SitePoint Sponsor

User Tag List

Page 2 of 3 FirstFirst 123 LastLast
Results 26 to 50 of 52
  1. #26
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    638
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    This is the cde they gave me before saying you can't direct https to http.
    RewriteCond %{SERVER_PORT} 443
    RewriteRule ^(.*)$ http://xyz.com/404.html$1 [R,L]

    I'll call them again and start over, and see what happens.

  2. #27
    SitePoint Wizard bronze trophy Jeff Mott's Avatar
    Join Date
    Jul 2009
    Posts
    1,312
    Mentioned
    19 Post(s)
    Tagged
    1 Thread(s)
    Other people seem to have had success redirecting from https to http, so I'm not sure what to tell ya. Something funky is going on with your host.
    "First make it work. Then make it better."

  3. #28
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    638
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    They said the problem is being on a shared server - other people on the server are using https.

  4. #29
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    638
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I tried
    RewriteCond %{SERVER_PORT} ^443$
    RewriteRule oldproduct - [G,NC]

    Didn't help.

  5. #30
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    638
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I got a manager on the line. He says it's normal for this to occur because my site is on a shared server. He says I have to rent an IP address and start SSL service in order to give google a 404 error for one of https or http.

    What webhost do you prefer? Maybe Bluehost isn't worth the trouble.

  6. #31
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    638
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I put in all the different codes this time:
    RewriteCond %{SERVER_PORT} ^443$
    RewriteRule ^robots\.txt$ robots_ssl\.txt

    RewriteCond %{SERVER_PORT} ^443$
    RewriteRule ^robots\.txt$ 404\.html [R=404,L]

    RewriteCond %{SERVER_PORT} ^443$
    RewriteRule ^robots\.txt$ nohttpsatall\.html

    RewriteCond %{SERVER_PORT} ^443$
    RewriteRule oldproduct - [G,NC]

    Also, in robots_ssl\.txt I put in

    User-agent: Googlebot
    Disallow: /

    User-agent: *
    Disallow: /

    instead of just

    User-agent: *
    Disallow: /

    I know it's pathetic and desperate, good enough to insult any decent apache programmer, but I did it for two reasons, 1) I read Google saying it will read any and all files it reaches, that would include any htaccess file, and 2) one time I was given code to put in my htaccess file that had an shtml address instead of html and google webmaster was asking me where the shtml file was. So maybe its robots were programmed to look for information on https. One wishful sign is that in just the few days I was trying the different codes, the number of https files google thinks exists dropped from 18 to 14.

  7. #32
    SitePoint Wizard bronze trophy Jeff Mott's Avatar
    Join Date
    Jul 2009
    Posts
    1,312
    Mentioned
    19 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by Chris77 View Post
    I put in all the different codes this time:
    This makes me wonder... what behavior are you now seeing when you visit https://xyz.com/robots.txt, and is it the behavior you wanted?

    Quote Originally Posted by Chris77 View Post
    I read Google saying it will read any and all files it reaches, that would include any htaccess file
    Apache's default configuration is such that htaccess files will never be served, so Google will never reach them.
    "First make it work. Then make it better."

  8. #33
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    638
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    For https robots page, from Firefox I get "This Connection is Untrusted". If you choose "I understand the risks" and allow it to ad an exception, it takes you nowhere but leaves you at https://xyz.com/robots.txt. But if I go to my home page and add the s, I get the same untrusted/exception stuff but once through that it takes mt to the non https address and adds the main domain of my webhost account - http://xyz.maindomain.com.

    If you can think of some htaccess code that you could put in your htaccess file that contains .shtml (assuming you don't use shtml in the code for that site), wait about 2 weeks, and you'll see it in google webmaster saying it got a 404 error for .shtml. Give it a try.

    Thanks

  9. #34
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,672
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    C77,

    The way that this thread has degenerated (and the poor responses from your host), I will simply reiterate my advice to look at the examples near the end of my tutorial for forcing http or https depending upon the files' requirements. Since you do NOT have a dedicated IP address (a requirement for your own SSL certificate), there is NO reason for you to use https at all (and you really should force http (port 80) on any https request received by your account. If you have any questions, please PM me directly.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  10. #35
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    638
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I looked at your regex trick. How about this:

    RewriteCond %{HTTPS} on [NC]
    RewriteRule !^$ http://%{HTTP_HOST}%{REQUEST_URI} [R=401,L]

    since I don't have any https pages and would like to incur a 404. No idea what ! before ^ means.

  11. #36
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    638
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I found this info,
    "The best practice is to install the secure certificate on a dedicated subdomain, such as secure.example.com This also avoids having all your regular urls resolve as https - historically that has caused duplicate url problems in Google "
    on this site http://www.webmasterworld.com/google/3411545.htm

  12. #37
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,672
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    C77,

    The "regex trick" is overly complicated but your approach seems good - with three comments:

    Code:
    RewriteCond %{HTTPS} on [NC] 
    # you don't need the No Case flag; Apache knows it will give the "on" in lowercase letters.
    RewriteRule  !^$ http://%{HTTP_HOST}%{REQUEST_URI} [R=401,L] 
    # not null? IMHO, it's better to guarantee a match with ".?" which does the same thing but far cleaner.
    # Of course, do NOT use the quotes I've shown!
    # I would use R=301 to show a PERMANENT redirection (so SE's will update their database)
    The ^ is the start anchor metacharacter. It has no width but denotes the beginning of the string which, by definition, is the %{REQUEST_URI} in a RewriteRule.

    Quote Originally Posted by Chris77 View Post
    I found this info,
    "The best practice is to install the secure certificate on a dedicated subdomain, such as secure.example.com This also avoids having all your regular urls resolve as https - historically that has caused duplicate url problems in Google "
    on this site http://www.webmasterworld.com/google/3411545.htm
    And you believed that nonsense? I thought you wanted to let people trying to access your website via a secure server know that your content is NOT to be accessed in that manner (it would be through your host's certificate so it would throw error after error for cert mismatch). You've gone about it the right way so PLEASE don't be distracted with MISinformation.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  13. #38
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    638
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    How about this?
    RewriteCond %{HTTPS} on
    RewriteRule .?http://%{HTTP_HOST}%{REQUEST_URI} [R=401,L]

  14. #39
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    638
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    That code had no effect, still got "untrusted" from firefox, once through the warning still got directed to http with main domain added.

  15. #40
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,672
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    C77,

    I don't know if it's a typo or something about the forum but there was a space missing after the ? in your RewriteRule. While I would have expected a syntax error like that to throw a 500 error, there may be a configuration error on the server (are you sure mod_rewrite's enabled?).

    Otherwise, I'd STILL recommend a response code of 301 so that SE's will update their https to http links. After all, when you provide a good link to a script, it should get a 200 code, not a 404. The 301 tells SE's that the redirection is permanent.

    If there is a problem with the server or mod_rewrite's not enabled, you might add PHP code to your header.php script to ensure that it's running in a non-secure server. If you need help with that, feel free to PM me. Having said that, though, the first line of defense should be mod_rewrite.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  16. #41
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    638
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I also had 401 in there instead of 404.
    The corrected code made no difference.
    This is what my webhost wrote a few days ago.

    I have looked into this issue and found that the ssl cert that the sites are loading is the one that belongs to the server that your account is hosted on. I consulted with an escalation tech and was told that unfortunately there is not a way to turn off that notification for your account.

    a day later
    If you had a dedicated IP, then we may be able to close port 443. But that wouldn't redirect anyone, they just wouldn't connect.

    The bottom line is that on shared servers, http users carry a burden for https users. The burden appears to be an "error" designed to create business.

    this code
    RewriteCond %{SERVER_PORT} ^443$
    RewriteRule ^robots\.txt$ robots_ssl\.txt [L]

    appears to be the only code that can do what it was written to do.

  17. #42
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,672
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    C77,

    That seems to be a lot of nonsense from you host - care to name them?

    IF they have enabled mod_rewrite AND allowed you to change .htaccess (or whatever they may have renamed it as), then

    Code:
    RewriteEngine on
    RewriteCond %{SERVER_PORT} ^443$
    RewriteRule .? http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    is all you need to redirect from their secure server and tell SE's to update because that redirection is permanent.

    If that does not work, I'd strongly recommend finding a good host (I always add the recommendation for my host, WebHostingBuzz.com or .uk, but any good host would do the trick for you).

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  18. #43
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    638
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I didn't see that code in your tutorial article. I couldn't get it to work. I used it for both htaccess files. I have RewriteEngine on as the first line in each of the htaccess files. I named the webhost on this page. I'll look into the webhost you suggest.

  19. #44
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    638
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I put in canonicals for the 14 pages. Hopefully google will see that the https pages are exactly the same in content and extremely similar in address to the http versions, and so dump the https pages.

  20. #45
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,672
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    C77,

    So it was Bluehost which gave you the nonsensical answers about their shared https? Shame on them (if you confirm they are your present host)!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  21. #46
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    638
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    It's them. What reason would they have to do this?

  22. #47
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,672
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    C77,

    Nothing I can imagine. To me, it's insane (and an excellent reason to leave Bluehost - RUNNING!).

    Okay, that said, I offer to share my secure server with my clients but that means that they must link to https://{my_domain}/{client_domain}/{secure_page} which is NOT what you've encountered.

    In fact, what Bluehost seems to be doing is diluting the value of a secure server by forcing everyone to use it! If that isn't insane, they should explain it to their clients (which I will never be with a stunt like this).

    If there is a Bluehost rep crawling this board, would you care to explain the "logic" of this to us here?

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  23. #48
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    638
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    This is their reply they sent to me saying their reply is a reply they found on google groups:
    Google is simply providing information about the server response for https access to your url. If it responds but the SSL cert does not match the domain, the warning tells you that.

    All this means is that the server has port 443 enabled so that https can be accessed on it. There is an SSL cert on the server but it is not for your specific site, hence the warnings you'd get when trying to access your domain's url using https.

    Hosters typically install a self-signed SSL cert applicable to the server but not to any specific website on the server in order to facilitate certain backend functions that may require https (Cpanel, WHM, webmail, etc).

    If your site does resolve via https (warning aside), then you can 301 redirect https to http on your site unless you prefer to get your own SSL cert so as to get rid of the browser warning.

    If your https url does not resolve to your actual site (after accepting the warning), then you cannot do anything about it except ask the hoster if they can close port 443."

  24. #49
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    638
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    DK, does that sound right to you?

  25. #50
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,672
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    C77,

    Sorry, been away for a while.

    No, it does NOT sound correct. Certs are assigned to domains and, if your domain does not have a cert, it should not be able to provide any response via port 443.

    I share my cert with my clients but, to gain access via HTTPS, I must request MY domain with their subdirectory and file. That is certainly not what has been described to you. My clients cannot use HTTPS to gain access to their domain (directly).

    Again, though, if there is a Bluehost rep running around this board, please step up and tell me (and Chris77) where I'm going wrong.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •