HTTPS redirect to HTTP

Forum Moderators: phranque

Message Too Old, No Replies

HTTPS redirect to HTTP

HTTPS sites co-hosted with HTTP sites

linusoft

1:55 pm on Jan 15, 2014 (gmt 0)

Hello,
I have a server which hosts a number of virtual sites, and only one of them uses SSL with a certificate. No others use SSL.

If I point my browser to [ssl-site,...] I get the correct site, and if I point to [ssl-site,...] I am redirected to HTTPS. This is working nicely.

If I point my browser to [non-ssl-site,...] everything works fine, but, if I point my browser to [non-ssl-site,...] the page that is rendered is from the ssl-site, only with the url set as the non-ssl-site.

I have tried adding a redirect rule into the htaccess file for non-ssl-site, as found in similar posts, but that does not work.

How can I fix this so that [non-ssl-site...] either gives 404, or redirects to [non-ssl-site?...]

The server is CentOS 5.4, with CPanel / WHM.

Thank you

linusoft

2:26 pm on Jan 15, 2014 (gmt 0)

Sorry, server is CentOS 6.5, not 5.4

lucy24

9:41 pm on Jan 15, 2014 (gmt 0)

Let's see your existing RewriteRules. Not all of them! just the ones concerned with protocol-plus-host. When https is involved, the ordinary pattern of one rule with one condition will jump to 2 rules with 2 conditions each. Or 2 rulesets per domain if you've got more than one on the same server. It sounds as if you're missing one of the set.

To avoid auto-linking, use example.com (no subdomains). You can say example.org, example.net etc, including
http://www.example.secure
http://www.example.insecure
and so on. (https doesn't auto-link, but this is probably a coding oversight, so don't rely on it here.)

linusoft

9:14 am on Jan 16, 2014 (gmt 0)

This is the htaccess file for the insecure site. I have added the 2 lines commented in the middle.
The others are provided by cpanel / joomla

RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode.*$.*$ [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

## Lines I have added
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://www.example.com.insecure [R=301,L]

########## Begin - Joomla! core SEF Section
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC]
RewriteRule (.*) index.php
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

The htaccess for the secure site is:

RewriteEngine On

Options +FollowSymLinks

RewriteCond %{HTTP_HOST} ^example.com [nc]
RewriteRule (.*) [example.org...] [r=301,nc]

RewriteCond %{HTTP_HOST} www.example.co.uk [nc]
RewriteRule (.*) [example.org...] [r=301,nc]

RewriteCond %{QUERY_STRING} base64_encode[^(]*$[^)]*$ [OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F]

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]