SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Wizard
    Join Date
    Jan 2005
    Location
    blahblahblah
    Posts
    1,447
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Tweaking Slim's .htaccess

    Hello,

    I'm using the Slim PHP framework. Here's the .htacces that comes with the framework.

    Code:
    RewriteEngine On
    
    # Some hosts may require you to use the `RewriteBase` directive.
    # If you need to use the `RewriteBase` directive, it should be the
    # absolute physical path to the directory that contains this htaccess file.
    #
    # RewriteBase /
    
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [QSA,L]
    I would lik to do two things:

    a) Redirect all HTTP requests to their HTTPS counterparts.
    b) Point to an index.php file that is located in an "application" folder.

    Here's what I came up with (not working):

    Code:
    RewriteRule ^https:\/\/.*/application/index.php [QSA,L]
    [/CODE]

    Thanks in advance.

    Regards.

    -jj

  2. #2
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,162
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    I think you actually want:
    Code:
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{HTTP_HOST}%/application/index.php [QSA,R=302,L]
    If HTTPS is off, redirect all traffic to https passing along any querystring data.

  3. #3
    SitePoint Wizard
    Join Date
    Jan 2005
    Location
    blahblahblah
    Posts
    1,447
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello,

    Many thanks!

    Just a quick question: shouldn't we check if HTTPS is "on" rather than "off"? What if I know for a fact that HTTPS is enabled? Do I still need the RewriteCond?

    Regards,

    -jj.

  4. #4
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,162
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jjshell View Post
    Just a quick question: shouldn't we check if HTTPS is "on" rather than "off"? What if I know for a fact that HTTPS is enabled? Do I still need the RewriteCond?
    You wanted to redirect HTTP requests to HTTPS, so you are going from someone accessing your site using HTTP (which means HTTPS is off for the request). Hopefully that makes sense. If you don't use that condition, it will try to redirect ALL requests no matter where they came from, HTTP or HTTPS to a HTTPS url. So you'll end up in an infinite loop. If you change it to "on", it will redirect HTTPS to HTTPS and that is pointless.

  5. #5
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,635
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    FWIW, we usually just set up a separate HTTP redirects site. Much cleaner -- loads simpler to make sure the secure site *only* listens to HTTPS and it keeps the rewriting much cleaner.

  6. #6
    SitePoint Wizard
    Join Date
    Jan 2005
    Location
    blahblahblah
    Posts
    1,447
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    @cpradio: thanks for the clarification!

    @wwb_99: How would I do that? My guess is: check the incoming request using a $_SERVER variable, check if "http:" then redirect to the "https" equivalent.

  7. #7
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,635
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Not really -- more like you've got one virtual site bound to *:80 which only lives to redirect everything to *:443. Render unto infrastructure what is infrastructure's so to speak.

  8. #8
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,656
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    cp,

    {HTTPS} can only have "on" or is null therefore "off" should never match. Okay, at least that's the way it was years ago when I learned to match "on" or "not on" ... but I preferred to use the {SERVER_PORT} and match either 80 or 443 as that would always work.

    If anyone know that {HTTPS} has been changed ("on" or "off|null"), please show a link to Apache.org where this is specified.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  9. #9
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,162
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dklynn View Post
    cp,

    {HTTPS} can only have "on" or is null therefore "off" should never match. Okay, at least that's the way it was years ago when I learned to match "on" or "not on" ... but I preferred to use the {SERVER_PORT} and match either 80 or 443 as that would always work.

    If anyone know that {HTTPS} has been changed ("on" or "off|null"), please show a link to Apache.org where this is specified.

    Regards,

    DK
    No idea if I am mis-reading this:
    HTTPS
    Will contain the text "on" if the connection is using SSL/TLS, or "off" otherwise. (This variable can be safely used regardless of whether or not mod_ssl is loaded).
    source: http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html

  10. #10
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,656
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    cp,

    OMG! Things have changed. Thanks for that!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •