Mobile app version of vmapp.org
Login or Join
Jessie594

: Forcing HTTPS and WWW with apache Apache does not force HTTPS in a subfolder of a folder, but it works in the first level subfolders. Here are all the HTAccess snippets I have tried: RewriteCond

@Jessie594

Posted in: #Apache #Cloudflare #Htaccess #Https #ModRewrite

Apache does not force HTTPS in a subfolder of a folder, but it works in the first level subfolders.

Here are all the HTAccess snippets I have tried:

RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^ %{HTTP_HOST}%{REQUEST_URI} [R=302,L]
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ www.%{HTTP_HOST}/ [R=302,L]

RewriteCond %{SERVER_PORT} !=443 [OR]
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ www.%{HTTP_HOST/ [R=302,L]

RewriteCond %{HTTPS} off
RewriteRule .* %{HTTP_HOST}%{REQUEST_URI} [L,R=302]
RewriteCond %{HTTP_HOST} !^www.
RewriteRule .* www.%{HTTP_HOST}%{REQUEST_URI} [L,R=302]


Hope someone has the answer

Edit: After playing around with it some more I found part of the problem.

For example in one of the subdirectories in one of the subfolders directly under the site root, in the HTAccess file, I had this code

RewriteRule ^jquery_autocomplete.html$ jquery_autocomplete.php [L]


As soon as I add that line, for whatever reason it stops forcing HTTPS in that subdirectory, but as soon as I remove it again, HTTPS is forced.

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Jessie594

2 Comments

Sorted by latest first Latest Oldest Best

 

@Harper822

You may want to consider not using .htaccess. This will help with performance and avoid that other .htaccess files overwrite your conf. In your main apache .conf file you can add:

<Directory "YOUR WEB DIRECTORY">
AllowOverride None
.....
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ www.example.com%{REQUEST_URI} [L,R=301]
....
</Directory>


If this is a permanent change, using 301 instead of 302 is better, 302 is temporary

10% popularity Vote Up Vote Down


 

@Jamie184

in one of the subdirectories in one of the subfolders directly under the site root, in the HTAccess file, I had this code


And that's the problem. By default, mod_rewrite does not inherit the directives from parent folders. So the mod_rewrite directives in the subfolder completely override the directives in parent folders (the directives that canonicalize the URL). In fact, simply enabling the RewriteEngine in the subfolder is enough to block the parent directives.

In the .htaccess file in the subdirectory you can try adding the following:

RewriteOptions Inherit


However, you should note that mod_rewrite directives in the parent .htaccess file are applied after the directives in the subfolder. (Also, the inherited directives are "virtually copied" to the subfolder's .htaccess file - so they may not behave quite as expected.)

If you are on Apache 2.4+ then you have additional options. For instance, you could specify the following in the .htaccess file in your document root to inherit the parent directives for all subfolders .htaccess files and the parent directives are executed first.

RewriteOptions InheritDownBefore


Reference: httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriteoptions


In order to force HTTPS and www in one rule you can do something like:

RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www.
RewriteRule (.*) www.example.com/ [R=302,L]


Similar to what you already had, but you can't use %{HTTP_HOST in the substitution (incidentally you are missing the closing curly brace), since this may or may not already contain the subdomain. (You might be able to use %{SERVER_NAME} but that is server dependent.)

The 302 (temporary) redirect is good for testing, but change this to 301 when you are happy it's working OK.

To have two separate rules then use your 3rd code block.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme