Solved

.htacces, redirect http to https

Posted on 2014-04-18
3
359 Views
Last Modified: 2014-04-29
I'm hoping this one is easy.

Here is our current .htaccess file

AddType application/octet-stream .ova

RewriteEngine on
# do not do anything for already existing files
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule .+ - [L]

# Handle redirection to routes
RewriteRule     ^public/(.*) app/routes/public/$1 [L]
RewriteRule     ^admin/(.*) app/routes/admin/www/$1 [L]
RewriteRule     ^adminv2/(.*) app/routes/adminv2/www/$1 [L]

# Handle framework requests
RewriteRule ^(.*)$ app/routes/public/$1  [L]
AddType x-httpd-php53 .php

Open in new window


It redirects all requests to a CMS file which handles displaying the correct page. We've also got stuff in there which allows links to direct files to work.

I'm trying to force all http requests to https, however when I try to add it, it either breaks links to direct files, breaks the CMS, or forces the browser into a loop.

The rules I think we need to add are; the first rule redirects non-www to www, the second I think should handle the redirection of http.

RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.voip-sec.com/$1 [L,R=301]

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.voip-sec.com/$1 [L,R=301]

Open in new window


but I seem to be unable to get them to work correctly with the existing rules.
0
Comment
Question by:SheppardDigital
  • 2
3 Comments
 
LVL 35

Expert Comment

by:gr8gonzo
ID: 40008744
1. Check out my article on .htaccess - it might be helpful:
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/A_10732-The-Basics-of-htaccess-Files-and-URL-Redirection.html

2. If you've added those rules to the end, then any previous rules that "hit" will keep your new rules from being executed, because of the "L" flag which indicates the Last Rule (my article covers this), so try adding them above the other rules.

3. I would suggest making your first "non-www-to-www" rule also redirect them to https at the same time so you avoid a second redirect.
0
 

Author Comment

by:SheppardDigital
ID: 40009332
Thanks, I've amended the .htaccess file to this...

AddType application/octet-stream .ova

RewriteEngine on

RewriteCond %{HTTP_HOST} !^www.voip-sec.com$ [NC]
RewriteRule ^(.*)$ https://www.voip-sec.com/$1 [R]

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.voip-sec.com/$1 [L,R=301]

# do not do anything for already existing files
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule .+ - [L]

# Handle redirection to routes
RewriteRule     ^public/(.*) app/routes/public/$1 [L]
RewriteRule     ^admin/(.*) app/routes/admin/www/$1 [L]
RewriteRule     ^adminv2/(.*) app/routes/adminv2/www/$1 [L]

# Handle framework requests
RewriteRule ^(.*)$ app/routes/public/$1  [L]
AddType x-httpd-php53 .php

Open in new window


My reasoning is I'm saying if HTTPS is off, then redirect to the https URL using a redirect and the L flag to stop processing further rules. In theory I think this should work, however it sends the script in a redirect. The URL does indeed change to https but it's like the .htaccess file doesn't see the https in the URL and constantly tries to redirect.

I did try using PHP to do this, but I believe some setting on the server always returns port 80 as the port regardless of whether the protocol is http or https. I'm not sure if this could be the cause of the problem?
0
 
LVL 35

Accepted Solution

by:
gr8gonzo earned 500 total points
ID: 40009648
Try changing your HTTPS condition from "off" to "!=on"
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question