Hello we have a website where we need to map every current http page to https to apply the ssl.
If we force SSL in the site ; the SSL works but its returning the list of files.
Tried with this code
RewriteEngine on
RewriteCond %{HTTPS} on
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
and this code
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
[![enter image description here][1]][1]
If we map https to http then the site works fine but they are all non secure page.
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
How to fix that. We want SSL and site both to work properly . The site is build with Typo 3 cms
Additional information
I have found index file and another htaccess files under public_htmlsite and public_htmlsite4 folder. The site is not developed by me. So I cannot tell which is the correct index file. the htacess file under site folder is empty. however the htaccess file under site4 folder has some code in it
RewriteEngine On
RewriteRule ^typo3$ - [L]
RewriteRule ^typo3/.*$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule .* index.php
from the cpanel I can see the certificate is valid and installed properly. Can you suggest where to look into for figuring out the issue.
3
Answers
I don’t think it has anything to do with the http->https redirect.
I guess your https domain is configured differently (different DocumentRoot in Apache’s host configuration or a missing VirtualHost for https://.
Your default VirtualHost seems insecure as it allows browsing files that should not be accessible.
Add the below lines in .htaccess for hiding the directory listing
I think your site files are located in the
/site4
subdirectory.However, it looks like the
DocumentRoot
of the HTTP and HTTPS sites are set differently. eg. HTTPS is set as/path/to/public_html
and HTTP is set as/path/to/public_html/site4
. You can access the site athttps://example.com/site4/
(which appears unstyled because it naturally can’t find the stylesheets).http://example.com
appears to have the same content and is styled correctly.You see the directory listing when navigating to
https://example.com/
because there is nothing in thepublic_html
directory (and nor should there be it seems). By disabling directory listings (as mentioned in another answer) you naturally get a 403 Forbidden response.Ideally you need to set the
DocumentRoot
of both the HTTP and HTTPS sites the same… to point to the.../site4
subdirectory I suspect. You would then need to restart Apache for the changes to have an effect.Workaround
As a workaround you may be able to edit the
public_html/.htaccess
file to rewrite all requests for the HTTPS document root to the/site4
subdirectory. However, whether this would actually work or not could still be dependent on your server-side code as theDocumentRoot
is different.Try the following in the
public_html/.htaccess
file (comment out any existing directives):This internally rewrites all requests to
/site4/index.php
.Providing there is another
.htaccess
file at/site4/.htaccess
that also contains mod_rewrite directives to route the request then you shouldn’t have a rewrite loop.