Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
http vs. https, .htaccess, moderewrite, index.php... Ahhh
I have this in my live .htaccess file, and it seems to work okay:
#Forcing `https://`
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
Try typing in ‘http://wion.com’ and you’ll see it goes to the ‘https://’ instead.
But, if I type in ‘http://wion.com/index.php’ it doesn’t go to ‘https://wion.com’ or ‘https://wion.com/index.php’. It stays on the non-secure entry. That’s not acceptable.
Any mod-rewrite experts know what’s happening?
Along the same lines, here’s an interesting directive I just came across, prevent any direct call to an image file, even if not otherwise blocked:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]
Returns 403, if you access images directly, but allows them to be displayed on site.
Could something like that be done for index.php
files? In other words, if you type https://wion.com
you’re fine, but if you type https://wion.com/index.php
I’m just wondering if that would be solution to the problem above. But maybe that would prevent you from accessing the admin-side too. That wouldn’t be good.
Offline
Re: http vs. https, .htaccess, moderewrite, index.php... Ahhh
Did you try?
RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.domain.com/$1 [R,L]
or
RewriteCond %{HTTPS} off
RewriteCond %{HTTPS_HOST} !^www.domain.com$ [NC]
RewriteRule ^(.*)$ https://www.domain.com/$1 [L,R=301]
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: http vs. https, .htaccess, moderewrite, index.php... Ahhh
I was just using what they mention here
It all looks like Klingon to me.
Why does your second one not have a RewriteEngine On
?
And do you put those in a wrapper? …
<IfModule mod_rewrite.c>
. . .
</IfModule>
I’ve always been confused by that… When or not you’re supposed to use the wrapper and how many times you can/should in a given .htaccess file.
Beats me.
I’ll try your second one in a wrapper. Staying away from ‘port 80’ specifics might be wise, in case it’s not that port.
Offline
Re: http vs. https, .htaccess, moderewrite, index.php... Ahhh
colak wrote #317254:
RewriteCond %{HTTPS} off
RewriteCond %{HTTPS_HOST} !^www.domain.com$ [NC]
RewriteRule ^(.*)$ https://www.domain.com/$1 [L,R=301]
Well, that works just like the rules I already use. It doesn’t solve the original oddity, which was…
if I type in ‘http://wion.com/index.php’ it doesn’t go to ‘https://wion.com’ or ‘https://wion.com/index.php’. It stays on the non-secure entry.
I’ll just leave it alone for now. I’ll share if I come upon something.
Offline
Re: http vs. https, .htaccess, moderewrite, index.php... Ahhh
The <IfModule mod_rewrite.c> … </IfModule>
is just the safe way of only performing the directives within it if that module is installed. If you omitted the if
and your server didn’t have that module installed, it could produce an error. Seeing as you know you have mod_rewrite, it makes little difference. It’s just writing defensively.
AFAIK, RewriteEngine On
means simply do the following directives and only needs doing:
- once at the top (should a server not have that already preconfigured as such to start with). You just see it often because people provide isolated code snippets.
- or if you had a section preceding it with
RewriteEngine Off
. As far as I’ve read, usingoff
doesn’t actually switch off mod_rewrite, it just acts like the beginning of a commented out block of rewrites (if you wanted to skip an entire block of rewrites without commenting out individual lines) and the “commented out”-block is ended by doingRewriteEngine On
.
TXP Builders – finely-crafted code, design and txp
Offline
Re: http vs. https, .htaccess, moderewrite, index.php... Ahhh
+1 on what Julian said:)
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: http vs. https, .htaccess, moderewrite, index.php... Ahhh
jakob wrote #317258:
The
<IfModule mod_rewrite.c> … </IfModule>
is just the safe way of only performing the directives within it if that module is installed . . . It’s just writing defensively.
That was all very elucidating. Thank you. Addressed a niggle I’ve had for a long time.
RewriteEngine
. . . You just see it often because people provide isolated code snippets.
Ding. It just takes someone saying the right thing to part clouds. You have a gift, my friend. ;)
This is going to reduce my files by many lines.
Offline