How do I switch between http and https in .htaccess? - http

I know this question has been asked several different ways and I've looked/tried many of the suggestions, but not getting anywhere.
I have a site that's mixed http and https where everything /customer and /cart including any subdirectories are https and the rest is http. I'm having a problem with it actually going to https, seems as though it goes to https and right back to http with this.
RewriteEngine On
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteRule (.*) /public.php?debug=%{SERVER_NAME} [NS,QSA,L]
# Redirect to HTTPS if /cart or /customer
RewriteCond %{REQUEST_URI} ^/cart.*
RewriteCond %{REQUEST_URI} ^/customer.*
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
# go back to regular http if not in secure area
RewriteCond %{REQUEST_URI} !^/cart.*
RewriteCond %{REQUEST_URI} !^/customer.*
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R]
#simulate the static pages
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^(.*)$ /public.php?controller=index&action=index [L]
#Main rewrite for application/controller/action decode logic
#RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !/scripts/
RewriteCond %{REQUEST_FILENAME} !/images/
RewriteCond %{REQUEST_FILENAME} !/css/
RewriteRule ^([a-z]+)\/([a-z]+)$ /public.php?controller=$1&action=$2 [QSA,L]
RewriteRule ^([a-z]+)\/$ /public.php?controller=$1 [QSA,L]
RewriteRule ^([a-z]+)\/([a-z]+)$ /$1/$2/ [QSA,L,R]
RewriteRule ^([a-z]+)$ /$1/ [QSA,L,R]
AddHandler php5-script .php
Maybe somebody can straighten me out on this.
TIA


I think your problem is that the RewriteCond rules group together like an 'AND' rather than an 'OR' so the path would have to match 'cart' and 'customer' for the rewriterule to be applied (which wouldn't make sense). Try this..
# redirect non-https requests for /cart or /customer to https
RewriteCond %{HTTPS} off
RewriteRule ^(cart|customer) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# redirect all other https requests to http
RewriteCond %{HTTPS} on
RewriteCond $1 !^(cart|customer)
RewriteRule ^(.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]


You can have a look at this question for the similar issue
htaccess (https to http)
Even if you make it work, your page will be semi encrypted and browser will show a red mark at the status bar. You need to make use of http referrer in the conditions too.

Related

wordpress mod-rewrite for single non-ssl url

I have a seemingly simple redirection problem, but can't find the correct re-write to get it to work.
For my WordPress site, I basically want all requests to go to https except for one page (/mitel2/) which needs to be served via http.
So in my .htaccess file, this works to redirect https requests on the page in question to http:
RewriteCond %{SERVER_PORT} !80
RewriteCond %{REQUEST_URI} ^/mitel2/$
RewriteRule ^(.*)$ http://www.mysite.co.uk/$1 [R,L]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
As I say, the above works and requests to https://www.mysite.co.uk/mitel2/ are redirected to http://www.mysite.co.uk/mitel2/ - great!
So now I want to redirect all http requests that aren't /mitel2/ to https, so I change my code to this:
RewriteCond %{SERVER_PORT} !80
RewriteCond %{REQUEST_URI} ^/mitel2/$
RewriteRule ^(.*)$ http://www.mysite.co.uk/$1 [R,L]
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/mitel2/$
RewriteRule ^(.*)$ https://www.mysite.co.uk/$1 [R,L]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
But now although my http requests are redirected to https, when I try to load my excluded page over ssl instead of redirecting to the http, it just redirects to the homepage and still over https!
I'm really not sure what's going on here, so any help that you guys can shed would be gratefully received!
Many thanks
Kevin

Redirect one Wordpress page from HTTPS to HTTP

I have checked all of the related questions I can find in here (and in Google in general), and tried all of the various solutions given, but haven't been able to get this to work.
I am working on a Wordpress site that has recently gone SSL. I have set it up so that all pages are forced to https by adjusting the Settings page in the Admin area, adding the appropriate line to the wp-config file to force the admin side to be https and have modified my htaccess files to the following:
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/branding/
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} on
RewriteRule ^branding/ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Here's what I would like this to do...
1) http://www.example.com/ (and any sub pages except branding) gets redirected to https://example.com
2) http://example.com/branding stays as it is
3) https://example.com/branding is redirected to http://example.com/branding
The above htaccess code works to force the http: to https:, however, if I enter either http://example.com/branding or https://example.com/branding I am redirected to https://example.com.
I have used numerous variations of the initial Rewrite code and placed it in various places (as instructed in various other answers to similar questions here) with no change to the result.
If anyone can tell me where my error is and how to fix it, it would be much appreciated.

Try this:
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/branding/
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} on
RewriteRule ^branding(.*) http://%{HTTP_HOST}/branding$1 [R=301,L]

With the help of a colleague, we got it worked out. Here's the updated code...
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/branding/$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} ^/branding/$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
The WP-specific rules in the htaccess file cause some strange situations to occur. The main one being that there is an internal rewrite from /branding/ to /index.php, and then WP handles the request within the PHP. The file checks will handle the check to ensure that the index.php file exists. WP will internally deal with redirecting valid page requests that don't have trailing slashes.

Been searching for this for hours... Here is the tweak if you need to redirect more than one page to http from https.
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/page1|page2|page3/$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} ^/page1|page2|page3/$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Switching http to https using mod_rewrite

I know there are lots of similar questions, but I spent more than 2 days investigating it with no success, so you are my last hope )
I wrote following rewrite rules:
RewriteCond %{HTTPS} off [NC]
RewriteCond %{REQUEST_URI} ^((/member/settings)?/orders/?)$ [NC]
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L,R=301]
RewriteRule \.(gif|jpe?g|png|css|js|eot|woff|ttf|svg)$ - [NC,L]
RewriteCond %{HTTPS} on [NC]
RewriteCond %{REQUEST_URI} !^((/member/settings)?/orders/?)$ [NC]
RewriteRule (.*) http://%{HTTP_HOST}/$1 [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [NC,QSA,L]
I want URLs example.com/orders/ and example.com/member/settings/orders/ always redirect to HTTPS, and all others force using HTTP. Also all queries should be forward to index.php.
And, obviously, all media files should stay in same protocol as they was requested.
When I'm requesting http://example.com/orders/ first it redirects to https://example.com/orders/, but then redirects second time to http://example.com/index.php?/orders/ . What actually is expected, but problem is that 'index.php' appears in browser's address bar.
The question is how to get rid of 'index.php' in browser's address bar?
Any help will be appreciate.

then redirects second time to http://example.com/index.php?/orders/ .... I have no idea from where 'index.php' comes up in URL...
Because you have a RewriteRule to do just that:
RewriteRule ^(.*)$ index.php?/$1 [NC,QSA,L]
Not sure what you're trying to accomplish in that block, but try getting rid of it.

htaccess force ssl except for rss feeds

My site currently forces SSL everywhere. This is the way that I want except that it is causing issues with my RSS driven newsletter and feedburner. Due to this I need to make exceptions for my feeds.
Can someone help with the proper htaccess rules to pull this off?
My feeds are
/feed
/shop/feed
/forum/discussions/feed.rss
Here is my condition for forcing SSL. This works except that all RSS feeds are forced to.
# Force SSL
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/forum [NC]
RewriteRule ^/?(.*)$ https://photoboothowners.com/$1 [R=301,QSA,L,NE]
I tried the following but it did not seem to work correctly.
# Force SSL
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/forum [OR]
RewriteCond %{REQUEST_URI} !^/feed [OR]
RewriteCond %{REQUEST_URI} !^/shop/forum [NC]
RewriteRule ^/?(.*)$ https://photoboothowners.com/$1 [R=301,QSA,L,NE]
Your help is greatly appreciated!
Update: This is my current .htaccess file in the root of my server. This is currently redirecting http://photoboothowners.com/feed to https://photoboothowners.com (notice it is dropping the feed directory).
RewriteEngine on
# Use PHP5CGI as default
AddHandler fcgid-script .php
RewriteCond %{HTTP_HOST} ^buyaphotobooth\.net$ [OR]
RewriteCond %{HTTP_HOST} ^www\.buyaphotobooth\.net$
RewriteRule ^/?$ "https\:\/\/photoboothowners\.com\/starting\-a\-photo\-booth\-business\-build\-or\-buy" [R=301,L]
RewriteCond %{HTTP_HOST} ^photoboothforums\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.photoboothforums\.com$
RewriteRule ^/?$ "https\:\/\/photoboothowners\.com\/forum" [R=301,L]
# Force SSL
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/forum [NC]
RewriteCond %{REQUEST_URI} !feed [NC]
RewriteRule ^/?(.*)$ https://photoboothowners.com/$1 [R=301,QSA,L,NE]
RewriteCond %{HTTP_HOST} ^photoboothowners\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.photoboothowners\.com$
RewriteRule ^how\-to\-use\-our\-premium\-print\-designs\-in\-breeze\-dslr\-remote\-pro\/?(.*)$ "https\:\/\/photoboothowners\.com\/how\-to\-use\-our\-photo\-booth\-template\-designs\-in\-breeze\-dslr\-remote\-pro$1" [R=301,L]
RewriteOptions inherit
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^shop\/photo\-booth\-layouts\-and\-samples\.html$ "https\:\/\/photoboothowners\.com\/shop" [R=301,L]
<Files 403.shtml>
order allow,deny
allow from all
</Files>

Your rules are using OR so they read as:
if server port is 80 and the request is not forum OR it is not feed OR it is not shop/forum
That's going to match everything. Get rid of both of the [OR] so that the match reads:
if server port is 80 and the request is not forum AND it is not feed AND it is not shop/forum
EDIT:
Per your updated question, the following line is missing a slash:
RewriteCond %{REQUEST_URI} !feed [NC]
should be
RewriteCond %{REQUEST_URI} !/feed [NC]

http to https through .htaccess

I've had a look through existing questions, but I haven't really come across anything which works for me.
I'm currently running a site with a Secure SSL certificate. It can be accessed at https://www.example.co.uk a problem is the site can also be accessed at http://www.example.co.uk - I don't want this to be possible. I need it to redirect from http to https.
I found this one snippet of code to use in an .htaccess file.
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.co.uk [NC]
RewriteRule ^(.*)$ https://example.co.uk/$1 [L,R=301]
This works fine when the user enters example.co.uk into their address bar, but I also need to add a conditional statement of some sort so that if the user enters 'www.example.co.uk' or 'http://www.example.co.uk'.
I've tried using the likes of [OR], but this ends up creating server errors.
Any help and suggestions is appreciated.
Cheers.

Try the following:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Also, you can also redirect based on port number, for example:
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
This will redirect all requests received on port 80 to HTTPS.

Add the following code in .htaccess file.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
change example.com with your website domain
URLs redirect tutorial can be found from here - Redirect non-www to www & HTTP to HTTPS using .htaccess file

Try this, I used it and it works fine
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Try this:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Source:
https://www.ndchost.com/wiki/apache/redirect-http-to-https
(I tried so many different blocks of code, this 3 liner worked flawlessly)

For me work ONLY this variant:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Thanks https://www.reg.ru/support/hosting-i-servery/sajty-i-domeny/kak-dobavit-redirekt/redirekt-s-http-na-https (in Russian)

I try all of above code but any code is not working for my website.then i try this code and This code is running perfect for my website. You can use the following Rule in htaccess :
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
//Redirect http to https
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?example\.com
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
//Redirect non-www to www
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]
</IfModule>
Change example.com with your domain name and sorry for my poor english.

# Switch rewrite engine off in case this was installed under HostPay.
RewriteEngine Off
SetEnv DEFAULT_PHP_VERSION 7
DirectoryIndex index.cgi index.php
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# RewriteCond %{HTTP_HOST} ^compasscommunity.co.uk\.com$ [NC]
# RewriteRule ^(.*)$ https://www.compasscommunity.co.uk/$1 [L,R=301]

To redirect http://example.com or http://www.example.com to https://www.example.com in a simple way, you can use the following Rule in htaccess :
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond www.%{HTTP_HOST} ^(?:www\.)?(www\..+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [NE,L,R]
[Tested]
%{REQUEST_SCHEME} variable is available since apache 2.4 , this variable contains the value of requested scheme (http or https), on apache 2.4 you can use the following rule :
RewriteEngine on
RewriteCond %{REQUEST_SCHEME} ^http$
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [NE,L,R]

There are better and more secure ways to make sure that all your traffic goes over https. For example setting up two virtual hosts and redirecting all traffic from your http to your https host. Read more on this in this answer here on security.stackexchange.com.
With setting up a virtual host for redirecting you can send a 301 status (redirect permanently) so the browser understands that all the following requests should be sent to the https server where it was redirected to. Hence no further http requests will be made after the first redirect response.
You should also carefully check the given answers because with the wrong rewrite rules set you might loose the query params from your incoming requests.

If you want to redirect HTTP to HTTPS and want to add www with each URL, use the htaccess below
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
it will first redirect HTTP to HTTPS and then it will redirect to www.

Since this is one of the top results in the search, if you're trying to add http to https redirect on AWS beanstalk, the accepted solution will not work.
You need following code instead:
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^.*$ https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

Try this
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

Perfect Code Going to HTML index :
RewriteEngine on
RewriteCond %{HTTP_HOST} ^YourNameWebsite\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.YourNameWebsite\.com$
RewriteRule ^/?$ "https\:\/\/YourNameWebsite\.com\/index\.html" [R=301,L]
Or
Perfect Code Going to PHP index :
RewriteEngine on
RewriteCond %{HTTP_HOST} ^YourNameWebsite\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.YourNameWebsite\.com$
RewriteRule ^/?$ "https\:\/\/YourNameWebsite\.com\/index\.php" [R=301,L]

None of these worked for me, except for this. My site was hosted in https://www.asmallorange.com
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

The below code, when added to the .htaccess file, will automatically redirect any traffic destined for http: to https:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</IfModule>
If your project is in Laravel add the two lines
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
just below RewriteEngine On. Finally your .htaccess file will look like the following.
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
Visite here to more information

in .htaccess file add following line to restrict http access
SSLRequireSSL

for some reason its inverted in my host
so if i want it to reditect i need to check if https is on and then redirect to https
RewriteCond %{HTTPS} =on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R=301]
is the code i use

Resources