to the HTTPS version of those pages.
Here is one example I've come across that doesn't quite work.
<IfModule mod_rewrite.c>
RewriteEngine On
# Go to https if not on /iframe/
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/iframe/$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
# Go to http if you are on /iframe/
RewriteCond %{SERVER_PORT} !80
RewriteCond %{REQUEST_URI} ^/iframe/$ [NC]
RewriteRule ^(.*)$ https//www.example.com/$1 [R=301,L]
</IfModule>
You can use the following rules in your .htaccess file to achieve that. What this does is first check if HTTPs is not on, if not, then it will forward everything to HTTPs except for the directory /iframe/. The second rule checks if HTTPs is on, if so then it will redirect /frame/ back to HTTP.
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteCond %{REQUEST_URI} !^\/(iframe)
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L,R=301]
RewriteCond %{HTTP:X-Forwarded-SSL} =on
RewriteCond %{REQUEST_URI} ^\/(iframe)
RewriteRule (.*) http://%{HTTP_HOST}/$1 [L,R=301]
Make sure you clear your cache before testing this.
EDIT:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} !/iframe/ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} ^/iframe/ [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I'm having some issues with some .htaccess redirects only working in certain situations.
The code I have is
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
And here are the results of my tests
https://www.example.com redirects to http://example.com
https://example.com does nothing
https://www.example.com/page-name redirects to http://example.com/page-name
https://example.com/page-name does nothing
This is a WordPress site and the .htaccess code sits above the WordPress code. I have also tried it below too and I get the same results
It looks like the site didnt have an SSL attatched to it so the
RewriteCond %{HTTPS} on
rule was not working correctly.
Because of this I went down this method to fix the redirects and make it work in all of the test cases that I mentioned in the question.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]
Use this in your .htaccess instead:
RewriteCond %{HTTPS} =on
RewriteRule ^(.*)$ http://example.com%{REQUEST_URI} [R,L]
I'm assuming that you want www forced to not show, since you did not include it in the URL. If that is the case, include this extra condition to force it to not show:
RewriteCond %{HTTP_HOST} ^www\. [NC,OR]
RewriteCond %{HTTPS} =on
RewriteRule ^(.*)$ http://example.com%{REQUEST_URI} [R,L]
Make sure you clear your cache before testing this.
I'm working on a wordpress site. And just installed SSL. It has been installed correctly but I want to redirect visitors to the https url for certain pages only. I also want to force browser to use http for other pages.
I know this can be done with .htaccess and tried several things as well. But unable to get this as I need. I'm a novice at handling .haccess rewrite rules and can't find the docs that can guide me.
For example, I need to force browser to use https for this two urls:
http://www.example.com/sells/payment/
http://www.example.com/customer/login/
and for all other urls to just use normal http forcefully. What kind of rules I need to write?
Update 1
I also have a rule that redirects non-www url to a www url, and that might be conflicting with these rules. Here is how I redirect all non-www urls to www urls.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
The issue I'm facing is, after applying https rules, it is redirected to https://www.www.example.com/sells/payment/ which is a wrong url.
Any idea for fixing this?
Enable mod_rewrite and .htaccess through httpd.conf and then put this code in your .htaccess under DOCUMENT_ROOT directory:
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
RewriteRule ^(sells/payment|customer/login)/ - [E=MY_URL:1]
RewriteCond %{HTTPS} off
RewriteCond %{ENV:MY_URL} 1
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
RewriteCond %{HTTPS} on
RewriteCond %{ENV:MY_URL} !=1
RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
UPDATE:
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
RewriteRule ^(sells/payment|customer/login)/ - [E=MY_URL:1]
RewriteCond %{HTTPS} off
RewriteCond %{ENV:MY_URL} 1
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
RewriteCond %{HTTPS} on
RewriteCond %{ENV:MY_URL} !=1
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
This what I've used consistently across my projects where I have similar use-cases as yourself:
RewriteCond %{SERVER_PORT}s ^(443(s)|[0-9]+s)$
RewriteRule ^(.+)$ - [env=askapache:%2]
# redirect urls with index.html to folder
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.html\ HTTP/
RewriteRule ^(([^/]+/)*)index\.html$ http%{ENV:askapache}://%{HTTP_HOST}/$1 [R=301,L]
# change // to /
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.*)//(.*)\ HTTP/ [NC]
RewriteRule ^.*$ http%{ENV:askapache}://%{HTTP_HOST}/%1/%2 [R=301,L]
This is an excerpt from a site where I found the solution, so I can't take credit for it:
Smart HTTP and HTTPS .htaccess Rewrite
I haven't tried it, but can you handle it the same way you do cononcial URLs?
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com/your-page
RewriteRule (.*) https://www.example.com/your-page [R=301,L]
First, here's the .htaccess rule I currently use:
Options +FollowSymLinks
RewriteEngine on
RewriteRule (.*) http://example.com/$1 [R=301,L]
This is great, and redirects every link of my old domain to the very respective link in new domain. That is, http://olddomain.com/1.html is redirected to http://example.com/1.html and so forth.
But it doesn't redirect https://olddomain.com/1.html to https://example.com/1.html
And just so you know I tried, below are the rules I also happened to test. Unfortunately they're creating some kind of loop, and the redirection doesn't work.
Options +FollowSymLinks
RewriteEngine on
RewriteRule (.*) example.com/$1 [R=301,L]
and
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$ [OR]
RewriteCond %{HTTPS} =on
RewriteRule (.*) example.com/$1 [R=301,L]
So, can someone give me the rules redirect http pages to http and https pages to https? Thanks.
#if https on
RewriteCond %{HTTPS} on
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
#else
RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]
Your HTTPS rewritecond is incorrect. Cond is a regex, not an quality test. It should be
RewriteCond %{HTTPS} !^on
The %{HTTPS} var will only ever contain on or off. Never =on, so the match fails and triggers the redirect, even if https really is on.
update
For an unconditional HTTP->HTTPS redirect you'd need to redirect to an https URL. Your version just detects if HTTPS is *OFF, then redirects to the same url, causing a loop. What you need is:
RewriteCond %{HTTPS} !^on
RewriteRule (.*) https://example.com/$1 [R=301,L]
We've got a shopping site which we're hosting on a shared host (Mediatemple Gridserver). Some parts of the site need to use HTTPS (checkout etc) but the rest should be using HTTP.
Does anyone know how we can always force the correct use of HTTP/HTTPS for particular URLs? We've had it working in various states but we can't get a request for a page that should be on HTTP but is requested with HTTPS to switch back correctly.
I've had a look around SO but couldn't find a suitable answer to this.
I use something similar to this for my admin folder in wordpress:
#redirect all https traffic to http, unless it is pointed at /checkout
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/checkout/?.*$
RewriteRule ^(.*)$ http://mydomain.com/$1 [R=301,L]
The RewriteCond %{HTTPS} on portion may not work for all web servers. My webhost requires RewriteCond %{HTTP:X-Forwarded-SSL} on, for instance.
If you want to force the reverse, try:
#redirect all http traffic to https, if it is pointed at /checkout
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/checkout/?.*$
RewriteRule ^(.*)$ https://mydomain.com/$1 [R=301,L]
If you want some alternate ways to do it, check out askapache.
This should work in pretty much every scenario and should work in your actual vhost or .htaccess:
RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}/%{REQUEST_URI} [R=301,L]
(do not forget the slash before %{REQUEST_URI} as this may allow passing a portnumber, which is dangerous)
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{SERVER_NAME}/%{REQUEST_URI} [R=301,L]
I had some problem being behind a loadballancer. This how i fixed it.
As detailed in this answer, fix your application to use https:// links when needed. Don't rely on automatic redirections, this could lead you to a false sense of security if you haven't made your links/forms served over https:// go to https:// URLs too. Using mod_rewrite automatically makes it harder to detect such mistakes (which can also be vulnerabilities).
For me worked this (I used it for wordpress site and redirecting to HTTPS). You have to add the condition and rule lines just behind RewriteEngine and RewriteBase lines:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# I added these two lines for redirect to HTTPS
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R=301,L]
# (end of custom modifications)
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress`
Have a look to condition RewriteCond %{HTTP:X-Forwarded-Proto} !https - only this worked for my server hosting.
(I tried RewriteCond %{SERVER_PORT} !^443$ or RewriteCond %{HTTPS} off as well, but without success.
I think it should be:
RewriteCond %{HTTPS} =on
^/checkout(.*) http://shoppingsite.com/checkout$1 [R]
See the mod_rewrite documentation.