[SOLVED]The htacess https rewrite rules for whole site to be non www and ssl only

[grantdb]

Just wondering if anyone knows the difference in these rules? And if the ones I am using are correct?

 

Absolutely new ProcessWire user! Very excited to be experimenting with this wonderful CMS ( or is it CMF  )!

From the default .htaccess file:

  # -----------------------------------------------------------------------------------------------
  # 9. If you only want to allow HTTPS, uncomment the RewriteCond and RewriteRule lines below.
  # -----------------------------------------------------------------------------------------------
  # RewriteCond %{HTTPS} off
  # RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

I am using the following from my main domain .htaccess file:

RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC] 
RewriteRule (.*) https://%1%{REQUEST_URI} [L,R=301]

The second line is to remove the www from incoming urls.

 

Is this fine? I found that it made a www and non ssl requests rewrite in one redirect instead of two. I really don't know the difference between !=on and the off and HOST or %1%, is there a preference or standard to follow when using ProcessWire?

 

Thank you!

[kixe]

Syntax of your apache directive is fine. Just to mention you are using AND for the conditions. You maybe prefer OR?

RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] 
RewriteRule (.*) https://%1%{REQUEST_URI} [L,R=301]

EDIT:
This code has issues, go here: #136046

 

Edited January 8, 2017 by kixe
corrected to prevent endless loop

[grantdb]

For some reason the [OR] causes a redirect loop when using the correct url but works otherwise. 

Thanks for the suggestion. 

Maybe this can be added to the default .htaccess as an option for those that want only ssl and no www.

Cheers 

[kixe]

The loop shouldn't happen if you only redirect the www version. I made a correction in the post above.

[grantdb]

The loop goes away but the rewrite has issues. Here is the original code result:

Quote

Requesting http://www.grantdb.ca/

SERVER RESPONSE: HTTP/1.1 301 Moved Permanently

Date:

Sat, 07 Jan 2017 23:43:38 GMT

Server:

Apache

Strict-Transport-Security:

max-age=31536000

X-Frame-Options:

SAMEORIGIN

X-Xss-Protection:

1; mode=block

X-Content-Type-Options:

nosniff

Location:

https://grantdb.ca/

Cache-Control:

max-age=2592000

Expires:

Mon, 06 Feb 2017 23:43:38 GMT

Connection:

close

Content-Type:

text/html; charset=iso-8859-1

Redirecting to: https://grantdb.ca/

SERVER RESPONSE: HTTP/1.1 200 OK

Date:

Sat, 07 Jan 2017 23:43:38 GMT

Server:

Apache

Link:

; rel="https://api.w.org/"

Strict-Transport-Security:

max-age=31536000

X-Frame-Options:

SAMEORIGIN

X-Xss-Protection:

1; mode=block

X-Content-Type-Options:

nosniff

Connection: close

Content-Type:

text/html; charset=UTF-8

And then with the code you suggested, no https:

Quote

Requesting http://grantdb.ca/

SERVER RESPONSE: HTTP/1.1 301 Moved Permanently

Date:

Sat, 07 Jan 2017 23:40:27 GMT

Server:

Apache

Strict-Transport-Security:

max-age=31536000

X-Frame-Options:

SAMEORIGIN

X-Xss-Protection:

1; mode=block

X-Content-Type-Options:

nosniff

Location:

https:///

Cache-Control:

max-age=2592000

Expires:

Mon, 06 Feb 2017 23:40:27 GMT

Connection:

close

Content-Type:

text/html; charset=iso-8859-1

Redirecting to: https:///

Unable to fetch https:///

 

So you see that nothing seems to work right... if I have them as 2 seperate rules, one for https and one for www it works fine but does 2 round trips.

My thinking here is that to have the rewrite done in one round trip, in the case of http://www, I cannot find anything that works better than the code I have been using.

 

Thank you for your input on this I really appreciate your time!

 

 

[rick]

Redirecting to: https:///

Unable to fetch https:///

One too many trailing slashes.

[grantdb]

2 minutes ago, rick said:

Redirecting to: https:///

Unable to fetch https:///

One too many trailing slashes.

Yes and I tried to remove one in the rules just to see and it just stops at:

https://

 

 

[rick]

I haven't tried removing www from urls via htaccess. I have always used my registrar dns wildcards to direct to my servers. Does your registrar offer the same?

[grantdb]

Never thought of that, thanks! 

I don't knew how that works but definitely going to research this option.

[grantdb]

From what I can find out, redirected urls with full paths through dns doesn't work without an extra redirection service. However, simple domain dns redirects work well.

Thanks for the suggestion.

 

[kixe]

The following solution with 2 separated rules should produce only one redirect.

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This one should work for your domain with a single rule

RewriteCond %{HTTP_HOST} ^www\.grantdb.ca$ [OR]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://grantdb.ca/$1 [L,R=301]

The issue in my suggestion above was that the first condition fills the variable %1% with the trailing slash which results in redirecting to https:///

[grantdb]

23 hours ago, kixe said:

The following solution with 2 separated rules should produce only one redirect.

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This one should work for your domain with a single rule

RewriteCond %{HTTP_HOST} ^www\.grantdb.ca$ [OR]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://grantdb.ca/$1 [L,R=301]

The issue in my suggestion above was that the first condition fills the variable %1% with the trailing slash which results in redirecting to https:///

YES! The second option works perfectly! Thank you so much!

 

Cheers!

 

PS: I can't find the  “Mark Solved” button at the bottom-right of the relevant post.??

Edited January 9, 2017 by grantdb
Note for "Marked Solved"

[kongondo]

1 hour ago, grantdb said:

PS: I can't find the  “Mark Solved” button at the bottom-right of the relevant post.??

That, unfortunately, has been missing since the 'recent' forum upgrade. I can't remember if the feature was removed from this version of IP Board or @Pete forgot to enable it.

[LostKobrakai]

4 minutes ago, kongondo said:

I can't remember if the feature was removed from this version of IP Board or @Pete forgot to enable it.

It was a 3rd party module even before the upgrade and there's no decent alternative / updated version of the plugin, which would be compatible with the new forum's version.

[kongondo]

Aaah. I now remember that. I'm getting old(er) .

[grantdb]

Should I put a <Resolved> in the thread title or something?

[kongondo]

Yes please. Normally people do it like [SOLVED]Title of Thread. Thanks.