I have a server that I want to enforce https communication to from the outside world, however, there are services on the server that need to be accessed over http by processes on the local server.
I've tried the following:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
But of course, services running on the local server fail to be accessed over http. How do I enforced https for everything except localhost and 127.0.0.1? Or, if easier, I have 2 external domains for this server - how do I only force https for http://sub1.domain1.suffix1 and http://sub2.domain2.suffix2 and the server's external facing IP?
Try this, I'm not positive it will work, but it might, I've never dealt with the actual 'localhost' value.
RewriteEngine On
RewriteCond %{HTTP_HOST} !^localhost [NC]
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://mysub.mydomain.com/$1 [R=301,L]
UPDATE 2: I thought about this, and realized this fails to handle this case: https://mysub2.mydomain.com/ redirect to https://mysub.mydomain.com/ - before adding this, test that url and see if it redirects with the first rule or not, if it does not, test this second set of rules instead.
To correct this case, try:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^localhost [NC]
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP_HOST} mysub2.mydomain.com [NC]
RewriteRule ^/?(.*) https://mysub.mydomain.com/$1 [R=301,L]
UPDATE2 explanation, if it works:
Make the test more complicated, now the rewrite happens if not localhost/127.0.0.1 then test not https OR is mysub2.mydomain.com (or whatever other domains/sub domains are on the server that you want to redirect to: https://mysub.mydomain.com
=UPDATE explanation:
This is a pretty simple set of rules. We create 3 conditions that must be met for the rewrite rules to apply. To be safe I use the ^ by habit, ie, that's what it starts with, so this says, host name/IP does not start with localhost/127.0.0.1. ! means not.
The hostname is not localhost (hostname is what you would type in your browser to access the page, or the name you'd use to access it via your web service). Because domain names are not case sensitive, I added the [NC] flag, which means No Case, ie, case insenstive. This is the one I wasn't sure would work:
RewriteCond %{HTTP_HOST} !^localhost [NC]
The remote request IP is not 127.0.0.1
RewriteCond %{REMOTE_ADDR} !^127.0.0.1$
https is not on already
RewriteCond %{HTTPS} !=on
Then the actual rewrite rule, which triggers if these three conditions are met. Rewrite all urls not including the starting /, take everything in that url (.*) which does not include the domain name and add it after https://mysub.mydomain.com/, Then do a 301 permanent redirect to that resultant full url. ? means 0 or 1. (.*) means: put everything after starting / or no starting / into $1, each (...) in the rule is put into variables $1, $2, and so on.
RewriteRule ^/?(.*) https://mysub.mydomain.com/$1 [R=301,L]
=END update
Your setup is not fully intuitive to me, to me, but assuming there is only one actual domain on the server that you want to be handling requests, then this I think would work, not positive, given there's some features I'm not familiar with.
To redirect to https, all three conditions must be true, that is, not local/127, and https not on.
Try this:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^localhost [NC]
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With