I know this is not the first time someone has asked this, but I tried other solutions and they don't seem to work.
So I have a website with a SSL certificate and a redirect rule in my .htaccess file to point visitors to https. However, there is one specific page I want to exclude from SSL.
This is the code in my .htaccess file:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
So my question is, how do I create a rule that excludes www.example.com/shop from SSL?
Most likely you can use another RewriteCond on the redirect to block redirecting for that particular URL. However, how are you going to handle the resources loaded by that page? It will load stuff like images, CSS, Javascript, etc. Should those be loaded over plain old HTTP too? And what happens when something clicks on a like to view their shopping cart, will it go to another URL (and thus go over HTTPS again)?
I'm not entirely sure what you want to achieve, but it sounds a bit silly to me. Why would you want to exclude only one particular page from a safe & secure connection? (And why wouldn't you serve the whole site over TLS?) But maybe you tell us the reason for this so maybe we can help you find a different solution?
Related
I've been digging through all sorts of tutorials on this and messing with a bunch of multisite/htaccess stuff. Let me give you my scenario and see if someone can tell me what in the world to do to make it work.
I have a wordpress site in a folder
/mudmin6
That site is mudministry.org
I have another wordpress site (totally separate) in a subfolder of that site
/mudmin6/userspice
That site is userspice.com
Ideally I would like to be able to access this site by typing either of these two things...
mudministry.org/userspice
or
userspice.com
So far, that works. However, I can't do something that's really important.
I can't type, say
userspice.com/forums and get to my forums. I get an internal server error. The only way to get to the forums is to go all the way back to mudministry.org/userspice/forums
Can someone tell me what needs to change in my .htacces, wp-config, or wordpress dashboard to make this happen (and in what subfolder to make these changes?)
.htaccess for mudministry.org
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
<Files 403.shtml>
order allow,deny
allow from all
</Files>
.htaccess for userspice
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /userspice/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /userspice/index.php [L]
</IfModule>
# END WordPress
I know that there are a lot of people who will say why do I need to do this? I need to do it for a grant we have. The initial domain must be accessible by mudministry.org/userspice but it's also really annoying that I can't type userspice.com/anything and get to any of my pages.
Perhaps you can use the internal Proxy [P], I have not done this before, but let me know if this works.
You will want to put this into the root .htaccess
RewriteRule ^(userspice)/(.*)$ http://userspice.com/$2 [NC,P]
You may also want to use ProxyPassReverse to make sure any redirects are done as you expect. This may not work, depending on how you have relative and absolute urls used in your application. But if you dont mind that when the user starts to browse around in the userspice directory, that they are switched over to the userspice.com domain, this could work
I have a simple wordpress website and it seems to be hacked. I used some plugins to scan it and they say my htaccess file is infected. Now I could use some help clean it up - specifically, to understand
What to look for to clean up? I.e. what does an "infection" in htaccess look like?
how can I prevent unauthorized access to the file in the future?
The htaccess in question is:
http://pastebin.com/TcWiQvNP
Here's default wordpress htaccess
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
also for permission
set chmd to 644
First, you need basic understanding of mod_rewrite configuration structure to understand what your current file does and be able to edit it correctly.
Now, the broadly defined redirects to some absolute URLs do look suspicious. But I don't know if the URLs correspond to your site or some other.
In general, you need to identify which directives are "alien" - i.e. do not correspond to the apps you're running at the server.
I am using Wordpress Multisite, and some of my pages I have built using javascript. So naturally, my SEO sucks. So I have created a phantom.js prerender.io service hosted on myurl.com:3000
I am trying to redirect google bots to use the prerender service. I need to pass the full url to the prerender service like this: http://myurl.com:3000/http://sub.myurl.com/cats/are/cool
As you can see, I am using subdirectory wordpress multisite, so the subdomain and domain need to be passed.
First Problem
This is the original wordpress .htaccess
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
I have tried to use this:
RewriteEngine On
RewriteCond %{QUERY_STRING} _escaped_fragment_
RewriteRule ^(.*) http://service.prerender.io/http://example.com [P,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
...
Just for testing, I run http://myurl.com?_escaped_fragment_= in my browser and I get a page like this:
Not Found
The requested URL / was not found on this server.
It doesn't even seem to redirect to http://service.prerender.io. I'm guessing there is some kind of conflict with the wordpress rules.
Update: This issue was fixed by turning on mod_proxy, thanks to #Jon Lin
Second Problem
Once I pop in the right url (http://myurl.com:3000), I have no idea how to grab the entire URL to give to the service! I have googled and google, and I can only find information about how to get url parameters after the domain.
First problem first though, second is only bonus. I can discuss that in another question when I am able to tested it better because the first problem is fixed.
Thanks to #Jon Lin for the mod_proxy answer.
For the second answer, check the following gist for the rewrite rule for grabbing the entire URL to give to the service. It does a quick check to make sure you are most likely trying to view an html file, then adds the entire URL on the end of the request.
https://gist.github.com/thoop/8072354
Basically:
RewriteRule
^(?!.?(.js|.css|.xml|.less|.png|.jpg|.jpeg|.gif|.pdf|.doc|.txt|.ico|.rss|.zip|.mp3|.rar|.exe|.wmv|.doc|.avi|.ppt|.mpg|.mpeg|.tif|.wav|.mov|.psd|.ai|.xls|.mp4|.m4a|.swf|.dat|.dmg|.iso|.flv|.m4v|.torrent))(.)
http://service.prerender.io/http://%{HTTP_HOST}%{REQUEST_URI} [P,L]
I've been researching this for got to be around 6 hours now (had I known I'd spend this long I would have read the manual from start to finish to learn things in-depth) and out of desperation I'm finally asking.
I have a client with two Wordpress sites.
www.myoldsite.com and www.mynewsite.com.
www.myoldsite.com is hosted on a server I can't access while I have access to www.mynewsite.com.
Because of this restraint I've decided to use a .htaccess file on www.mynewsite.com to handle specific 301 redirects and point the domain www.myoldsite.com to www.mynewsite. Most of the redirects are working without any issues but there are a few that aren't. I know why but I can't figure out how to fix it.
For example:
On the www.myoldsite.com they had the page www.myoldsite.com/about-us.
On the new site the new URL is www.mynewsite.com/about-us/what-we-do.
The htaccess file looks like this:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^mynewsite\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.mynewsite\.com$
RewriteRule /about-us "http\:\/\/mynewsite\.com\/about\-us\/what\-we\-do\/" [R=301,L]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
At the moment this causes the recursive error "too many redirects". If I change the Rewrite Rule to:
RewriteRule ^/about-us$ "http\:\/\/mynewsite\.com\/about\-us\/what\-we\-do\/" [R=301,L]
The URL www.myoldsite.com/about-us returns a 404 /index.php not found. This I can tell is coming from Wordpress.
All I need www.myoldsite.com/about-us to point to www.mynewsite.com/about-us/what-we-do using a redirect. If anyone can assist that would be most helpful.
Thanks.
Your RewriteRule is awfully long. I just successfully did the following with no fuss:
RewriteRule ^about-us(/?)$ https://www.google.com/about/ [R=301,L]
I think the forward-slash at the beginning of about-us in your rule is causing a problem.
Also, I'm not 100% sure whether or not browsers cache these redirects, but I've had some trouble in the past with Firefox and 301 redirects where after a change Firefox's behavior continued as before the change and opening a new browser (Safari) worked. You might check into that.
OK. Hopefully someone can help me with a suggestion-
I have a WordPress multisite using subfolders
I am using WooCommerce
I have a std Ubuntu 12.04/LAMP server with a GoDaddy Certificate installed
If it turn on SSL, it affects my entire domain (obviously) so my primary site ends up as:
'https://main-sitename.com'
My multisite blogs also come up as:
https://main-sitename.com/blogname-1
https://main-sitename.com/blogname-2
and so on. ALL of my menu links are also https which disables outside links because the urls all get prepended with https. :-/
What I am trying to do is get this:
http://main-sitename.com
http://main-sitename.com/blogname-1
http://main-sitename.com/blogname-2
https://main-sitename.com/shop/ (WooCommerce will force HTTPS on checkout and then un-enforce it when done).
So, Anyone have any ideas on how I can remedy this? On an interesting note, when I had the EXACT same site on Rackspace Cloud Sites everything worked fine. When I moved to a self managed Cloudserver this happened. Is there something I missed?
It sounds like SSLRequireSSL has been set for the entire server. Since you only want to enforce HTTPS on /shop/ directory. Add a .htaccess file in that directory that contains:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This will force anyone connecting to your shop with http:// to be redirected to the same URI, but on https://
EDIT 2
This works for me (with www.myserver.com changed to my real server name). I'm using date and name permalinks in WP. As soon as I go to http://www.myserver.com/shop/ I'm redirected to https. It preserves the URI.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
# Addition to force redirect to https when they visit the shop!
RewriteBase /
RewriteCond %{HTTPS} !on
RewriteRule (shop/.*$) https://www.myserver.com/$1 [R=301,L]
# Back to WordPress changes
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress