Solved

REWRITE RULE - Forcing https to http for Non-SSL site using HTACCESS

Posted on 2016-10-26
9
131 Views
Last Modified: 2016-11-02
Hi all -
I have sites where I force HTTP -> HTTPS using this code in HTACCESS:
   RewriteEngine On
   RewriteCond %{SERVER_PORT} 80
   RewriteRule ^(.*)$ https://example.com/$1 [R,L]      
NOW I have a site that used to use an SSL Certif, and no longer needs one, and my users often access the site still using httpS://example.com
Is there a change to the above 3 lines to force HTTPS -> HTTP instead of HTTPS -> HTTPS ?    
(Or a better way to force HTTPS to HTTP?)  The users still entering https in a browser are receiving that "Invalid Certificate - Run!" error.
0
Comment
Question by:bleggee
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 250 total points
ID: 41861367
No, unfortunately you can't do it the other way around when there isn't a certificate.  The HTTPS connection is made or attempted before anything else happens.  The "Invalid Certificate - Run!" error comes from the browser, not the server.

The only way to eliminate that error message is to get the certificate again.
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 125 total points
ID: 41861537
The point Dave makes is that a valid certificate must exists or the user will get an allert warning about the expired certificate before the refirect can be processed.

The functionality is such that credential exchange has to be completed before the client can Make a request and the server respond.

Renewing the certificate, and using a refirect mechanism that includes a delay long enough to display a page stating https access is going away.

Though your move is counter to the current trend where most sites are going towards encrypted sites.

If you are determined, either leave the expired cert which will alert each user attempting secure access. This is a more reliable notifier where the client will have to add an exception before they could continue on.
Using redirect test on whether the connection is secure, before sending it back to an unsecure URL.
Testing for port 443 or reversing your rewrite....
0
 
LVL 42

Expert Comment

by:Rob Jurd, EE MVE
ID: 41865490
My first thought is to use https://letsencrypt.org/ to get a certificate if cost is an issue?

That said, where have you placed your .htaccess redirecting to https?  Depending on the level you put it will determine how much flexibility you have with redirection.  Also is dependant on your config of apache e.g.  for your "default document root".

e.g.

/var/www - nothing gets past this
/var/www/html - the subfolders .htaccess have some flexibility
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 1

Author Comment

by:bleggee
ID: 41865497
Good point Rob - I have used LetsEncrypt.org for certificates, thought the last I knew, they had to be renewed every 3 months. I heard there may be a better solution now from LetsEncrypt (1 year renewal or automated renewals), do you know anything about that?
0
 
LVL 42

Assisted Solution

by:Rob Jurd, EE MVE
Rob Jurd, EE MVE earned 125 total points
ID: 41865501
https://certbot.eff.org is the scripting should your server environment be suited.
e.g.for apache on ubuntu, you can see it can be automated (and I do it for one of my local servers): https://certbot.eff.org/#ubuntuxenial-apache
0
 
LVL 42

Expert Comment

by:Rob Jurd, EE MVE
ID: 41865502
hasn't heard about the one year renewals yet though
0
 
LVL 77

Expert Comment

by:arnold
ID: 41865509
If you are event remotely inclined, to entertain extending an SSL certificate remaining on the site might as well consider whether transitioning to the unencrypted (http) is the way to go given your contention that many of the established users/visitors to your site have links/shortcuts to the secure site.

Like the band-Aid, the longer you contemplate on the transition, the longer you will remain in this ambiguous circumstance.

if your site is dynamic, php, etc. your pages could incorporate a check on whether the access is secure, and in those cases, display a banner, to indicate that secure accesses us going away by date certain..........
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41865519
https://www.startssl.com/ has free certificates.  I use them for my own site.
0
 
LVL 1

Author Comment

by:bleggee
ID: 41871003
Great Info ! Thank you all.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question