Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Remove www site-wide, force https on certain directories and http on the rest?

Firstly, I would like to remove the www. from my domain name

http://www.example.com => http://example.com

I would also like for certain directories to be secure (https), while the rest remain http

http://example.com/login => https://example.com/login

Obviously it needs to work for all conditions, for example if someone types in:

http://www.example.com/login => https://example.com/login

Also when people navigate away from the login page it returns to http. Currently in the .htaccess is the following which is done automatically by the software I am using and I suppose needs to be there for it to work:

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* ./index.php

Any ideas on how I can achieve dream control all these things?

Thanks in advance!

===================

@Gumbo Following your advice this is my complete .htaccess

RewriteEngine On


# remove www from host
RewriteCond %{HTTP_HOST} ^www\.(.+)
RewriteCond %{HTTPS}s/%1 ^(on(s)|offs)/(.+)
RewriteRule ^ http%2://%3%{REQUEST_URI} [L,R=301]

# force HTTPS
RewriteCond %{HTTPS} =off
RewriteRule ^(login)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# force HTTP
RewriteCond %{HTTPS} =on
RewriteRule !^(login)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* ./index.php


Options -Indexes

Navigating to http://example/login still goes to http://example/index.php when it should go to https://example/login Do I have the order wrong?

like image 455
Anthony Avatar asked Nov 16 '10 10:11

Anthony


People also ask

How do I force https traffic?

How Does HTTPS Redirection Work? In the Domains interface in cPanel (Home >> Domains), there's an option to enable Force HTTPS Redirection from the insecure version (HTTP) to the secure version (HTTPS) with a toggle switch.


2 Answers

Try these rules:

# remove www from host
RewriteCond %{HTTP_HOST} ^www\.(.+)
RewriteCond %{HTTPS}s/%1 ^(on(s)|offs)/(.+)
RewriteRule ^ http%2://%3%{REQUEST_URI} [L,R=301]

# force HTTPS
RewriteCond %{HTTPS} =off
RewriteRule ^(login|foo|bar|…)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# force HTTP
RewriteCond %{HTTPS} =on
RewriteRule !^(login|foo|bar|…)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

You also might want to add some additional conditions to only change the protocol on GET and HEAD requests but not on POST requests.

like image 200
Gumbo Avatar answered Sep 22 '22 07:09

Gumbo


This code works for me:

<IfModule mod_rewrite.c>

   RewriteEngine on

   RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
   RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

   RewriteCond %{HTTPS} !=on
   RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

</IfModule>
like image 22
Aleksandar Pavić Avatar answered Sep 23 '22 07:09

Aleksandar Pavić