Redirect non-secure to secure, .htaccess on Linux & Apac
MatthewHSE
Status: Contributor
Joined: 20 Jul 2004
Posts: 122
Location: Central Illinois, typically glued to a computer screen
Reply Quote
I've got a page that needs to be secure. The problem is that it's being linked to from other places that aren't including https in their links. So, I need to force the page to redirected to the secure location.

For instance, I need this:

mysite.com/register.cgi

... to be redirected to the same location but using instead of just http.

I can only use .htaccess for this, not the httpd.conf file. So far, all the methods I've found simply cause endless loops of redirection. There's got to be a way to do this, but after three hours of searching I thought I'd just ask here! ;)

Thanks in advance,

Matthew
Back to top
jeffd
Status: Assistant
Joined: 04 Oct 2003
Posts: 594
Reply Quote
Oh, mod_rewrite, that's always hard.
:: Code ::

RewriteEngine On
#redirect to https
RewriteRule http://mysite.com/register.cgi  https://mysite.com/register.cgi  [L,R=301]


Try that. Since you've managed to enter into the infinite rewrite loop we know your rewrite engine is on ;-) so we don't need to check that.

However, since you also need to make sure that they aren't using www, you'll need to add another rewrite rule I think.

:: Code ::

RewriteEngine On
#primary site redirect
RewriteCond %{HTTP_HOST} !^mysite\.com [NC]
RewriteRule ^(.*)$ http://mysite.com/$1 [R=301]
#redirect to https
RewriteRule http://mysite.com/register.cgi  https://mysite.com/register.cgi  [L,R=301]


I'm just guessing here by the way, it always takes me forever to get one of these things working.

Try it and see.
Back to top
MatthewHSE
Status: Contributor
Joined: 20 Jul 2004
Posts: 122
Location: Central Illinois, typically glued to a computer screen
Reply Quote
Hi, thanks for your help. I tried your code exactly as posted, which didn't work, but I think that was due to some other code I had in my .htaccess file. Through some trial and error, I was able to combine your code and my existing code and have achieved half-success. Here's what I'm using:

:: Code ::
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.mysite\.com
RewriteRule ^(.*)$ http://mysite.com/$1 [R=permanent,L]
RewriteRule http://mysite.com/register.cgi https://mysite.com/register.cgi [L,R=301]


This does about half of what I need. If I try to visit the following:

http: //www.mysite.com/register.cgi (not secure and with the w's)

In that case, I get redirected to the secure location and the w's are eliminated. Great, that's the desired result. But somehow it's missing non-secure requests without the w's.
Back to top
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 4073
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
RewriteRule ^(.*)$ http: //mysite.com/$1 [R=permanent,L]

is the problem, the 'L' means, this is the last rule to process, exit processing of rewrite rules.

You'll need to get rid of that and it might work. Give it a try, there's always a lot of trial and error in coming up with these things.

By the way, for testing it's best to not use the 301 command until you've got the bugs worked out, sometimes the servers or browser remembers that rule and it makes it hard to debug stuff.

Try removing the first L and the R=permanent, and the ,R=301 from the second, and see what you get.

then once it's working, put back in R=301 in the first and last, 301=permanent, it's easier to read I think.

Make sure to remove the brackets if they are empty, []

I have to admit to being mystified why your thing is going to the second condition when you told it not to in the first, that's odd, but mod_rewrite is by far and away the hardest thing I've ever come across in the web world in terms of really understanding how it works.
Back to top
MatthewHSE
Status: Contributor
Joined: 20 Jul 2004
Posts: 122
Location: Central Illinois, typically glued to a computer screen
Reply Quote
Hi, thanks again, I was able to put together your code with some other information I'd culled from around the Internet and came up with something that works:

:: Code ::
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.mysite\.com
RewriteRule ^(.*)$ http://mysite.com/$1 [R=301]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^register\.cgi$ https://mysite.com/register.cgi [R=301,L]


I have absolutely no understanding of why this works, but it does the job, so I'm content. I really admire those of you who can work this out for yourselves. No doubt I'd be able to if I put hours of study and research into it, but since you say mod_rewrite is the most difficult part of the web world, I think I'll tackle PHP first before moving on to the more complex issues!

Thanks again!

Matthew
Back to top
jeffd
Status: Assistant
Joined: 04 Oct 2003
Posts: 594
Reply Quote
Nice going MatthewHSE, mod_rewrite with its incredibly terse syntax is a brain twister of the highest order, it begins to make some sense after you spend many many hours on a single problem, then you find out there was an amazingly easy way to do it, or you forgot a %, or mixed up the httpd.conf and the htaccess syntax, different in some cases but not most, or whatever else.

You need to have some understanding of regular expressions to make mod_rewrite work in most cases, I'd never heard of the method you used, but that's typical, almost every solution is completely unique to your case, although some are more general, like rewriting www.yoursite to yoursite.

Again, nice going, the trick with this stuff is this: when it works stop, unless somebody very good at it tells you to do it differently for reason x y or z, or p. Or d. Or a. etc.

By the way, the reason it works is this:

https, secure http, goes to server port 443. If the request to that page is not sent to server port 443, send it to yoursite/yourcgipage.

Consider yourself initiated into the world of Apache, incredibly powerful but very difficult to master.

Re PHP/Apache. I would recommend just taking a look at regular expressions, the syntax is the same in most programming languages, that really helps to understand how to do mod_rewrite. Make some small practice php problems and see if you can start to learn it, it's pretty cool, but not easy, but programming when done well wasn't easy to learn.
Back to top
Display posts from previous:   

All times are GMT - 8 Hours