Solved

.htacces, redirect http to https

Posted on 2014-04-18
3
349 Views
Last Modified: 2014-04-29
I'm hoping this one is easy.

Here is our current .htaccess file

AddType application/octet-stream .ova

RewriteEngine on
# do not do anything for already existing files
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule .+ - [L]

# Handle redirection to routes
RewriteRule     ^public/(.*) app/routes/public/$1 [L]
RewriteRule     ^admin/(.*) app/routes/admin/www/$1 [L]
RewriteRule     ^adminv2/(.*) app/routes/adminv2/www/$1 [L]

# Handle framework requests
RewriteRule ^(.*)$ app/routes/public/$1  [L]
AddType x-httpd-php53 .php

Open in new window


It redirects all requests to a CMS file which handles displaying the correct page. We've also got stuff in there which allows links to direct files to work.

I'm trying to force all http requests to https, however when I try to add it, it either breaks links to direct files, breaks the CMS, or forces the browser into a loop.

The rules I think we need to add are; the first rule redirects non-www to www, the second I think should handle the redirection of http.

RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.voip-sec.com/$1 [L,R=301]

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.voip-sec.com/$1 [L,R=301]

Open in new window


but I seem to be unable to get them to work correctly with the existing rules.
0
Comment
Question by:SheppardDigital
  • 2
3 Comments
 
LVL 34

Expert Comment

by:gr8gonzo
Comment Utility
1. Check out my article on .htaccess - it might be helpful:
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/A_10732-The-Basics-of-htaccess-Files-and-URL-Redirection.html

2. If you've added those rules to the end, then any previous rules that "hit" will keep your new rules from being executed, because of the "L" flag which indicates the Last Rule (my article covers this), so try adding them above the other rules.

3. I would suggest making your first "non-www-to-www" rule also redirect them to https at the same time so you avoid a second redirect.
0
 

Author Comment

by:SheppardDigital
Comment Utility
Thanks, I've amended the .htaccess file to this...

AddType application/octet-stream .ova

RewriteEngine on

RewriteCond %{HTTP_HOST} !^www.voip-sec.com$ [NC]
RewriteRule ^(.*)$ https://www.voip-sec.com/$1 [R]

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.voip-sec.com/$1 [L,R=301]

# do not do anything for already existing files
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule .+ - [L]

# Handle redirection to routes
RewriteRule     ^public/(.*) app/routes/public/$1 [L]
RewriteRule     ^admin/(.*) app/routes/admin/www/$1 [L]
RewriteRule     ^adminv2/(.*) app/routes/adminv2/www/$1 [L]

# Handle framework requests
RewriteRule ^(.*)$ app/routes/public/$1  [L]
AddType x-httpd-php53 .php

Open in new window


My reasoning is I'm saying if HTTPS is off, then redirect to the https URL using a redirect and the L flag to stop processing further rules. In theory I think this should work, however it sends the script in a redirect. The URL does indeed change to https but it's like the .htaccess file doesn't see the https in the URL and constantly tries to redirect.

I did try using PHP to do this, but I believe some setting on the server always returns port 80 as the port regardless of whether the protocol is http or https. I'm not sure if this could be the cause of the problem?
0
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 500 total points
Comment Utility
Try changing your HTTPS condition from "off" to "!=on"
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

When working in a large software development team, whether you have many developers working on the same projects, or your project is linked to other projects; it is very important that developers regularly perform "get latest" to ensure that the cha…
Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
This video discusses moving either the default database or any database to a new volume.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now