Welcome to WebmasterWorld Guest from 3.81.29.226

Forum Moderators: Ocean10000 & phranque

Redirecting to ‘https://www’ version

     
8:43 pm on Oct 15, 2019 (gmt 0)

New User

joined:May 18, 2018
posts:13
votes: 0


Hi,

All 4 versions of my website domain name redirect well to secure version:
 https://www

4 versions:

https://www.
https://
http://www.
http://

However pages don’t if they start with
http://
or
http://www.

They should redirect to
https://www
as well.

Examples:

[url]http://www.example.com/jacksarlo[/url]

I use wordpress.org, and this is the .htaccess file.

How to fix this please?

# BEGIN WpFastestCache
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.example\.com [NC]
RewriteRule ^(.*)$ http://example\.net/$1 [L,R=301,NC]
# Start WPFC Exclude
# End WPFC Exclude
# Start_WPFC_Exclude_Admin_Cookie
RewriteCond %{HTTP:Cookie} !wordpress_logged_in_[^\=]+\=jcksrl
# End_WPFC_Exclude_Admin_Cookie
RewriteCond %{HTTP_HOST} ^www.example.com
RewriteCond %{HTTP_USER_AGENT} !(facebookexternalhit|WhatsApp|Mediatoolkitbot)
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !(\/){2}$
RewriteCond %{REQUEST_URI} \/$
RewriteCond %{QUERY_STRING} !.+
RewriteCond %{HTTP:Cookie} !wordpress_logged_in
RewriteCond %{HTTP:Cookie} !comment_author_
RewriteCond %{HTTP:Cookie} !wp_woocommerce_session
RewriteCond %{HTTP:Cookie} !safirmobilswitcher=mobil
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/all/$1/index.html -f [or]
RewriteCond /home3/ACCOUNT/public_html/example.com/wp-content/cache/all/$1/index.html -f
RewriteRule ^(.*) "/wp-content/cache/all/$1/index.html" [L]
</IfModule>
<FilesMatch "index\.(html|htm)$">
AddDefaultCharset UTF-8
<ifModule mod_headers.c>
FileETag None
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Mon, 29 Oct 1923 20:30:00 GMT"
</ifModule>
</FilesMatch>
# END WpFastestCache
# BEGIN GzipWpFastestCache
<IfModule mod_deflate.c>
AddType x-font/woff .woff
AddType x-font/ttf .ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE font/opentype font/ttf font/eot font/otf
</IfModule>
# END GzipWpFastestCache
# BEGIN LBCWpFastestCache
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|webp|js|css|swf|x-html|css|xml|js|woff|woff2|ttf|svg|eot)(\.gz)?$">
<IfModule mod_expires.c>
AddType application/font-woff2 .woff2
ExpiresActive On
ExpiresDefault A0
ExpiresByType image/webp A2592000
ExpiresByType image/gif A2592000
ExpiresByType image/png A2592000
ExpiresByType image/jpg A2592000
ExpiresByType image/jpeg A2592000
ExpiresByType image/ico A2592000
ExpiresByType image/svg+xml A2592000
ExpiresByType text/css A2592000
ExpiresByType text/javascript A2592000
ExpiresByType application/javascript A2592000
ExpiresByType application/x-javascript A2592000
ExpiresByType application/font-woff2 A2592000
</IfModule>
<IfModule mod_headers.c>
Header set Expires "max-age=2592000, public"
Header unset ETag
Header set Connection keep-alive
FileETag None
</IfModule>
</FilesMatch>
# END LBCWpFastestCache
RewriteOptions inherit
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

# Or, compress certain file types by extension:

<files *.html>
SetOutputFilter DEFLATE
</files>


Thanks



[edited by: not2easy at 9:10 pm (utc) on Oct 15, 2019]
[edit reason] anonymized details for readability/security [/edit]

3:05 am on Oct 16, 2019 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4558
votes: 363


Normally we do not deal with dumped code that justs puts everything on the table, but it appears that in this case my best guess says that without some assistance you might be unable to separate out the part(s) that need work.

I think it is best if we just ignore the WP plugin instructions - you're on your own with those. I'm going to ignore the conflicting cache rules that you have because those are not related to the question of why your rewrites are not working as expected.

There are only two rewrites in this .htaccess file and one of those is the WordPress default snippet:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
Don't mess with that one please.

The other one does not really do what you want either and it would appear that only the WP part of your site can possibly be reached by https: URLs.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.example\.com [NC]
RewriteRule ^(.*)$ http://example\.net/$1 [L,R=301,NC]
unless you wanted to redirect all URL requests to http://example.net/page-name

Now if we can determine whether your domain has a .com or .net TLD we may get to a start for a useful canonical rewrite rule. Which one is correct?
5:26 pm on Oct 16, 2019 (gmt 0)

New User

joined:May 18, 2018
posts:13
votes: 0


My domain is .com

I want to direct all my site pages in any of those 4 versions to this version
https://www


Btw I actually have 2 .htaccess files. One of them is called .htaccess-1516125416. That's the one from where I
pasted the code in my post.

The other file, .htaccess has this code:

RewriteOptions inherit
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

# Or, compress certain file types by extension:

<files *.html>
SetOutputFilter DEFLATE
</files>

# Use PHP71 as default
AddHandler application/x-httpd-php71 .php
<IfModule mod_suphp.c>
suPHP_ConfigPath /opt/php71/lib
</IfModule>


Thanks!
6:28 pm on Oct 16, 2019 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4558
votes: 363


As far as I know (which is not nearly very much) a .htaccess file with some other characters at the end of it is not the paart your server works with - BUT not all hosting environments are identical so I would not call that an ironclad rule. The one to edit is plain .htaccess with nothing at the end normally.

I would add the rewrite rule at the end, then move the WP section after the rewrite rule.

I would try starting with something like this:
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ [NC,OR]
RewriteCond %{HTTPS} =off
RewriteRule (.*) https://www.example.com/$1 [L,R=301]

It helps to understand what this does for you so that you can decide whether this is what you want. The first line, that
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ [NC,OR]
part tells the server that if it receives a request that does not (that's the !) begin with (that's the ^) your preferred form of your domain name - that's the "(www\.example\.com)" part, the $ (anchor) is the end of the string for the server to watch for and the "?" represents whatever the rest of the URL requested actually is and captures that part of the requested URL to add it back on again. The bracketed part at the end of that line adds conditions for the rule. Here NC means "No Case" - the letters in the request can be upper or lower case. OR means "or" - because another condition for this rule is on the next line.

That next condition is:
RewriteCond %{HTTPS} =off
which means just what it looks like - "if that requested URL is not requesting https:"

The last line:
RewriteRule (.*) https://www.example.com/$1 [L,R=301]
basically tells the server to take everything it has determined from the first two lines: (.*) and rewrite them as "https://www.example.com/" and that $1 tells it to add back the part it captured with the '?' in the first line and add that string back on to the request. The bracketed stuff at the end defines how to proceed: 'L'= last time to rewrite this request and R=301 says the Rewrite is to be a 301 (permanent) which is necessary to add because Apache's default would be a 302 (temporary). If someone forgets to specify a 301 it will be a 302.

This should not be at the top of your .htaccess file, it is usually at the end, after all the other cache instructions and <files> and plugin settings. The WP snippet of code goes after this rewrite rule because it has its own internal rules.

On a side note, you might find it helpful to separate your htaccess sections rather than run them on all stuck together. I suggest that because it appears that some of those proprietary codes are nested and containing unrelated parts of code. Your file has a no-cache section and further down has cache rules. And more after those. Only the plugin providers can tell you how and where those belong, sorry.

[edited by: phranque at 7:35 pm (utc) on Oct 16, 2019]
[edit reason] typo - $? vs ?$ [/edit]

7:10 pm on Oct 16, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15934
votes: 887


the "?" represents whatever the rest of the URL requested actually is
Brain fart, not2easy? ;)

The ? means the part in parentheses is optional:
(www\.example\.com)?
In htaccess on shared hosting this bit really isn't necessary--though it does no harm--because a request without a hostname simply won't reach your site. So this bit can be expressed as
!^www\.example\.com$
if you prefer.
7:45 pm on Oct 16, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Dec 15, 2003
posts:2645
votes: 7


Side question.... are you able to edit the webserver config files? I assume Apache because of the htaccess file...

If yes you would be best served having your solution live there rather than the htaccess file.
3:11 pm on Oct 17, 2019 (gmt 0)

New User

joined:May 18, 2018
posts:13
votes: 0


@not2easy I confirm that code works now.

I edited the .htaccess file, now it looks like this:

RewriteOptions inherit

# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

# Or, compress certain file types by extension:

<files *.html>
SetOutputFilter DEFLATE
</files>

# Use PHP71 as default
AddHandler application/x-httpd-php71 .php
<IfModule mod_suphp.c>
suPHP_ConfigPath /opt/php71/lib
</IfModule>

RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ [NC,OR]
RewriteCond %{HTTPS} =off
RewriteRule (.*) https://www.example.com/$1 [L,R=301]


# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress


Do I leave this part from the other .htaccess file (.htaccess-1516125416)?

RewriteCond %{HTTP_HOST} ^example\.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.example\.com [NC]
RewriteRule ^(.*)$ http://example\.net/$1 [L,R=301,NC]


As for the mess I have in these files I'll guess I create a new post or try to figure out
what's going in.

Thanks!
4:28 pm on Oct 17, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15934
votes: 887


Do I leave this part from the other .htaccess file (.htaccess-1516125416)?
No. The HTTP_HOST should be expressed as a negative: “If the hostname is anything other than this exact form”, with both opening and closing anchors.

Some sources say the HTTP condition should be expressed as !on rather than =off. But since it's supposed to be binary, it's hard to think of a situation where it could matter.

In order to redirect in a single step, you need to have two RewriteConds, separated by OR: one for the hostname, one for http. You've now got that.

<files *.html>
SetOutputFilter DEFLATE
</files>
This doesn't need to be in a Files envelope; just say .html (leading dot optional) after the DEFLATE. As a general rule it's always safer to say Add instead of Set, unless you explicitly want to override something that was previously set.

:: wandering off to refresh memory on difference between* AddOutputFilter and AddOutputFilterByType ::


* Answer: in spite of the similarity in names, one is covered by mod_mime and the other by mod_filter. This will take further study.
5:39 pm on Oct 17, 2019 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4558
votes: 363


Thanks for the correction lucy24, I had written part of my response, then grabbed the wrong lines to paste in - I was a little rushed to get offline because of nearby lightening in a heavy thunderstorm. I'm happy to see it was correctly used.

@karlsult7 - Regarding that old rewrite rule: No, don't use that old Rewrite code. Look at the last line, it wants to rewrite to a .net site which is why I had to ask whether you were aiming for .net or .com for your rule.

A further note about the .html part:
<files *.html>
SetOutputFilter DEFLATE
</files>

Since you have the wordpress section of code, we assume that you have installed WordPress and your recent URLs don't end with .html - but you may have non-WP .html pages. IF not,you can get rid of this .html directive in your .htaccess file. You don't need that unless you still have actual .html pages in addition to your wordpress pages. I bring that up because most WP sites don't hang on to the .html file extensions within WP and you don't need the server looking for them if they aren't there. ;)

9:01 pm on Oct 17, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15934
votes: 887


your recent URLs don't end with .html
Besides, <Files> and <FilesMatch> refer to the physical file, not the URL. So even if you're being sneaky and disguising your dynamic pages behind .html URLs, <Files> isn't fooled.
11:31 pm on Oct 17, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15934
votes: 887


And incidentally...
I was a little rushed to get offline because of nearby lightning in a heavy thunderstorm
Mercy sakes, Nancy, haven't you guys had enough weather for one lifetime already?
10:19 am on Oct 20, 2019 (gmt 0)

New User

joined:May 18, 2018
posts:13
votes: 0


Hi,

I don't know what happened to .htaccess file, seems some code got between the piece I added, now it looks like this:

I wonder if this is normal?

RewriteOptions inherit

# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

# Use PHP71 as default
AddHandler application/x-httpd-php71 .php
<IfModule mod_suphp.c>
suPHP_ConfigPath /opt/php71/lib
</IfModule>

RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ [NC,OR]
RewriteCond %{HTTPS} =off
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://www.example.com/$1 [L,R=301]

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule . /index.php [L]
</IfModule>

# END WordPress


Thanks!

[edited by: not2easy at 1:05 pm (utc) on Oct 20, 2019]
[edit reason] anonymized details for readability/security [/edit]

1:14 pm on Oct 20, 2019 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4558
votes: 363


That looks like something that might occur if you are using CPanel to manage some facet of your domain. The inclusion of ".well-known/" is related to TLS/SSL certificates. Did you recently acquire, alter, update or replace your security?

The "WP snippet" of code now appears to be duplicated. If you did nothing to explain these changes, I would contact your host. I would also take a look at your error logs.
7:32 pm on Oct 21, 2019 (gmt 0)

New User

joined:May 18, 2018
posts: 13
votes: 0


I downloaded backups, full backup, home directory backup and msql backups.
I think '.well-known' appeared exactly at that time.

I from removing some wordpress plugins from wordpress dashboard not cpanel.
I inserted google analytics code in wp... and modify a ton of pages on my site.

But nothing special at all or about security.
7:56 pm on Oct 21, 2019 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4558
votes: 363


A closer look shows that the WP snippet is not actually duplicated, it appears related to a Comodo certificate though. WP plugins can and do overwrite sections of your .htaccess file which is why it is important to understand every plugin that you use and stick to plugins from the WP.org plugins repository because those have been tested and approved. There are some sneaky plugins out there to be careful of.

Any time you aren't sure about a plugin you can check the information at the WP Vulnerability database: [wpvulndb.com...]
4:46 pm on Oct 22, 2019 (gmt 0)

New User

joined:May 18, 2018
posts: 13
votes: 0


ok, I only have about 5 plugins all very popular...

Will try contacting host too.

Thanks!