Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2020-06-30 17:02:10

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

htaccess https to http

This is a strange one:) I am trying to redirect traffic which falsely links to our site using using https to our http pages in our htaccess file.

I have tried

<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
RewriteCond %{HTTP:X-Forwarded-Proto} =https
RewriteRule ^(.*)$http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
RewriteEngine On
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]

The list goes on

Am I missing something?


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#2 2020-06-30 18:29:56

bici
Member
From: vancouver
Registered: 2004-02-24
Posts: 2,091
Website Mastodon

Re: htaccess https to http

gee you are the first i have heard WANTING http rather https!
Do have letsencrypt applied by any chance?

found this info

#Redirect HTTPS to HTTP
RewriteCond %{HTTP:X-Forwarded-Proto} =https
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Last edited by bici (2020-06-30 18:30:25)


…. texted postive

Offline

#3 2020-06-30 18:43:22

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,259
GitHub

Re: htaccess https to http

colak wrote #324129:

This is a strange one:) I am trying to redirect traffic which falsely links to our site using using https to our http pages in our htaccess file.

[…]

Am I missing something?

There’s a missing space in your second example – bici’s reply above should work fine.

Offline

#4 2020-07-01 02:53:12

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: htaccess https to http

bici wrote #324130:

gee you are the first i have heard WANTING http rather https!
Do have letsencrypt applied by any chance?

I think that it was first posted here by Michael Pate.: meyerweb.com/eric/thoughts/2018/08/07/securing-sites-made-them-less-accessible/

found this info

#Redirect HTTPS to HTTP...

nope,

It still lands on https without redirecting:(


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#5 2020-07-01 06:44:52

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,259
GitHub

Re: htaccess https to http

Is there an ordering issue? Perhaps a previous block isn’t being closed correctly.

What happens if the https -> to http block is first / top of the file?

Offline

#6 2020-07-01 07:52:16

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: htaccess https to http

Hi Pete,
I tried all positions possible, top, bottom and middle. I am now investigating actually creating an https domain via my host which I will be forwarding to http via the panel. It appears that it might be the easiest option as it will be forwarding without any htaccess rules.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#7 2020-07-01 15:13:20

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,259
GitHub

Re: htaccess https to http

Forgive me if I’ve missed a thread – what’s the rationale in using http over https?

Offline

#8 2020-07-01 19:40:16

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,726
Website

Re: htaccess https to http

Another one from html5 boilerplate in reverse:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP} !=on
    RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

From here (GitHub) in reverse. I’m not sure that stops people’s browsers complaining that there is no secure site when they visit.

But yeah, if there’s no real reason against using it, a LetsEncrypt SSL certificate is easy enough nowadays. You don’t have to force everyone to use https if there are still parts of your site that depend on regular http.


TXP Builders – finely-crafted code, design and txp

Offline

#9 2020-07-01 20:52:09

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,447
Website GitHub

Re: htaccess https to http

gaekwad wrote #324153:

Forgive me if I’ve missed a thread – what’s the rationale in using http over https?

According to that excellent article by Eric Meyer it’s not serving one over the other, it’s making content available (cached) for those consumers who are not on fat fiber connections where packet loss is the exception rather than the norm.

The entry requirements for https preventing man-in-the-middle attacks are high. As he says, https is a good thing but we should be mindful that if we want out content read over slow-ass satellite links it’s up to us as providers of content to ensure it’s cached for faster access on slow connections, rather than (in the past) end users of slow connections caching it out of necessity – a process they now cannot do in the https world.

It’s interesting as it’s not caching as we traditionally see it – static copies of rarely-changing sources. From what I understand, it’s a whole API that allows secure connections to be made over a parallel channel and have content broken into cachable chunks that can be served to those who make special types of request from their browser. I might have got that wrong. I read about this when the ink was drying on the specs, and then forgot all about it.

With Textpattern being the lightweight platform it is, we’re perfectly poised (certainly compared with a lot of the competition) to power sites that are already highly accessible on low bandwidth links – public and admin sides are lightning quick. I wonder what it would take – plugin, core tweaks, whatever – to make a caching Service Worker easy to deploy and make us even more attractive to consumers away from fat network pipes.

Last edited by Bloke (2020-07-01 20:56:19)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#10 2020-07-02 03:49:18

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: htaccess https to http

jakob wrote #324164:

I’m not sure that stops people’s browsers complaining that there is no secure site when they visit.

Nope:(


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#11 2020-07-02 16:21:39

bici
Member
From: vancouver
Registered: 2004-02-24
Posts: 2,091
Website Mastodon

Re: htaccess https to http

Bloke wrote #324170:

According to that excellent article by Eric Meyer it’s not serving one over the other, it’s making content available (cached) for those consumers who are not on fat fiber connections where packet loss is the exception rather than the norm.

Thanks that was a good read.

“The drive to force every site on the web to HTTPS has pushed the web further away from the next billion users—not to mention a whole lot of the previous half-billion. I saw a piece that claimed, “Investing in HTTPS makes it faster, cheaper, and easier for everyone.” If you define “everyone” as people with gigabit fiber access, sure. “

…paved with good intentions


…. texted postive

Offline

Board footer

Powered by FluxBB