Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2019-03-23 16:53:36

Destry
Moderator
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,197
Website

http vs. https, .htaccess, moderewrite, index.php... Ahhh

I have this in my live .htaccess file, and it seems to work okay:

#Forcing `https://`

<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{HTTPS} !=on
	RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

Try typing in ‘http://wion.com’ and you’ll see it goes to the ‘https://’ instead.

But, if I type in ‘http://wion.com/index.php’ it doesn’t go to ‘https://wion.com’ or ‘https://wion.com/index.php’. It stays on the non-secure entry. That’s not acceptable.

Any mod-rewrite experts know what’s happening?

Along the same lines, here’s an interesting directive I just came across, prevent any direct call to an image file, even if not otherwise blocked:

RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC] 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC] 
RewriteRule \.(gif|jpg)$ - [F]

Returns 403, if you access images directly, but allows them to be displayed on site.

Could something like that be done for index.php files? In other words, if you type https://wion.com you’re fine, but if you type https://wion.com/index.php

I’m just wondering if that would be solution to the problem above. But maybe that would prevent you from accessing the admin-side too. That wouldn’t be good.


The text persuades, the *notes prove。

Offline

#2 2019-03-23 17:03:44

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 7,272
Website

Re: http vs. https, .htaccess, moderewrite, index.php... Ahhh

Did you try?

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^domain\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.domain.com/$1 [R,L]

or

RewriteCond %{HTTPS} off 
RewriteCond %{HTTPS_HOST} !^www.domain.com$ [NC]
RewriteRule ^(.*)$ https://www.domain.com/$1 [L,R=301]

Yiannis
——————————
neme.org | hblack.net | LABS | State Machines | Respbublika! | NeMe @ github

Offline

#3 2019-03-23 17:26:58

Destry
Moderator
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,197
Website

Re: http vs. https, .htaccess, moderewrite, index.php... Ahhh

I was just using what they mention here

It all looks like Klingon to me.

Why does your second one not have a RewriteEngine On?

And do you put those in a wrapper? …

<IfModule mod_rewrite.c>
. . .
</IfModule>

I’ve always been confused by that… When or not you’re supposed to use the wrapper and how many times you can/should in a given .htaccess file.

Beats me.

I’ll try your second one in a wrapper. Staying away from ‘port 80’ specifics might be wise, in case it’s not that port.


The text persuades, the *notes prove。

Offline

#4 2019-03-23 17:36:57

Destry
Moderator
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,197
Website

Re: http vs. https, .htaccess, moderewrite, index.php... Ahhh

colak wrote #317254:

RewriteCond %{HTTPS} off
RewriteCond %{HTTPS_HOST} !^www.domain.com$ [NC]
RewriteRule ^(.*)$ https://www.domain.com/$1 [L,R=301]

Well, that works just like the rules I already use. It doesn’t solve the original oddity, which was…

if I type in ‘http://wion.com/index.php’ it doesn’t go to ‘https://wion.com’ or ‘https://wion.com/index.php’. It stays on the non-secure entry.

I’ll just leave it alone for now. I’ll share if I come upon something.


The text persuades, the *notes prove。

Offline

#5 2019-03-23 18:04:37

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 3,461
Website

Re: http vs. https, .htaccess, moderewrite, index.php... Ahhh

The <IfModule mod_rewrite.c> … </IfModule> is just the safe way of only performing the directives within it if that module is installed. If you omitted the if and your server didn’t have that module installed, it could produce an error. Seeing as you know you have mod_rewrite, it makes little difference. It’s just writing defensively.

AFAIK, RewriteEngine On means simply do the following directives and only needs doing:

  • once at the top (should a server not have that already preconfigured as such to start with). You just see it often because people provide isolated code snippets.
  • or if you had a section preceding it with RewriteEngine Off. As far as I’ve read, using off doesn’t actually switch off mod_rewrite, it just acts like the beginning of a commented out block of rewrites (if you wanted to skip an entire block of rewrites without commenting out individual lines) and the “commented out”-block is ended by doing RewriteEngine On.

TXP Builders – finely-crafted code, design and txp

Offline

#6 2019-03-23 18:18:11

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 7,272
Website

Re: http vs. https, .htaccess, moderewrite, index.php... Ahhh

+1 on what Julian said:)


Yiannis
——————————
neme.org | hblack.net | LABS | State Machines | Respbublika! | NeMe @ github

Offline

#7 2019-03-26 09:59:50

Destry
Moderator
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,197
Website

Re: http vs. https, .htaccess, moderewrite, index.php... Ahhh

jakob wrote #317258:

The <IfModule mod_rewrite.c> … </IfModule> is just the safe way of only performing the directives within it if that module is installed . . . It’s just writing defensively.

That was all very elucidating. Thank you. Addressed a niggle I’ve had for a long time.

RewriteEngine . . . You just see it often because people provide isolated code snippets.

Ding. It just takes someone saying the right thing to part clouds. You have a gift, my friend. ;)

This is going to reduce my files by many lines.


The text persuades, the *notes prove。

Offline

Board footer

Powered by FluxBB