I know there are lots of similar questions, but I spent more than 2 days investigating it with no success, so you are my last hope )
I wrote following rewrite rules:
RewriteCond %{HTTPS} off [NC]
RewriteCond %{REQUEST_URI} ^((/member/settings)?/orders/?)$ [NC]
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L,R=301]
RewriteRule \.(gif|jpe?g|png|css|js|eot|woff|ttf|svg)$ - [NC,L]
RewriteCond %{HTTPS} on [NC]
RewriteCond %{REQUEST_URI} !^((/member/settings)?/orders/?)$ [NC]
RewriteRule (.*) http://%{HTTP_HOST}/$1 [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [NC,QSA,L]
I want URLs example.com/orders/ and example.com/member/settings/orders/ always redirect to HTTPS, and all others force using HTTP. Also all queries should be forward to index.php.
And, obviously, all media files should stay in same protocol as they was requested.
When I'm requesting http://example.com/orders/ first it redirects to https://example.com/orders/, but then redirects second time to http://example.com/index.php?/orders/ . What actually is expected, but problem is that 'index.php' appears in browser's address bar.
The question is how to get rid of 'index.php' in browser's address bar?
Any help will be appreciate.
then redirects second time to http://example.com/index.php?/orders/ .... I have no idea from where 'index.php' comes up in URL...
Because you have a RewriteRule to do just that:
RewriteRule ^(.*)$ index.php?/$1 [NC,QSA,L]
Not sure what you're trying to accomplish in that block, but try getting rid of it.
Related
I am using WordPress. I need to force all pages to use HTTPS, expect one specific page that has an iframe with insecure content that cannot be replaced.
I have tried many different configurations in my .htaccess file. Some of them have worked better than other, but none of them have worked completely.
The problem I'm running into is that the navigation menus on the site use relative links. I've found some options that have allowed me to force HTTP on the iframe page, but then any navigation links clicked on that page (outside of the iframe) do not redirect back to the HTTPS version of those pages.
Here is one example I've come across that doesn't quite work.
<IfModule mod_rewrite.c>
RewriteEngine On
# Go to https if not on /iframe/
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/iframe/$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
# Go to http if you are on /iframe/
RewriteCond %{SERVER_PORT} !80
RewriteCond %{REQUEST_URI} ^/iframe/$ [NC]
RewriteRule ^(.*)$ https//www.example.com/$1 [R=301,L]
</IfModule>
You can use the following rules in your .htaccess file to achieve that. What this does is first check if HTTPs is not on, if not, then it will forward everything to HTTPs except for the directory /iframe/. The second rule checks if HTTPs is on, if so then it will redirect /frame/ back to HTTP.
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteCond %{REQUEST_URI} !^\/(iframe)
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L,R=301]
RewriteCond %{HTTP:X-Forwarded-SSL} =on
RewriteCond %{REQUEST_URI} ^\/(iframe)
RewriteRule (.*) http://%{HTTP_HOST}/$1 [L,R=301]
Make sure you clear your cache before testing this.
EDIT:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} !/iframe/ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} ^/iframe/ [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I have checked all of the related questions I can find in here (and in Google in general), and tried all of the various solutions given, but haven't been able to get this to work.
I am working on a Wordpress site that has recently gone SSL. I have set it up so that all pages are forced to https by adjusting the Settings page in the Admin area, adding the appropriate line to the wp-config file to force the admin side to be https and have modified my htaccess files to the following:
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/branding/
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} on
RewriteRule ^branding/ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Here's what I would like this to do...
1) http://www.example.com/ (and any sub pages except branding) gets redirected to https://example.com
2) http://example.com/branding stays as it is
3) https://example.com/branding is redirected to http://example.com/branding
The above htaccess code works to force the http: to https:, however, if I enter either http://example.com/branding or https://example.com/branding I am redirected to https://example.com.
I have used numerous variations of the initial Rewrite code and placed it in various places (as instructed in various other answers to similar questions here) with no change to the result.
If anyone can tell me where my error is and how to fix it, it would be much appreciated.
Try this:
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/branding/
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} on
RewriteRule ^branding(.*) http://%{HTTP_HOST}/branding$1 [R=301,L]
With the help of a colleague, we got it worked out. Here's the updated code...
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/branding/$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} ^/branding/$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
The WP-specific rules in the htaccess file cause some strange situations to occur. The main one being that there is an internal rewrite from /branding/ to /index.php, and then WP handles the request within the PHP. The file checks will handle the check to ensure that the index.php file exists. WP will internally deal with redirecting valid page requests that don't have trailing slashes.
Been searching for this for hours... Here is the tweak if you need to redirect more than one page to http from https.
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/page1|page2|page3/$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} ^/page1|page2|page3/$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Please give me a suggestion for my question.
when we set permalink in our site then the .htaccess code is
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
my site covert into http to https and i am adding below code to my .htaccess
RewriteRule ^index\.php$ - [L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_FILENAME} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_FILENAME} [L,R=301]
These codes are to redirect when we using www or and http then automatically convert into https:
So my problem is when we add this code to my .htaccess the post name or permalink is not working.
home page was showing and also we can see the wp-admin pages, And all other links (example.www.xyz.com/register) not working.
What i do? Please give your valuable suggestions and answers.
Here is the correct syntax for your .htaccess - just replace domain.com with your actual website domain.
The first rewrite appends the www to all requests, the second rewrite appends the https to all requests.
Make sure to update your general settings in Wordpress as well, which you already commented that you did.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain.com
RewriteRule (.*) http://www.domain.com/$1 [R=301,L]
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://www.domain.com/$1 [r=301,nc,L]
I know this question has been asked several different ways and I've looked/tried many of the suggestions, but not getting anywhere.
I have a site that's mixed http and https where everything /customer and /cart including any subdirectories are https and the rest is http. I'm having a problem with it actually going to https, seems as though it goes to https and right back to http with this.
RewriteEngine On
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteRule (.*) /public.php?debug=%{SERVER_NAME} [NS,QSA,L]
# Redirect to HTTPS if /cart or /customer
RewriteCond %{REQUEST_URI} ^/cart.*
RewriteCond %{REQUEST_URI} ^/customer.*
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
# go back to regular http if not in secure area
RewriteCond %{REQUEST_URI} !^/cart.*
RewriteCond %{REQUEST_URI} !^/customer.*
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R]
#simulate the static pages
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^(.*)$ /public.php?controller=index&action=index [L]
#Main rewrite for application/controller/action decode logic
#RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !/scripts/
RewriteCond %{REQUEST_FILENAME} !/images/
RewriteCond %{REQUEST_FILENAME} !/css/
RewriteRule ^([a-z]+)\/([a-z]+)$ /public.php?controller=$1&action=$2 [QSA,L]
RewriteRule ^([a-z]+)\/$ /public.php?controller=$1 [QSA,L]
RewriteRule ^([a-z]+)\/([a-z]+)$ /$1/$2/ [QSA,L,R]
RewriteRule ^([a-z]+)$ /$1/ [QSA,L,R]
AddHandler php5-script .php
Maybe somebody can straighten me out on this.
TIA
I think your problem is that the RewriteCond rules group together like an 'AND' rather than an 'OR' so the path would have to match 'cart' and 'customer' for the rewriterule to be applied (which wouldn't make sense). Try this..
# redirect non-https requests for /cart or /customer to https
RewriteCond %{HTTPS} off
RewriteRule ^(cart|customer) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# redirect all other https requests to http
RewriteCond %{HTTPS} on
RewriteCond $1 !^(cart|customer)
RewriteRule ^(.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
You can have a look at this question for the similar issue
htaccess (https to http)
Even if you make it work, your page will be semi encrypted and browser will show a red mark at the status bar. You need to make use of http referrer in the conditions too.
We've got a shopping site which we're hosting on a shared host (Mediatemple Gridserver). Some parts of the site need to use HTTPS (checkout etc) but the rest should be using HTTP.
Does anyone know how we can always force the correct use of HTTP/HTTPS for particular URLs? We've had it working in various states but we can't get a request for a page that should be on HTTP but is requested with HTTPS to switch back correctly.
I've had a look around SO but couldn't find a suitable answer to this.
I use something similar to this for my admin folder in wordpress:
#redirect all https traffic to http, unless it is pointed at /checkout
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/checkout/?.*$
RewriteRule ^(.*)$ http://mydomain.com/$1 [R=301,L]
The RewriteCond %{HTTPS} on portion may not work for all web servers. My webhost requires RewriteCond %{HTTP:X-Forwarded-SSL} on, for instance.
If you want to force the reverse, try:
#redirect all http traffic to https, if it is pointed at /checkout
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/checkout/?.*$
RewriteRule ^(.*)$ https://mydomain.com/$1 [R=301,L]
If you want some alternate ways to do it, check out askapache.
This should work in pretty much every scenario and should work in your actual vhost or .htaccess:
RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}/%{REQUEST_URI} [R=301,L]
(do not forget the slash before %{REQUEST_URI} as this may allow passing a portnumber, which is dangerous)
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{SERVER_NAME}/%{REQUEST_URI} [R=301,L]
I had some problem being behind a loadballancer. This how i fixed it.
As detailed in this answer, fix your application to use https:// links when needed. Don't rely on automatic redirections, this could lead you to a false sense of security if you haven't made your links/forms served over https:// go to https:// URLs too. Using mod_rewrite automatically makes it harder to detect such mistakes (which can also be vulnerabilities).
For me worked this (I used it for wordpress site and redirecting to HTTPS). You have to add the condition and rule lines just behind RewriteEngine and RewriteBase lines:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# I added these two lines for redirect to HTTPS
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R=301,L]
# (end of custom modifications)
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress`
Have a look to condition RewriteCond %{HTTP:X-Forwarded-Proto} !https - only this worked for my server hosting.
(I tried RewriteCond %{SERVER_PORT} !^443$ or RewriteCond %{HTTPS} off as well, but without success.
I think it should be:
RewriteCond %{HTTPS} =on
^/checkout(.*) http://shoppingsite.com/checkout$1 [R]
See the mod_rewrite documentation.