Solved

REWRITE RULE - Forcing https to http for Non-SSL site using HTACCESS

Posted on 2016-10-26
9
52 Views
Last Modified: 2016-11-02
Hi all -
I have sites where I force HTTP -> HTTPS using this code in HTACCESS:
   RewriteEngine On
   RewriteCond %{SERVER_PORT} 80
   RewriteRule ^(.*)$ https://example.com/$1 [R,L]      
NOW I have a site that used to use an SSL Certif, and no longer needs one, and my users often access the site still using httpS://example.com
Is there a change to the above 3 lines to force HTTPS -> HTTP instead of HTTPS -> HTTPS ?    
(Or a better way to force HTTPS to HTTP?)  The users still entering https in a browser are receiving that "Invalid Certificate - Run!" error.
0
Comment
Question by:bleggee
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 250 total points
ID: 41861367
No, unfortunately you can't do it the other way around when there isn't a certificate.  The HTTPS connection is made or attempted before anything else happens.  The "Invalid Certificate - Run!" error comes from the browser, not the server.

The only way to eliminate that error message is to get the certificate again.
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 125 total points
ID: 41861537
The point Dave makes is that a valid certificate must exists or the user will get an allert warning about the expired certificate before the refirect can be processed.

The functionality is such that credential exchange has to be completed before the client can Make a request and the server respond.

Renewing the certificate, and using a refirect mechanism that includes a delay long enough to display a page stating https access is going away.

Though your move is counter to the current trend where most sites are going towards encrypted sites.

If you are determined, either leave the expired cert which will alert each user attempting secure access. This is a more reliable notifier where the client will have to add an exception before they could continue on.
Using redirect test on whether the connection is secure, before sending it back to an unsecure URL.
Testing for port 443 or reversing your rewrite....
0
 
LVL 42

Expert Comment

by:Rob Jurd, EE MVE
ID: 41865490
My first thought is to use https://letsencrypt.org/ to get a certificate if cost is an issue?

That said, where have you placed your .htaccess redirecting to https?  Depending on the level you put it will determine how much flexibility you have with redirection.  Also is dependant on your config of apache e.g.  for your "default document root".

e.g.

/var/www - nothing gets past this
/var/www/html - the subfolders .htaccess have some flexibility
0
 
LVL 1

Author Comment

by:bleggee
ID: 41865497
Good point Rob - I have used LetsEncrypt.org for certificates, thought the last I knew, they had to be renewed every 3 months. I heard there may be a better solution now from LetsEncrypt (1 year renewal or automated renewals), do you know anything about that?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 42

Assisted Solution

by:Rob Jurd, EE MVE
Rob Jurd, EE MVE earned 125 total points
ID: 41865501
https://certbot.eff.org is the scripting should your server environment be suited.
e.g.for apache on ubuntu, you can see it can be automated (and I do it for one of my local servers): https://certbot.eff.org/#ubuntuxenial-apache
0
 
LVL 42

Expert Comment

by:Rob Jurd, EE MVE
ID: 41865502
hasn't heard about the one year renewals yet though
0
 
LVL 76

Expert Comment

by:arnold
ID: 41865509
If you are event remotely inclined, to entertain extending an SSL certificate remaining on the site might as well consider whether transitioning to the unencrypted (http) is the way to go given your contention that many of the established users/visitors to your site have links/shortcuts to the secure site.

Like the band-Aid, the longer you contemplate on the transition, the longer you will remain in this ambiguous circumstance.

if your site is dynamic, php, etc. your pages could incorporate a check on whether the access is secure, and in those cases, display a banner, to indicate that secure accesses us going away by date certain..........
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 41865519
https://www.startssl.com/ has free certificates.  I use them for my own site.
0
 
LVL 1

Author Comment

by:bleggee
ID: 41871003
Great Info ! Thank you all.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now