Question posted in
Some documentation to get you started can be found here.

Implement a redirect to Secure to website – Apache

Implement a redirect to HTTPS to website

Earlier we have a website with HTTP, and recently we have purchased in to HTTPS. Now I am tried to implement the redirect to HTTPS.

For this I tried below code in

    <IfModule mod_rewrite.c>
    ## enable rewrites
    
    Options +FollowSymlinks
    RewriteEngine On 
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ www.example.com/$1 [R,L] 
     
    </IfModule>

When I uploaded the .htaccess file with above code. The website is not able to display.

And my entire .htaccess file as below.

    #DirectoryIndex index.html

#AddType application/x-httpd-php5 .html .htm
#AddType application/x-httpd-php .html .htm
#RemoveHandler .html .htm
#AddType application/x-httpd-php .html .htm
#RewriteRule ^/?inscription/map.html$ - [F,L]

<FilesMatch ".html$" >
    #ForceType application/x-httpd-php
</FilesMatch>

#Canonicalization  issue
RewriteCond %{HTTP_HOST} !^www.example.com$ [NC]
RewriteRule ^(.*)$ www.example.com/$1 [L,R=301]

#Google Caching Issue
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ www.example.com/$1 [R,L]


<IfModule mod_rewrite.c>
## enable rewrites

Options +FollowSymlinks
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80
#RewriteRule ^(.*)$ www.example.com/$1 [R,L]

#Redirect from http to https 
#RewriteCond %{HTTP:X-Forwarded-Proto} !https
#RewriteCond %{HTTPS} off
#RewriteRule ^ www.example.com/ [L,R=301]


ErrorDocument 404 www.example.com     
 
 
</IfModule> 

<IfModule mod_expires.c>
 ExpiresActive on
 ExpiresDefault "access plus 1 month"
 ExpiresByType application/javascript "access plus 1 year"
 ExpiresByType image/x-icon "access plus 1 year"
 ExpiresByType image/jpg "access plus 1 month"
 ExpiresByType image/jpeg "access plus 1 month"
 ExpiresByType image/gif "access plus 1 month"
 ExpiresByType image/png "access plus 1 month"
 ExpiresByType text/css "access plus 1 month"
</IfModule>

<IfModule mod_deflate.c>
  # Compress HTML, CSS, JavaScript, Text, XML and fonts
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
  AddOutputFilterByType DEFLATE application/x-font
  AddOutputFilterByType DEFLATE application/x-font-opentype
  AddOutputFilterByType DEFLATE application/x-font-otf
  AddOutputFilterByType DEFLATE application/x-font-truetype
  AddOutputFilterByType DEFLATE application/x-font-ttf
  AddOutputFilterByType DEFLATE application/x-javascript
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE font/opentype
  AddOutputFilterByType DEFLATE font/otf
  AddOutputFilterByType DEFLATE font/ttf
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE image/x-icon
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/javascript
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/xml

  # Remove browser bugs (only needed for really old browsers)
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4.0[678] no-gzip
  BrowserMatch bMSIE !no-gzip !gzip-only-text/html
  Header append Vary User-Agent
</IfModule>


<Files "phpinfo.php">
     
    Order Allow,Deny
    Deny from all
</Files>

#<Files >

#AddType application/x-httpd-php .html .htm

#</Files>

Options -Indexes

Can you please help on this. to implement the redirection from http to https.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Solved with below code.

    #Force from http to https 
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  2. 0 
    RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ www.example.com/$1 [R,L]

    You need to include the scheme, ie. https in the substitution string. For example:

    RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

    The same applies to all the other redirects in your .htaccess file.

    If you don’t explicitly include the HTTPS scheme in a HTTP to HTTPS redirect then it’s never going to redirect to HTTPS. However, a relative path substitution (ie. one that does not start with a scheme or slash) is seen as relative to the current directory (unless RewriteBase is defined). So, a substitution string like www.example.com will effectively be treated as a subdirectory from the current directory (document root) and attempting to convert this into an external redirect will result in a malformed redirect like http://www.example.com/path/to/public_html/www.example.com/<foo>.

    ErrorDocument 404 www.example.com

    You have a similar issue with your ErrorDocument directive. However, you should not be "redirecting" to the custom error document (which is what will happen if you specify an absolute URL here). You should define a custom error document. eg. /errors/my404.html and state this in the ErrorDocument directive:

    ErrorDocument 404 /errors/my404.html

    The custom error document is then served using an internal subrequest. There is no "external redirect" here.

    UPDATE#1:

    Can you please edit above .htaccess file and post here?

    I’ve removed all the commented-out code sections – so add those back as appropriate. Although several of the mod_rewrite sections that were commented out I assume are just earlier/incorrect attempts. I’ve also reordered some bits (eg. it is more logical to define Options and ErrorDocument directives early in the file – you certainly shouldn’t split these up). I’ve omitted the mod_expires and mod_deflate sections for brevity.

    I’ve also updated the deprecated mod_access_compat (Order, Deny, etc.) directives for Apache 2.4 Require all denied.

    I’m also assuming the www subdomain is canonical and you have no other subdomains.

    # Allow FollowSymlinks (required for mod_rewrite)
# and prevent directory listings (mod_autoindex)
Options +FollowSymlinks -Indexes

# Define custom error documents
ErrorDocument 404 /errors/my404.html     

# Block access to specific files
<Files "phpinfo.php">
    Require all denied     
</Files>

# Enable mod_rewrite rewrite engine
RewriteEngine On 

# Canonical redirect: non-www to www (and HTTPS)
RewriteCond %{HTTP_HOST} !^www.
RewriteRule (.*) https://www.%{HTTP_HOST}/$1 [R=301,L]

# Canonical redirect: HTTP to HTTPS
RewriteCond %{SERVER_PORT} 80
RewriteRule (.*) https://www.example.com/$1 [R=301,L]

# mod_expires directives go here...

# mod_deflate directives go here...

    Clear your browser cache before testing and test first with 302 (temporary) redirects to avoid potential caching issues.

    Note I assume you have already tested the SERVER_PORT 80 check and this works as intended on your server*1. I notice in your commented-out code you are also checking the X-Forwarded-Proto HTTP request header – this is only required if your application server is behind a front-end proxy that manages the HTTPS connection. If this is the case then checking SERVER_PORT (or HTTPS) may fail.

    *1 UPDATE#2: It seems this is not the case and you are having to implement a non-standard check for %{ENV:HTTPS} instead of checking the SERVER_PORT, which is resulting in a redirect loop. This implies that your webhost (a shared hosting platform I assume) is using some kind of front-end proxy to manage the SSL connection and your application server is actually communicating over plain HTTP to the front-end proxy.

    # Force from http to https 
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search