Forcing https with phpbb and wordpress


#1

I recently forced https by modifying the .htaccess as suggested in the Dreamhost help. This worked for my main website (which uses Concrete5), but it doesn’t work for my phpBB forum or for wordpress, which are both in folders under my main domain (e.g. www.example.com/Forums/). If I use https://www.example.com/Forums/ then it works fine, but I was wondering if anyone might know the reason why these 2 aren’t forcing https?


#2

what do you mean by “it doesn’t work”? Please be more precise, what do you expect to happen and what happens instead?

It would help if you shared your domain so people can peak and maybe hope to spot issues at first glance. Also share your .htaccess to give people here a chance at seeing any visible mistakes.


#3

Sorry for the ambiguity – I mean that it doesn’t redirect to https and it remains as just http.

Here are some URLs for my website:
http://www.esumsoft.com/ – this will redirect to https as expected
http://www.esumsoft.com/blog/ – this will NOT redirect to https
http://www.esumsoft.com/Forums/ – this will NOT redirect to https
http://www.esumsoft.com/forum/ – this WILL redirect to https as explicitly defined in the .htaccess

Here’s my .htaccess (disclosure: it has been modified somewhat for public-posting, but I believe the intent is the same; e.g. “example1” and “example2” were modified, but should have no affect on the problematic URLs)

redirect 302 /Forum https://www.esumsoft.com/Forums
redirect 302 /forum https://www.esumsoft.com/Forums
redirect 302 /forums https://www.esumsoft.com/Forums


# manual: allow access to stats
ErrorDocument 401 "Error"
ErrorDocument 403 "Error"
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/(stats|failed_auth\.html).*$ [NC]
RewriteRule . - [L]
</IfModule> 



## force https on all
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !/example1 [NC]
RewriteCond %{REQUEST_URI} !/example2 [NC]
RewriteCond %{QUERY_STRING} !action=dl [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

# manual: enable compression
<FilesMatch "\\.(js|css|html|htm|ico|php|xml)$">
SetOutputFilter DEFLATE
</FilesMatch>

# BEGIN EXPIRES
<IfModule mod_expires.c>
    ExpiresActive On
#    ExpiresDefault "access plus 10 days"
    ExpiresByType text/css "access plus 60 minutes"
#    ExpiresByType text/plain "access plus 1 month"
#ExpiresByType text/html "access plus 5 minutes"
    ExpiresByType image/gif "access plus 60 minutes"
    ExpiresByType image/png "access plus 60 minutes"
    ExpiresByType image/jpeg "access plus 60 minutes"
    ExpiresByType application/x-javascript "access plus 60 minutes"
    ExpiresByType application/javascript "access plus 60 minutes"
    ExpiresByType application/x-icon "access plus 60 minutes"
</IfModule>
# END EXPIRES


# -- concrete5 urls start --
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteCond %{REQUEST_FILENAME}/index.php !-f
RewriteRule ^(.*)$ index.php
</IfModule>
# -- concrete5 urls end --

#4

Thanks for sharing your .htaccess. Looks like it has a lot of different and conflicting things in it: your .htaccess starts with 3 redirects directives, but then a few mod_rewrite directives that at first glance seem to be conflicting.
I think that all you need is to add these lines to the .htaccess you had before you started changing things.

RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

This says that if HTTPS is not on (the RewriteCond) then apply the rule that takes whatever was in the original request and pre-pend it with https:// giving a 301 (permanent redirect) error to the browser.

If the redirects worked before you started changing .htaccess, then they should work with https now. If you don’t have a copy of that file, try condensing the rewrites.

I’d also try changing the redirects directives with rewrites, putting them inside one <IfModule mod_rewrite.c> (or two at max, if Concrete5 manages the rewrites automatically for you).

A separate conversation would be about your choice of 302 instead of 301 but we can postpone that until the redirects actually work :slight_smile:


#5

I am certainly an amateur with the htaccess – I generally search for what I need to do and then modify as needed.

The first 3 redirects are just things that the user (or myself) might type in to try to access the forum. There shouldn’t be anywhere in the known interwebs that use these URLs, that’s why I use 302 instead of 301; it wouldn’t be hard to convince me that that’s wrong, though.

The 3 RewriteCond’s that I added are necessary for certain (external) things to work. I’m a software developer and I use the NSIS installer which does not support https when downloading files. Just to make certain, I temporarily disabled those extra RewriteCond’s and tested the blog and forum – they still didn’t force the redirect to https.

I think that there’s a specific reason why phpbb and wordpress aren’t redirecting to https, but I’ve looked through their respective settings, changed a couple things, but it still has had no effect.

In case it matters, I installed WordPress via Dreamhost one-click install, but not phpbb.


#6

OK, I see what you mean… From what I understand, the block above is the issue. I believe those conditions are logical AND so you’re basically telling Apache that if the URL requested is not /example1 and not /example2 and not action=dl then move to https. Basically, /example1 and /example2 are not redirected to https by that rewrite rule. Is that what you expect?

Do you have other .htaccess inside /example1 and /example2? If so, you need to check those .htaccess to make sure that those redirect. Otherwise, try removing simply those lines with /exampe[1|2] and see what happes.

Another (mainly cosmetic) suggestion is to clean up that .htaccess though, putting all rewrite rules inside one <IfModule mod_rewrite.c> statement (or two, if Concrete5 wants to manage its own) and adding all comments that will make you remind what you did, why and when :slight_smile:

As for the redirect, I’d use one single RedirectMatch directive instead, with this regular expression [f|F]orums? to match all the combinations of the initial upper/lower case and the s at the end but that shouldn’t be relevant to your question anyway :slight_smile:


#7

That’s correct. And that’s working correctly – my external calls (e.g. NSIS) to those URLs are not redirected to https as expected. And these conditions are not impacting phpbb or wordpress and therefore not part of the problem. I have tested disabling those conditions and phpbb/wordpress still did not redirect to https (not as expected).

There’s no .htaccess files in either of those 2 folders. But those are working as expected (no redirect).
Just to be clear: “/example1” and “/example2” are not “/Forums” (aka phpbb) and “/blog” (aka wordpress) – they are completely different folders.

If it is mainly cosmetic and you don’t think it’s a factor in this problem, I think I’ll hold off on that until later. I don’t understand the htaccess file well enough to muck with something that is (mostly) working. And I certainly don’t understand the section for “allow access to stats” at all. I think I got that from Dreamhost help? (probably this)


#8

I thought example[1|2] were there blog and forums, thanks for clarifying. [quote=“Jeff_Es, post:7, topic:65091”]
There’s no .htaccess files in either of those 2 folders
[/quote]

weird, I’m surprised there isn’t one at least in the /blog/ directory. How does WP create the pretty permalinks like https://www.esumsoft.com/blog/pop-peeper-and-website-news/?

One quick solution I can think of is to add this rewrite rule in the /blog/ directory and see if at least the blog gets redirected properly:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

Then we’ll think about phpBB :slight_smile:

Another attempt would be to have a redirect of all requests to https://www.esumsoft.com with

Redirect / https://www.esumsoft.com`

To be sure, put this at the end of your .htaccess.


#9

d’oh! :confounded:

Even though I started suspecting you were confusing the folders, I didn’t take that into account when I said there wasn’t any htaccess files in those folders. There is NOT an .htaccess in the “example” folders, there IS an .htaccess in the /Forums and /blog folders (facepalm).

I’ve modified both the /Forums/.htaccess and /blog/.htaccess and now both are working as expected. Thank you!

Well… I told you I wasn’t great with htaccess, but that’s something I knew and that just makes me feel like an idiot :smile:

Ok, so now that that’s done – what you were talking about with combining the Rewrites – I think I understand what you’re saying, basically something like this:

<IfModule mod_rewrite.c>
RewriteEngine On

section1...

section2...

etc...

</IfModule> 

Is that right?


#10

Glad to read you solved the issue :slight_smile:

Yes, something like that: I found this site that will help you test your .htaccess before you put it in place, hope it’s useful to you.


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.