• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 375
  • Last Modified:

.htacces, redirect http to https

I'm hoping this one is easy.

Here is our current .htaccess file

AddType application/octet-stream .ova

RewriteEngine on
# do not do anything for already existing files
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule .+ - [L]

# Handle redirection to routes
RewriteRule     ^public/(.*) app/routes/public/$1 [L]
RewriteRule     ^admin/(.*) app/routes/admin/www/$1 [L]
RewriteRule     ^adminv2/(.*) app/routes/adminv2/www/$1 [L]

# Handle framework requests
RewriteRule ^(.*)$ app/routes/public/$1  [L]
AddType x-httpd-php53 .php

Open in new window


It redirects all requests to a CMS file which handles displaying the correct page. We've also got stuff in there which allows links to direct files to work.

I'm trying to force all http requests to https, however when I try to add it, it either breaks links to direct files, breaks the CMS, or forces the browser into a loop.

The rules I think we need to add are; the first rule redirects non-www to www, the second I think should handle the redirection of http.

RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.voip-sec.com/$1 [L,R=301]

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.voip-sec.com/$1 [L,R=301]

Open in new window


but I seem to be unable to get them to work correctly with the existing rules.
0
SheppardDigital
Asked:
SheppardDigital
  • 2
1 Solution
 
gr8gonzoConsultantCommented:
1. Check out my article on .htaccess - it might be helpful:
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/A_10732-The-Basics-of-htaccess-Files-and-URL-Redirection.html

2. If you've added those rules to the end, then any previous rules that "hit" will keep your new rules from being executed, because of the "L" flag which indicates the Last Rule (my article covers this), so try adding them above the other rules.

3. I would suggest making your first "non-www-to-www" rule also redirect them to https at the same time so you avoid a second redirect.
0
 
SheppardDigitalAuthor Commented:
Thanks, I've amended the .htaccess file to this...

AddType application/octet-stream .ova

RewriteEngine on

RewriteCond %{HTTP_HOST} !^www.voip-sec.com$ [NC]
RewriteRule ^(.*)$ https://www.voip-sec.com/$1 [R]

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.voip-sec.com/$1 [L,R=301]

# do not do anything for already existing files
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule .+ - [L]

# Handle redirection to routes
RewriteRule     ^public/(.*) app/routes/public/$1 [L]
RewriteRule     ^admin/(.*) app/routes/admin/www/$1 [L]
RewriteRule     ^adminv2/(.*) app/routes/adminv2/www/$1 [L]

# Handle framework requests
RewriteRule ^(.*)$ app/routes/public/$1  [L]
AddType x-httpd-php53 .php

Open in new window


My reasoning is I'm saying if HTTPS is off, then redirect to the https URL using a redirect and the L flag to stop processing further rules. In theory I think this should work, however it sends the script in a redirect. The URL does indeed change to https but it's like the .htaccess file doesn't see the https in the URL and constantly tries to redirect.

I did try using PHP to do this, but I believe some setting on the server always returns port 80 as the port regardless of whether the protocol is http or https. I'm not sure if this could be the cause of the problem?
0
 
gr8gonzoConsultantCommented:
Try changing your HTTPS condition from "off" to "!=on"
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now