The first part of your code accepts URL requests and translates them into the internal filepath needed to serve the content, and then asks the hard disk to supply that content.

By then it is far too late to be asking the browser to make a request for a different URL, because the originally requested URL was not the right one, however by listing the redirects after the rewrite that is exactly what you are asking the server to do.

The redirects must be listed before the rewrite. Further, the redirects must be ordered from most specific to least specific so that you avoid any redirection chains.

Try the code the other way round, and see if there are any improvements.

Additionally, add negative match filetype exclusions to your rewrite so that the rewrite doesn't check the disk when images, CSS, and JS are requested. Those -d and -f "exists" checks are very inefficient and should be avoided where possible. You already have a similar exclusion within one of your redirects. Do the same for the rewrite.

Thank you for your response but I am so new I really don't understand what you are saying.

Hostgator sent me the following code which I used but it made the entire website https when all I want is the page http://www.example.com/shop/checkout to be [example.com...]

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

I tried changing the code in my original post to the following:

# Redirect HTTP requests for SSL checkout page to HTTPS
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^(shop/checkout)$ https://%{HTTP_HOST}/$1 [R=301,L]
#
# Redirect HTTPS requests for non-SSL pages back to HTTP. (Note that shared objects
# such as images on both HTTP and HTTPS pages are excluded from this rule)
RewriteCond %{SERVER_PORT} =443
RewriteCond $1 !^shop/checkout
RewriteCond $1 !\.(gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
#
# Redirect extensionless page requests to remove trailing slash
RewriteRule ^(shop/checkout)/$ http://%{HTTP_HOST}/$1 [R=301,L]
#

But no change. Nothing happens.

[edited by: jdMorgan at 12:49 am (utc) on May 21, 2010]
[edit reason] switched to example.com and de-linked [/edit]

Nothing happens?

Make sure that your server is plugged into the mains and switched on, and that it has a connection to the internet.

Make sure the domain name you are trying to use is already registered and is pointing to your server.

I haven't looked into your whole problem but one thing you need to do is get those equals signs (=) out of your RewriteCond's, e.g.

RewriteCond %{SERVER_PORT} !^443$

RewriteCond %{SERVER_PORT} ^443$

But instead of that you could use the HTTPS variable, e.g.

RewriteCond %{HTTPS} off

RewriteCond %{HTTPS} on

Also, try putting your rewrite rules in CODE blocks when you post them here -- hopefully the forum will not then automatically try to make links within the content.

The equals sign is perfectly valid syntax.

It specifies an exact match, and escaping is NOT required in the patterns so tested.

You're right, my mistake. Sorry JetAviator7, and everybody, for muddling things.

The domain name is registered and is pointing to the server.

As I said earlier if I place this code in my .htaccess file it makes the entire domain https:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$

https://www.example.com

/$1 [R=301,L]

As I said earlier I am completely new to this stuff, but I REALLY appreciate all of the quick responses!

Hi JetAviator7,

Right now if I request [example.com...] directly (with or without trailing slash), it redirects me to http://example.com/ . So I think you should get it so that the first URL is accessible directly before you try redirecting another URL to it.

[edited by: jdMorgan at 12:50 am (utc) on May 21, 2010]
[edit reason] example.com [/edit]

As I said earlier if I apply the code:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$

https://www.example.com

/$1 [R=301,L]

Every page on the website starts with https://

All I am trying to do is have one page on the website:

http://example.com/shop/checkout

turn into

https://www.example.com/shop/checkout/

when the purchaser leaves the /shop/cart/ for checkout.

If the above code turns the whole website into https:// then there should be a way in the htaccess file to redirect that one page to https:// and leave all of the other pages as http://

I looked through this forum and saw several other examples, which I tried, but because I don't understand the coding correctly I can't seem to make it work.

Can anyone suggest what I should place into the htaccess file to redirect that single page to https:// while leaving the remaining pages as [?...]

Thanks.

[edited by: jdMorgan at 12:51 am (utc) on May 21, 2010]
[edit reason] example.com [/edit]

All I am trying to do is...

Yes, but you have a number of RewriteRule's, that can interact with each other, and the URL that you want to redirect TO -- [all-things-aviation.com...] -- is currently redirecting to another URL (I think at least 2 redirects actually occur currently when requesting that URL). So, how are you going to test anything anyone suggests to you? You first need to get it so that you can actually access that URL without it redirecting to something else.

Is /shop/checkout a directory or a file or what?

Have you posted all of the RewriteRule's that are in use on your site, in either central config files like httpd.conf or in .htaccess files in "/", "/shop", or "/shop/checkout"?

A preceding RewriteCond looking at REQUEST_URI can test the path-part of the requested URL.

Use a matching pattern to redirect and a negative match to not redirect.

Be sure that you force all URLs to http that should not be https, and all URLs to https that should not be http.

There's many prior examples here in the forum for this code.

Jesse_M:

it is not a directory nor a file, it is a page created in Wordpress.

John

Jesse_M:

There us no httpd.conf file and currently no Rewrite rules in the htaccess file.

As I said before this is a page on a Wordpress installation on the domain.

I have tried a number of the earlier suggestions in the forum regarding this issue but none of them seemed to work for my site.

On the Web, there are only URLs. Inside a server, there are only files and filepaths. "Pages" have meaning only to browsers.

mod_rewrite can do one of two "main" things: It can match a client-requested URL-path and generate a redirect response to tell the client to re-request the desired resource at a new URL, or it can match a client-requested URL-path, and modify the way in which that URL-path is translated to a filepath inside the server.

For clarity, the former is called an "external redirect," while the latter is termed an "internal rewrite" in the comments below.

Your rules are in the wrong order. Let's sort that first and fix a few things along the way.

Options +FollowSymLinks -Indexes -MultiViews
RewriteEngine on
RewriteBase /
#
# Externally redirect HTTP requests for SSL shop/checkout page to HTTPS
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^shop/checkout/?$ https://www.example.com/shop/checkout [R=301,L]
#
# Externally redirect HTTPS requests for non-SSL pages back to HTTP.
# (Note that shared objects such as images, css, & JS on both HTTP
# and HTTPS pages are excluded from this rule)
RewriteCond %{SERVER_PORT} =443
RewriteCond $1 !^shop/checkout/?$
RewriteCond $1 !\.(gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
#
# Externally redirect direct client requests for "index.php" in any directory to
# "/" in that same directory, preserving the client-requested http/https protocol
RewriteCond %{THE_REQUEST} ^[A-Z]+\ /([^/]+/)*index\.php([?#][^\ ]*)?\ HTTP/
RewriteCond %{SERVER_PORT}s ^(443(s)|[0-9]+s)$
RewriteRule ^(([^/]+/)*)index\.php$ http%2://www.example.com/$1 [R=301,L]
#
# Externally redirect extensionless page requests to remove trailing
# slash, preserving the client-requested http/https protocol
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{SERVER_PORT}s ^(443(s)|[0-9]+s)$
RewriteRule ^(([^/]+/)*[^./]+)/$ http%2://www.example.com/$1 [R=301,L]
#
# Externally redirect all non-blank non-canonical hostnames to the canonical
# hostname, preserving the client-requested http/https protocol
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
RewriteCond %{SERVER_PORT}s ^(443(s)|[0-9]+s)$
RewriteRule ^(.*)$ http%2://www.example.com/$1 [R=301,L]
#
# BEGIN WordPress
# Internally rewrite all requested URL-paths to the Wordpress script filepath,
# except for previously-rewritten requests for WP's index.php script file,
# object types that are not generated by WP itself, and URLs which resolve to
# physically-existing files or directories.
RewriteCond $1 !^index\.php$
RewriteCond $1 !\.(gif|jpe?g|png|ico|css|js)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ /index.php [L]
# END WordPress

Now all of your rules accord with the general rule of thumb "Put all access control rules first, followed by all external redirects, in order from most-specific to least-specific patterns and conditions (i.e fewest URLs affected to more URLs affected), then finish up with all internal rewrites, again ordered from most- to least-specific."

Non-SSL requests for /shop/checkout --with or without a trailing slash-- are externally redirected to https.

All other URL-paths are externally redirected to http if requested using https, except for included-object types (such as images, css, and JS) commonly shared between http and https pages.

Requests for URL-paths which contain no "." in the final URL-path-part and which end in slash are externally redirected to remove the trailing slash, as long as they don'[t resolve to an existing directory. The client-requested http/https protocol is preserved.

Direct client requests for /index.php at any directory level are externally redirected to "/" in the original directory to prevent a common duplicate problem, using whichever protocol the client used for the request.

Requests for any hostname not exactly equal to "www.example.com" are externally redirected to www.example.com, using whichever protocol the client used for the request.

You'll also likely find that your WP pages load a bit faster as well, since the non-optimal WP internal rewrite code has been enhanced for efficiency.


Delete your browser cache and give that a spin. It's not perfect because there is still one relatively-rare condition under which you could get a double (chained) redirect when a requested URL is incorrect in more than one way, but as long as all of your own on-site linking is correct, this should not be a major concern.

Jim

[edit] Correction as noted below. [/edit]

[edited by: jdMorgan at 6:42 pm (utc) on May 21, 2010]

So you're saying no rewrite rules in any other .htaccess files? In other words, all of your rewrite rules are in /.htaccess?

I recommend the first thing you do is work on getting things setup so that you can access [all-things-aviation.com...] when you request it directly, without it redirecting to somewhere else. Right off the bat I don't see what's causing that.

Is this a live site or just in development? If it's just in development, just take all of the rewrite rules out and add them back gradually until you figure out what's causing that URL to redirect. Once that's straightened out you can work on redirecting the HTTP version of that URL to the HTTPS version.

Jim:

As is typical in my life, I think that "relatively-rare" condition exists.

I uploaded the file exactly as above and received the following message:

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

* This problem can sometimes be caused by disabling or refusing to accept
cookies.

Any suggestions?

Thanks,

John

Yes, download and install the "Live HTTP Headers" add-on for Firefox and Mozilla-based browsers, and use it to "track" the sequence of redirects. Then at least you'll know precisely how it's going wrong.

I suspect that you've got an additional redirect due to a control panel setting, domain forwarding, or some other code on your server in either a config file or a script. Look at how the addition of a single SSL page "spread complexity" through the other rules in your code above... Control panels and "standard code" tend to be "as dumb as rocks" when it comes to this kind of thing... Very likely to handle it improperly.

It'll be very difficult to make sense of this problem without detailed data on exactly what the problem is. Fire up Live Headers and see what the sequence of client requests and server redirect responses looks like. It may take you awhile to get used to the tool and figure out the relevant data in its display, but really all you need to pay attention to in the display is "What URL did the client request?", "What did the server respond with - a 200-OK and content, or a 30x redirect and a new URL in a 'Location:' header?" Those three lines are the main thing to look for in each client/server transaction report.

Knowing what URLs are being redirected, and where they're being redirected to will help identify the problem.

Hopefully, the problem isn't because of my fat-fingered typing or poor eyesight... :)

Jim

Since the Live HTTP Headers display can be confusing, here is an example of the display for a single client/server redirect transaction. The bolded lines are the most relevant to debugging your problem.

Do NOT post the cookie value in the server response without obscuring it; It contains your personal IP address and an encrypted version of your username and password! Although I included the whole report here for purposes of unambiguous illustration, there is no need for you to post any but the three highlighted lines which pertain to this discussion. And please substitute "example.com" for your real domain name to comply with our Terms of Service.

-----
http://www.webmasterworld.com/apache/4135965.htm#msg4136579

GET /apache/4135965.htm HTTP/1.1
Host: webmasterworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 7.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 120
Connection: keep-alive
Cookie: PubConSouth2011=.abcd33efgabc21.xyzbeta3.192.168.0.1.

HTTP/1.1 301 Moved Permanently
Date: Fri, 21 May 2010 14:49:04 GMT
Server: Apache/2.0.52
Location: http://www.webmasterworld.com/apache/4135965.htm
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 251
Connection: close
Content-Type: text/html; charset=iso-8859-1
-----

Jim

Jim:

I installed the Live HTTP headers add on but I am not clear on how to ues it.

For example, it will give me some information if a page like

www.example.com

loads, but if I load any other page where I get an error it does not provide any information.

I uploaded your coding for my htaccess file and I can get the Home Page

www.example.com

to load, but if I try any other page on the website like

www.example.com/blog or www.example.com/shop or www.example.com/shop/checkout/

I get the error message.

I don't know if this helps. Let me know what else I can do.

John

Jim:

When I upload the htaccess file that you provided I can type in

www.example.com

and it comes right up. When I try to navigate to any other page it won't let me.

So I ran the Live HTTP headers and basically all I get is this:

#request# GET

http://example.com/blog

#redirect# GET /blog
#request# GET

www.example.com/blog

#redirect# GET /blog

and it continues to repeat the last 2 lines 19 times.

Then I get the following:

#request# GET http://toolbarqueries.google.com/search?features=Rank&sourceid=navclient-ff&client=navclient-auto-ff&googleip=O;74.125.95.xyz;242&iqrn=5et&querytime=OB&orig=0BpbB&swwk=359&ch=847a045ea&q=info:http%3A%2F%2Fwww.example.com%2Fblog
<snip>
GET /search?features=Rank&sourceid=navclient-ff&client=navclient-auto-ff&iqrn=qp5C&ch=8ace3bf28&q=info:http%3A%2F%2example.com%2Fblog%2F
GET /search?features=Rank&sourceid=navclient-ff&client=navclient-auto-ff&iqrn=XOTD&querytime=cC&orig=0haau&ch=847a045ea&q=info:http%3A%2F%2Fwww.example.com%2Fblog

I don't know if any of this helps.

John

[edited by: jdMorgan at 6:36 pm (utc) on May 21, 2010]
[edit reason] snipped data dump,obscred private data [/edit]

Hopefully, the problem isn't because of my fat-fingered typing or poor eyesight... :)

Well, I fat-fingered it, and then didn't spot the error. This section:

# Externally redirect all non-blank non-canonical hostnames to the canonical
# hostname, preserving the client-requested http/https protocol
RewriteCond %{HTTP_HOST} ^(www\.example\.com)?$
RewriteCond %{SERVER_PORT}s ^(443(s)|[0-9]+s)$
RewriteRule ^(.*)$ http%2://www.example.com/$1 [R=301,L]

is missing the negation operator "!" on the first RewriteCond.

I have corrected my post above so that no-one else trips on this error in the future.

Fixing that will take care of at least one major problem.

Jim

Jim:

Well, now the site does not come up at all.

However, I did figure out how to get the info you asked for with Live HTTP headers:

http://example.com/

GET / HTTP/1.1
Host:

example.com

HTTP/1.1 301 Moved Permanently
Location:

http://www.example.com/

----------------------------------------------------------

http://www.example.com/

GET / HTTP/1.1
Host:

www.example.com

HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback:

http://example.com/xmlrpc.php

Location:

http://example.com/

Hope this helps figure out the problem.

John

[edited by: jdMorgan at 11:06 pm (utc) on May 21, 2010]
[edit reason] Removed irrelevant data [/edit]

In the example posted earlier, some lines were highlighted in bold with the instruction to only post THOSE lines here. You can safely remove the rest to make it a lot more readable.

I apologize for not following the instructions completely, I don't know what is and is not important.

I do appreciate all of the help and assistance and hope I can get this problem resolved.

I will make sure I follow instructions exactly in the future.

John

It's OK... Actually the extra data (some of which I did not edit out) points to the problem, I believe.

The second redirect --back to example.com-- has cache-control headers and a xml remote procedure call tag that look very much like PHP/WordPress-generated headers.

Look at you WordPress configuration, and make sure that the canonical hostname in this .htaccess code (www.example.com) and the canonical name configured in WordPress are the same.

If they are already the same, then some other script is generating this redirect, as .htaccess does not add cache-controls or xmlrpc tags to 301-redirect responses.

P.S. You need not surround the domain names/URLs with <code> tags. the http://www.example.com, http://example.com and https://anything-at-all-here.com URLs will not be auto-linked by the forum software.

Jim

My Wordpress wp-config file refers to the SQL hostname and these are the entries:

/** MySQL hostname */
define('DB_HOST', 'localhost');


/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

Now, I use the Custom Structure: /%category%/%postname%/ in the Permalinks section.

I don't use any strange plugins - just: Akismet, All In One SEO Pack, Blubrry Powerpress, Contact Form 7, Exclude Pages From Navigation, Get The Image, Google Analytics for Wordpress, Google Website Optimizer for Wordpress, Google XML Sitemaps, Hello Dolly, Official StatCounter Plugin, Really Simple CAPTCHA, Shopp, Social Profilr, Thumbnail Viewer, Widget Logic and Wordpress Database Backup.

Other than wp-config and .htaccess I am not aware of anywhere else to find the website name configured. I believe I do, however, have set the preferred domain in Google Webmaster Tools to be example.com vs www.example.com.

Is there anywhere else I should look?

John

There is a file called xmlrpc.php in the directory - I don't know what this does.

Jim:

The only other thing I can think of is that this blog was originally a TypePad blog which was moved to my own hosted Wordpress blog. Would this have anything to do with the problem?

John

Jim:

I don't know if this is important, but do you need the ip address for the SSL Certificate for example.com ?

John