Jump to content
gmclelland

.htaccess redirect non-www to www domain

Recommended Posts

I upgraded my sites to Processwire 3.0.135 dev, but unfortunately I'm having a problem with the new .htaccess file introduced in 3.0.135.

I'm unable to get my sites to redirect from the bare domain to the www domain.  Example: http://mysite.com should redirect to https://www.mysite.com

I have tried commenting out these sections, but it didn't work.

  # -----------------------------------------------------------------------------------------------
  # 9. Optionally Force HTTPS (O) 
  # -----------------------------------------------------------------------------------------------

  # 9A. To redirect HTTP requests to HTTPS, uncomment the lines below: 
  # -----------------------------------------------------------------------------------------------
  RewriteCond %{HTTPS} !=on
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

and

  # 13A. Redirect domain.com and *.domain.com to www.domain.com (do not combine with 13B): 
  # -----------------------------------------------------------------------------------------------
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteCond %{SERVER_ADDR} !=127.0.0.1
  RewriteCond %{SERVER_ADDR} !=::1
  RewriteRule ^ %{ENV:PROTO}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If I access mysite.com it gives me the following error when accessing http://mysite.com

404 page not found (no site configuration or install.php available)

If I access www.mysite.com, the website functions correctly.

------------------------------------------------------------

As a work around, I ending using this bit of code from version 300 .htaccess file.

  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

That works. I can go to mysite.com and it will redirect to https://www.mysite.com

Is anyone else having trouble redirecting your domain to the https://www. version with the new .htaccess file?

Here is the full .htaccess that doesn't work for me

Spoiler

#################################################################################################
# START PROCESSWIRE HTACCESS DIRECTIVES
# @version 3.0
# @htaccessVersion 301
#################################################################################################
#
# Upgrading htaccess (or index) version 300 to 301
# -----------------------------------------------------------------------------------------------
# If you never modified your previous .htaccess file, then you can simply replace it with this
# one. If you have modified your .htaccess file, then you will want to copy/paste some updates
# to the old one instead:

# If your htaccess/index version is 300, upgrade to this version by replacing all of sections #5
# and #15 (Access Restrictions). Also take a look at section #9, which you might also consider 
# replacing if using HTTPS, though it is not required. (For instance, HSTS might be worthwhile)
# 
# Following that, optionally review the rest of the file to see if there are any other changes 
# you also want to apply. Sections tagged "(v301)" are new or have significant changes. 
# 
# When finished, add a line at the top identical to the "htaccessVersion 301" that you see at 
# the top of this file. This tells ProcessWire your .htaccess file is up-to-date. 
# 
# Resolving 500 errors
# -----------------------------------------------------------------------------------------------
# Depending on your server, some htaccess rules may not be compatible and result in a 500 error.
# If you experience this, find all instances of the term "(500)" in this file for suggestions on
# things you can change to resolve 500 errors.
#
# Optional features
# -----------------------------------------------------------------------------------------------
# Many of the rules in this .htaccess file are optional and commented out by default. While the
# defaults are okay for many, you may want to review each section in this .htaccess file for
# optional rules that you can enable to increase security, speed or best practices. To quickly
# locate all optional rules, search this file for all instances of "(O)". 
#
# If using a load balancer
# -----------------------------------------------------------------------------------------------
# If using a load balancer (like those available from AWS) some htaccess rules will need to 
# change. Search this file for instances of "(L)" for details. 
#


# -----------------------------------------------------------------------------------------------
# 1. Apache Options 
#
# Note: If you experience a (500) error, it may indicate your host does not allow setting one or
# more of these options. First try replacing the +FollowSymLinks with +SymLinksifOwnerMatch.
# If that does not work, try commenting them all out, then uncommenting one at a time to 
# determine which one is the source of the 500 error. 
# -----------------------------------------------------------------------------------------------

# Do not show directory indexes (strongly recommended)
Options -Indexes

# Do not use multiviews (v301)
Options -MultiViews

# Do follow symbolic links
Options +FollowSymLinks
# Options +SymLinksifOwnerMatch

# Character encoding: Serve text/html or text/plain as UTF-8
AddDefaultCharset UTF-8


# -----------------------------------------------------------------------------------------------
# 2. ErrorDocument settings: Have ProcessWire handle 404s 
#
# For options and optimizations (O) see: 
# https://processwire.com/blog/posts/optimizing-404s-in-processwire/
# -----------------------------------------------------------------------------------------------

ErrorDocument 404 /index.php


# -----------------------------------------------------------------------------------------------
# 3. Handle request for missing favicon.ico/robots.txt files (no ending quote for Apache 1.3)
# -----------------------------------------------------------------------------------------------

<Files favicon.ico>
  ErrorDocument 404 "The requested file favicon.ico was not found.
</Files>

<Files robots.txt>
  ErrorDocument 404 "The requested file robots.txt was not found.
</Files>


# -----------------------------------------------------------------------------------------------
# 4. Protect from XSS with Apache headers
# -----------------------------------------------------------------------------------------------

<IfModule mod_headers.c>
  # prevent site from being loaded in an iframe on another site
  # you will need to remove this one if you want to allow external iframes
  Header always append X-Frame-Options SAMEORIGIN 

  # To prevent cross site scripting (IE8+ proprietary)
  Header set X-XSS-Protection "1; mode=block"

  # Optionally (O) prevent mime-based attacks via content sniffing (IE+Chrome)
  # Header set X-Content-Type-Options "nosniff" 

  # Remove the `X-Powered-By` response header that:
  #
  #  * is set by some frameworks and server-side languages
  #    (e.g.: ASP.NET, PHP), and its value contains information
  #    about them (e.g.: their name, version number)
  #
  #  * doesn't provide any value as far as users are concern,
  #    and in some cases, the information provided by it can
  #    be used by attackers
  #
  # (!) If you can, you should disable the `X-Powered-By` header from the
  # language / framework level (e.g.: for PHP, you can do that by setting
  # `expose_php = off` in `php.ini`)
  #
  # https://php.net/manual/en/ini.core.php#ini.expose-php
  Header unset X-Powered-By
</IfModule>


# -----------------------------------------------------------------------------------------------
# 5. Prevent access to various types of files (v301)
#
# Note that some of these rules are duplicated by RewriteRules or other .htaccess files, as we
# try to maintain two layers of protection when/where possible. 
# -----------------------------------------------------------------------------------------------

# 5A. Block access to inc, info, info.json/php, module/php, sh, sql and composer files
# -----------------------------------------------------------------------------------------------

<FilesMatch "\.(inc|info|info\.(json|php)|module|module\.php|sh|sql)$|^\..*$|composer\.(json|lock)$">
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
  <IfModule !mod_authz_core.c>
    Order allow,deny
  </IfModule>
</FilesMatch>


# 5B. Block bak, conf, dist, ini, log, orig, sh, sql, swo, swp, ~, and more
# -----------------------------------------------------------------------------------------------

<FilesMatch "(^#.*#|\.(bak|conf|dist|in[ci]|log|orig|sh|sql|sw[op])|~)$">
  <IfModule mod_authz_core.c>
     Require all denied
  </IfModule>
  <IfModule !mod_authz_core.c>
    Order allow,deny
  </IfModule>
</FilesMatch>


# -----------------------------------------------------------------------------------------------
# 6. Override a few PHP settings that can't be changed at runtime (not required)
# Note: try commenting out this entire section below if getting Apache (500) errors.
# -----------------------------------------------------------------------------------------------

<IfModule mod_php5.c>
  php_flag magic_quotes_gpc		off
  php_flag magic_quotes_sybase		off
  php_flag register_globals		off
</IfModule>


# -----------------------------------------------------------------------------------------------
# 7. Set default directory index files
# -----------------------------------------------------------------------------------------------

DirectoryIndex index.php index.html index.htm


# -----------------------------------------------------------------------------------------------
# 8. Enable Apache mod_rewrite (required)
# -----------------------------------------------------------------------------------------------

<IfModule mod_rewrite.c>

  RewriteEngine On
  
  # 8A. Optionally (O) set a rewrite base if rewrites are not working properly on your server.
  # -----------------------------------------------------------------------------------------------
  # In addition, if your site directory starts with a "~" you will most likely have to use this.
  # https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase
 
  # Examples of RewriteBase (root and subdirectories): 
  # RewriteBase /
  # RewriteBase /pw/
  # RewriteBase /~user/

  
  # 8B. Set an environment variable so the installer can detect that mod_rewrite is active.
  # -----------------------------------------------------------------------------------------------
  # Note that some web hosts don't support this. If you get a (500) error, try commenting out this 
  # SetEnv line below. 

  <IfModule mod_env.c>
    SetEnv HTTP_MOD_REWRITE On
  </IfModule>


  # -----------------------------------------------------------------------------------------------
  # 9. Optionally Force HTTPS (O) 
  # -----------------------------------------------------------------------------------------------

  # 9A. To redirect HTTP requests to HTTPS, uncomment the lines below: 
  # -----------------------------------------------------------------------------------------------
  RewriteCond %{HTTPS} !=on
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


  # 9B. If using load balancer/AWS, use the following rather than 9A above: (L)
  # -----------------------------------------------------------------------------------------------
  # RewriteCond %{HTTP:X-Forwarded-Proto} =http 
  # RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  
  # 9C. If using cPanel AutoSSL or Let's Encrypt webroot you may need to MOVE one of the below
  # lines after the first RewriteCond in 9A or 9B to allow certificate validation:
  # -----------------------------------------------------------------------------------------------
  # RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
  # RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[\w-]+$
  # RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
 
  
  # 9D. Store current scheme in a 'proto' environment variable for later use in this file
  # -----------------------------------------------------------------------------------------------
  RewriteCond %{HTTPS} =on
  RewriteRule ^ - [env=proto:https]
  RewriteCond %{HTTPS} !=on
  RewriteRule ^ - [env=proto:http]
  
 
  # 9E. If using Load balancer/AWS- Use lines below rather than 9D: (L)
  # -----------------------------------------------------------------------------------------------
  # RewriteCond %{HTTP:X-Forwarded-Proto} =https 
  # RewriteRule ^ - [env=proto:https]
  # RewriteCond %{HTTP:X-Forwarded-Proto} =http 
  # RewriteRule ^ - [env=proto:http]
 
  
  # 9F. Tell web browsers to only allow access via HSTS: Strict-Transport-Security (O) (v301)
  # -----------------------------------------------------------------------------------------------
  # This forces client-side SSL redirection. Before enabling be absolutely certain you can 
  # always serve via HTTPS because it becomes non-revokable for the duration of your max-age. 
  # See link below for details and options (note 'max-age=31536000' is 1-year):
  # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
  
  <IfModule mod_headers.c>
    # Uncomment one (1) line below & adjust as needed to enable Strict-Transport-Security (HSTS):
    # Header always set Strict-Transport-Security "max-age=31536000;"
    # Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains"
    # Header always set Strict-Transport-Security "max-age=31536000; preload"
    # Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  </IfModule>


  # Sections 10 and 11 intentionally omitted
 
  
  # -----------------------------------------------------------------------------------------------
  # 12. Access Restrictions: Keep web users out of dirs or files that begin with a period,
  # but let services like Lets Encrypt use the webroot authentication method.
  # -----------------------------------------------------------------------------------------------

  RewriteRule "(^|/)\.(?!well-known)" - [F]


  # -----------------------------------------------------------------------------------------------
  # 13. Optional domain redirects (O)
  # 
  # Redirect domain.com to www.domain.com redirect (or www to domain.com redirect). 
  # If using then uncomment either 13A or 13B, do NOT uncomment both of them or nothing will work.
  # -----------------------------------------------------------------------------------------------

  # 13A. Redirect domain.com and *.domain.com to www.domain.com (do not combine with 13B): 
  # -----------------------------------------------------------------------------------------------
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteCond %{SERVER_ADDR} !=127.0.0.1
  RewriteCond %{SERVER_ADDR} !=::1
  RewriteRule ^ %{ENV:PROTO}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  
  # 13B. Redirect www.domain.com to domain.com (do not combine with 13A):
  # -----------------------------------------------------------------------------------------------
  # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
  # RewriteRule ^ %{ENV:PROTO}://%1%{REQUEST_URI} [R=301,L]


  # ----------------------------------------------------------------------------------------------- 
  # 14. Optionally send URLs with non-ASCII name-format characters to 404 page (optimization).
  # 
  # This ensures that ProcessWire does not spend time processing URLs that we know ahead of time
  # are going to result in 404s. Uncomment lines below to enable. (O)
  # ----------------------------------------------------------------------------------------------- 

  RewriteCond %{REQUEST_URI} "[^-_.a-zA-Z0-9/~]"
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)$ index.php?it=/http404/ [L,QSA]


  # -----------------------------------------------------------------------------------------------
  # 15. Access Restrictions (v301)
  # -----------------------------------------------------------------------------------------------
  
  # 15A. Keep http requests out of specific files and directories
  # -----------------------------------------------------------------------------------------------

  # Prevent all the following rules from blocking images in site install directories 
  RewriteCond %{REQUEST_URI} !(^|/)site-[^/]+/install/[^/]+\.(jpg|jpeg|png|gif|webp|svg)$
  
  # Block access to any htaccess files
  RewriteCond %{REQUEST_URI} (^|/)(\.htaccess|htaccess\..*)$ [NC,OR]
  
  # Block access to various assets directories
  RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) [NC,OR]
  
  # Block access to the /site/install/ directories
  RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/install($|/.*$) [NC,OR]
  
  # Block dirs in /site/assets/dirs that start with a hyphen (see config.pagefileSecure)
  RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/assets.*/-.+/.* [NC,OR]
  
  # Block access to /wire/config.php, /site/config.php, /site/config-dev.php, /wire/index.config.php, etc.
  RewriteCond %{REQUEST_URI} (^|/)(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ [NC,OR]
  
  # Block access to any PHP-based files in /site/templates-admin/ or /wire/templates-admin/
  RewriteCond %{REQUEST_URI} (^|/)(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ [NC,OR]
  
  # Block access to any PHP or markup files in /site/templates/ or /site-*/templates/
  RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ [NC,OR]
  
  # Block access to any PHP files within /site/assets/ and further
  RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/assets($|/|/.*\.php)$ [NC,OR]
  
  # Block access to any PHP, module, inc or info files in core or core modules directories
  RewriteCond %{REQUEST_URI} (^|/)wire/(core|modules)/.*\.(php|inc|tpl|module|info\.json)$ [NC,OR]
  
  # Block access to any PHP, tpl or info.json files in /site/modules/ or /site-*/modules/
  RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module|info\.json)$ [NC,OR]
  
  # Block access to any software identifying txt, markdown or textile files
  RewriteCond %{REQUEST_URI} (^|/)(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md|textile)$ [NC,OR]
  
  # Block potential arbitrary backup files within site directories for things like config
  RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/(config[^/]*/?|[^/]+\.php.*)$ [NC,OR]
  
  # Block access throughout to temporary files ending with tilde created by certain editors
  RewriteCond %{REQUEST_URI} \.(html?|inc|json|lock|module|php|py|rb|sh|sql|tpl|tmpl|twig)~$ [NC,OR]
  
  # Block access to names of potential backup file extensions within wire or site directories
  RewriteCond %{REQUEST_URI} (^|/)(wire/|site[-/]).+\.(bak|old|sql|sw[op]|(bak|php|sql)[./]+.*)[\d.]*$ [NC,OR]
  
  # Block all http access to the default/uninstalled site-default directory
  RewriteCond %{REQUEST_URI} (^|/)site-default/
  
  # If any conditions above match, issue a 403 forbidden
  RewriteRule ^.*$ - [F,L]

 
  # 15B. Block archive file types commonly used for backup purposes (O)
  # -----------------------------------------------------------------------------------------------
  # This blocks requests for zip, rar, tar, gz, and tgz files that are sometimes left on servers
  # as backup files, and thus can be problematic for security. This rule blocks those files 
  # unless they are located within the /site/assets/files/ directory. This is not enabled by 
  # default since there are many legitimate use cases for these files, so uncomment the lines 
  # below if you want to enable this.

  RewriteCond %{REQUEST_URI} \.(zip|rar|tar|gz|tgz)$ [NC]
  RewriteCond %{REQUEST_URI} !(^|/)(site|site-[^/]+)/assets/files/\d+/ [NC]
  RewriteRule ^.*$ - [F,L]


  # PW-PAGENAME
  # ----------------------------------------------------------------------------------------------- 
  # 16A. Ensure that the URL follows the name-format specification required by PW
  # See also directive 16b below, you should choose and use either 16a or 16b. 
  # ----------------------------------------------------------------------------------------------- 

  RewriteCond %{REQUEST_URI} "^/~?[-_.a-zA-Z0-9/]*$"
  
  # ----------------------------------------------------------------------------------------------- 
  # 16B. Alternative name-format specification for UTF8 page name support. (O)
  # If used, comment out section 16a above and uncomment the directive below. If you have updated 
  # your $config->pageNameWhitelist make the characters below consistent with that. 
  # ----------------------------------------------------------------------------------------------- 
  
  # RewriteCond %{REQUEST_URI} "^/~?[-_./a-zA-Z0-9æåäßöüđжхцчшщюяàáâèéëêěìíïîõòóôøùúûůñçčćďĺľńňŕřšťýžабвгдеёзийклмнопрстуфыэęąśłżź]*$"
  
  # END-PW-PAGENAME
  # -----------------------------------------------------------------------------------------------
  # 17. If the request is for a file or directory that physically exists on the server,
  # then don't give control to ProcessWire, and instead load the file
  # ----------------------------------------------------------------------------------------------- 

  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME} !(favicon\.ico|robots\.txt)

  # -----------------------------------------------------------------------------------------------
  # 18. Optionally (O) prevent PW from attempting to serve images or anything in /site/assets/. 
  # Both of these lines are optional, but can help to reduce server load. However, they
  # are not compatible with the $config->pagefileSecure option (if enabled) and they 
  # may produce an Apache 404 rather than your regular 404. You may uncomment the two lines
  # below if you don't need to use the $config->pagefileSecure option. After uncommenting, test
  # a URL like domain.com/site/assets/files/test.jpg to make sure you are getting a 404 and not
  # your homepage. If getting your homepage, then either: do not use this option, or comment out 
  # section #2 above that makes ProcessWire the 404 handler. 
  # ----------------------------------------------------------------------------------------------- 

  # RewriteCond %{REQUEST_FILENAME} !\.(jpg|jpeg|gif|png|ico|webp|svg)$ [NC]
  # RewriteCond %{REQUEST_FILENAME} !(^|/)site/assets/

  # ----------------------------------------------------------------------------------------------- 
  # 19. Pass control to ProcessWire if all the above directives allow us to this point.
  # For regular VirtualHosts (most installs)
  # ----------------------------------------------------------------------------------------------- 
  
  RewriteRule ^(.*)$ index.php?it=$1 [L,QSA]

  # ----------------------------------------------------------------------------------------------- 
  # 20. If using VirtualDocumentRoot (500): comment out the one above and use this one instead
  # ----------------------------------------------------------------------------------------------- 
  
  # RewriteRule ^(.*)$ /index.php?it=$1 [L,QSA]

</IfModule>

#################################################################################################
# END PROCESSWIRE HTACCESS DIRECTIVES
#################################################################################################

 

I just wanted to check with everyone here before I submit a bug report on Github.

Also, does anybody know the correct location to insert redirects for other domains as well? Example myothersite.com should redirect to https://www.mysite.com

  • Like 1

Share this post


Link to post
Share on other sites

I just had this exact same issue! @gmclelland Did you ended up reporting it on github?  Thanks for your post, saved me tons of time!

Share this post


Link to post
Share on other sites

Glad I could help!  I think I was waiting to get some feedback from other people to make sure it wasn’t just me before I report it?

For me it happens locally and in production.

Local uses homebrew Apache and Php on my mac.

Production uses https://serverpilot.io which uses Nginx for static assets with a proxy to Apache for Php.

Share this post


Link to post
Share on other sites
On 12/4/2020 at 10:30 PM, gmclelland said:

Glad I could help!  I think I was waiting to get some feedback from other people to make sure it wasn’t just me before I report it?

 

It happens to me on Runcloud which I think has basically the same scheme as Serverpilot.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...