cPanel Question posted in
The official documentation can be seen here.

Forcing https. on htaccess is returning list of files . How to fix that? – CPanel

Hello we have a website where we need to map every current http page to https to apply the ssl.

If we force SSL in the site ; the SSL works but its returning the list of files.

Tried with this code 

RewriteEngine on
RewriteCond %{HTTPS} on 
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]

and this code

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
[![enter image description here][1]][1]

If we map https to http then the site works fine but they are all non secure page. 

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

How to fix that. We want SSL and site both to work properly . The site is build with Typo 3 cms

Additional information
I have found index file and another htaccess files under public_htmlsite and public_htmlsite4 folder. The site is not developed by me. So I cannot tell which is the correct index file. the htacess file under site folder is empty. however the htaccess file under site4 folder has some code in it

RewriteEngine On
RewriteRule ^typo3$ - [L]
RewriteRule ^typo3/.*$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule .* index.php

from the cpanel I can see the certificate is valid and installed properly. Can you suggest where to look into for figuring out the issue.

Tags:

3

Answers


  1. 0

    I don’t think it has anything to do with the http->https redirect.

    I guess your https domain is configured differently (different DocumentRoot in Apache’s host configuration or a missing VirtualHost for https://.

    Your default VirtualHost seems insecure as it allows browsing files that should not be accessible.

    Login or Signup to reply.
  2. 0

    Add the below lines in .htaccess for hiding the directory listing

    # hiding the directory listing
Options -Indexes
    Login or Signup to reply.
  3. 0

    So I cannot tell which is the correct index file. the htacess file under site folder is empty. however the htaccess file under site4 folder has some code in it

    I think your site files are located in the /site4 subdirectory.

    However, it looks like the DocumentRoot of the HTTP and HTTPS sites are set differently. eg. HTTPS is set as /path/to/public_html and HTTP is set as /path/to/public_html/site4. You can access the site at https://example.com/site4/ (which appears unstyled because it naturally can’t find the stylesheets). http://example.com appears to have the same content and is styled correctly.

    You see the directory listing when navigating to https://example.com/ because there is nothing in the public_html directory (and nor should there be it seems). By disabling directory listings (as mentioned in another answer) you naturally get a 403 Forbidden response.

    Ideally you need to set the DocumentRoot of both the HTTP and HTTPS sites the same… to point to the .../site4 subdirectory I suspect. You would then need to restart Apache for the changes to have an effect.

    Workaround

    As a workaround you may be able to edit the public_html/.htaccess file to rewrite all requests for the HTTPS document root to the /site4 subdirectory. However, whether this would actually work or not could still be dependent on your server-side code as the DocumentRoot is different.

    Try the following in the public_html/.htaccess file (comment out any existing directives):

    RewriteEngine On

RewriteRule ^ site4/index.php [L]

    This internally rewrites all requests to /site4/index.php.

    Providing there is another .htaccess file at /site4/.htaccess that also contains mod_rewrite directives to route the request then you shouldn’t have a rewrite loop.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search