We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.
mod_rewrite to https or http
I have a rewrite rule in my htaccess file that sends all traffic to https. I have a unique situation that requires one page in my site to not be redirected to https. How can I accomplish this.
This is the rule I am using to send everything to https.
However, I need this rule to go to http instead.
This is the rule I am using to send everything to https.
RewriteRule ^(.*)$ https://www.bumpum.com/$1 [R=301,L]
However, I need this rule to go to http instead.
RewriteRule ^/?fb/(.*)$ /social_redirects.php?sign_serial=$1 [QSA,NC,L]
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Weird. It should of worked.
Anyway, add the full path to the second rule.
Anyway, add the full path to the second rule.
RewriteRule ^/?fb/(.*)$ http://www.bumpum.com/social_redirects.php?sign_serial=$1 [QSA,NC,L]
If I put it like this it still does not work. Still redirects all to https
If I put it like this it fails in the browser and says this webpage has a redirect loop.
RewriteRule ^(.*)$ https://www.bumpum.com/$1 [R=301,L]
RewriteRule ^/?fb/(.*)$ http://www.bumpum.com/social_redirects.php?sign_serial=$1 [QSA,NC,L]
If I put it like this it fails in the browser and says this webpage has a redirect loop.
RewriteRule ^/?fb/(.*)$ http://www.bumpum.com/social_redirects.php?sign_serial=$1 [QSA,NC,L]
RewriteRule ^(.*)$ https://www.bumpum.com/$1 [R=301,L]
Both rules have an L at the end, meaning they are the last rules used, if true.
So yes, this:
But reversing the order should produce correct results: if the page is of the form http://www.bumpum.com/fb/something then the first rule is applied and the next is ignored, if not then the second rule is applied.
Can you please try another browser? Maybe it's a caching issue.
So yes, this:
RewriteRule ^(.*)$ https://www.bumpum.com/$1 [R=301,L]
RewriteRule ^/?fb/(.*)$ http://www.bumpum.com/social_redirects.php?sign_serial=$1 [QSA,NC,L]
But reversing the order should produce correct results: if the page is of the form http://www.bumpum.com/fb/something then the first rule is applied and the next is ignored, if not then the second rule is applied.
Can you please try another browser? Maybe it's a caching issue.
I have now tried multiple browsers and multiple computers. I always get the same results.
If i put this first it comes back with a browser failure (redirect loop) Its like the L is not working at all.
I also tried it like this and it does not work either. I removed the L thinking it might move to the next rule but does not work. I tried every combination I can think of.
If i put this first it comes back with a browser failure (redirect loop) Its like the L is not working at all.
RewriteRule ^/?fb/(.*)$ http://www.bumpum.com/social_redirects.php?sign_serial=$1 [QSA,NC,L]
I also tried it like this and it does not work either. I removed the L thinking it might move to the next rule but does not work. I tried every combination I can think of.
RewriteRule ^(.*)$ https://www.bumpum.com/$1 [R=301]
RewriteRule ^/?fb/(.*)$ http://www.bumpum.com/social_redirects.php?sign_serial=$1 [QSA,NC,L]
In PHP you can detect HTTPS and use header("Location:...") to redirect the browser. You would want to be mindful of the risk of complex interaction between .htaccess and the PHP redirect.
http://php.net/manual/en/reserved.variables.server.php
http://php.net/manual/en/reserved.variables.server.php
I have a very similar problem to this one.
All traffic to a site must be https, so I rewrite all URLS to redirect to https.
BUT I have one URL which comes not from the browser but an embedded activeX control which must go directly to CGI. This does not work.
I'm still fiddling, so I'll keep you posted.
All traffic to a site must be https, so I rewrite all URLS to redirect to https.
BUT I have one URL which comes not from the browser but an embedded activeX control which must go directly to CGI. This does not work.
I'm still fiddling, so I'll keep you posted.
@ray - the reason I cannot use that is I am using NFC technology in my application to redirect to a social media ap and if I send it to https first it opens up a browser window and sends them to the site in the browser which is not what I want to do. If I use http: it sends them to my redirect page then the phone prompts the user to use their social ap to open and that is what I want to do. So I only need the one page to go to http: and all others to go to https: It will need to be done in the rewrite.
@Steve - I do not know how to implement what you are saying. If you could give me an example it would be greatly appreciated.
@Steve - I do not know how to implement what you are saying. If you could give me an example it would be greatly appreciated.
Well, you've got an "interesting" design here -- one that nobody else uses and now you can see why not :-) Here's an alternative idea:
Get rid of the .htaccess and instead use a common script element at the top of all of your PHP web pages. Most web sites and web applications are designed this way - something that starts the session, connects to the database, loads the class definitions, etc. This PHP script can examine the URL it's using by looking in $_SERVER['PHP_SELF']. If the URL is the "magic one" that needs to be HTTP, no action occurs. Otherwise the script redirects with header("Location") to the HTTPS version. Your logic looks like this:
1. Am I running under HTTPS?
1.A. Yes, continue
2. Am I supposed to run under HTTP?
2.A. Yes, continue
3. header("Location...") // redirect to same REQUEST_URI but with HTTPS protocol.
Get rid of the .htaccess and instead use a common script element at the top of all of your PHP web pages. Most web sites and web applications are designed this way - something that starts the session, connects to the database, loads the class definitions, etc. This PHP script can examine the URL it's using by looking in $_SERVER['PHP_SELF']. If the URL is the "magic one" that needs to be HTTP, no action occurs. Otherwise the script redirects with header("Location") to the HTTPS version. Your logic looks like this:
1. Am I running under HTTPS?
1.A. Yes, continue
2. Am I supposed to run under HTTP?
2.A. Yes, continue
3. header("Location...") // redirect to same REQUEST_URI but with HTTPS protocol.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Good luck with it. I'm pretty sure it's sound in theory, so if you have any issues implementing it in practice, please post back here and we will be glad to help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - PowerPoint 2013… 214 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Word 2013 Part … 198 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
Open in new window
HTH,Dan