Http to https redirect?


#1

Is this possible?
i have a secure domain running perfectly, however unencrypted connectons are not made, by design i assume… Is there a way to redirect http:// to https:// from the same domain?


#2

I’m no expert, but a bunch of searching lead me to suggest adding the following rewrite rule to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Free unique IP and $67 off with promo code [color=#CC0000]LENSMANFREEIP67[/color] or use [color=#CC0000]LENSMAN97[/color] for $97 off. Click here for more options


#3

ok that didnt work …
any other ideas???
thanks


#4

What about:

RedirectPermanent / https://gopherssite.com

Free unique IP and $67 off with promo code [color=#CC0000]LENSMANFREEIP67[/color] or use [color=#CC0000]LENSMAN97[/color] for $97 off. Click here for more options


#5

BTW, I think the reason the first suggestion didn’t work is that you may have a SSLRequireSSL somewhere in the .htaccess or in some apache config file (though I don’t think DreamHost does that).

Free unique IP and $67 off with promo code [color=#CC0000]LENSMANFREEIP67[/color] or use [color=#CC0000]LENSMAN97[/color] for $97 off. Click here for more options


#6

i handle this with php code:

if($need_ssl && (!isset($_SERVER[‘HTTPS’]) || strtolower($_SERVER[‘HTTPS’]) != ‘on’)) {
header(‘Location: https://’ . $_SERVER[‘HTTP_HOST’] . $_SERVER[‘REQUEST_URI’]);
die;
}
if(!$need_ssl && (isset($_SERVER[‘HTTPS’]) && isset($_SERVER[‘HTTPS’]) && strtolower($_SERVER[‘HTTPS’]) == ‘on’) {
header(‘Location: http://’ . $_SERVER[‘HTTP_HOST’] . $_SERVER[‘REQUEST_URI’]);
die;
}

the second if statement goes back to http from https if the page doesn’t need ssl. every page sees this code, and ones that need ssl set $need_ssl to true.

track7 - my dream-hosted site


#7

Notice this from the OP:

So the entire site is protected by SSLRequireSSL (or something equivalent, I suppose), which I think means that nothing will get past the Apache engine itself - so no static content will be served, no php or ruby will run. Apparently, mod_rewrite doesn’t even run.

I’m hoping that the “Redirect” directive will work - and I pretty sure it will if the reason that http queries aren’t being processing because of an SSLRequireSSL directive.

As haan suggests, though, one can for part of all of one’s website, dispense with the SSLRequireSSL and just make sure that the navigation takes care of using https appropriately (though I’ve seen more people do this on the receiving page side rather than the referring page side).

Misterhaan, I think it’s the case that someone could still navigate to a page you intend to be secure by just typing in the destination URI with http instead of https, right?

Free unique IP and $67 off with promo code [color=#CC0000]LENSMANFREEIP67[/color] or use [color=#CC0000]LENSMAN97[/color] for $97 off. Click here for more options


#8

What we really would like to have is the site running both ways: http:// and https:// but a redirection would work just fine if we could make it work.

I tried the RedirectPermanent / https://mysite.org but it did not work either. I’ve been trying different .htacess directives to redirect the http:// to https:// in the last couple days with no luck. So anybody trying to reach the website through http:// receives an error like the website is down.
I do not have a SSLRequireSSL anywhere in the .htaccess.

Any other ideas?


#9

yes, actually the site itself links to other pages using whichever protocol the current page is using. so if i’m on a secure page, and click a link to an insecure page, it’ll first try https there but then get redirected to http. i did it that way because i didn’t want to put the complete uri for internal links, or keep track of which links should be secure and which shouldn’t.

track7 - my dream-hosted site


#10

UPDATE

I’d like to thank you all for the inputs. The redirection finally works (using Lensman’s first suggestion) .
I sent an email to support and they figured out that apparently “It looks like somehow the apache instance had decided that it didn’t want to host the normal http://yoursite.org. So this meant that the redirect wasn’t working. I was able to reconfigure the http settings so that is working now.” That’s why t didn’t work before.

Gopher and I just want to say thank you all. :slight_smile:


#11

Hey, I’m just glad things finally worked out for you!

Free unique IP and $67 off with promo code [color=#CC0000]LENSMANFREEIP67[/color] or use [color=#CC0000]LENSMAN97[/color] for $97 off. Click here for more options


#12

Hey, thanks. This worked great for what I needed.

By the way, thought I’d inform you of a little bug in the code:

You’re missing a ) at the end of the second ‘if’ statement:

if(!$need_ssl && (isset($_SERVER[‘HTTPS’]) && isset($_SERVER[‘HTTPS’]) && strtolower($_SERVER[‘HTTPS’]) == ‘on’) {

should actually be:
if(!$need_ssl && (isset($_SERVER[‘HTTPS’]) && isset($_SERVER[‘HTTPS’]) && strtolower($_SERVER[‘HTTPS’]) == ‘on’)) {

Thanks… It saved me a bit of time instead of using Rewrite.


#13

I tried the code lensman suggested:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

It mostly worked. The website I’m working with is called bookoutlining.com. When I added the code, it did the following:

When I typed bookoutlining.com into the address bar, it redirected to https://www.bookoutlining.com, as it should.

When I typed www.bookoutlining.com into the address bar, it redirected to https://www.bookoutlining.com, but some of the images were missing.

When I typed in http://www.bookoutlining.com, nothing really happened. Simply put, the page would act like it’s loading, but it would never stop. Nothing ever actually loaded.

My boss asked me to only make it so https shows up on check out pages. I was going to try that with the php that was mentioned, however I ran into something of an issue.

I went back to the .htaccess file and delete the code mentioned by lensman. However, this did not reverse what I had done.

Here is the current state:

When I type bookoutlining.com into the address bar, it redirected to https://www.bookoutlining.com, as it should.

When I typed www.bookoutlining.com into the address bar, it redirected to https://www.bookoutlining.com, but the issue of the images missing is no longer an issue. In fact, it redirects as it should.

When I type in http://www.bookoutlining.com, nothing really happens. Simply put, the page acts like it’s loading, but it would never stop. Nothing ever actually loads.

I’m not quite sure what to do. I did put in a ticket with Dreamhost, but I’m hoping someone here can help me faster.


#14

Thanks this work for me.