SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Addict Banana Man's Avatar
    Join Date
    Dec 2005
    Posts
    391
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    https:// mod rewrite redirect

    Hi,

    I am having problem with a mod_rewrite redirect from http:// to https:// for my login and register pages. It redirects as expected but the included css file on the https:// pages does not work when viewing the page in Google Chrome on my Mac. On these pages i am calling the https:// version of the css file and all other included resources. If i navigate to the https:// version of these pages without the mod_rewrite code it brings in the css file as expected. It seems the mod_rewrite is having a conflict somewhere. It works fine in other browsers.

    Anyone know what's going on with all this?

    Thanks

    Code:
    Options +FollowSymLinks
    RewriteEngine On
    
    # redirect non www. to www. domain
    
    RewriteCond %{HTTP_HOST} ^mysite.com
    RewriteRule (.*) http://www.mysite.com/$1 [R=301,L]
    
    
    
    # My server automatically adds a PHP Session ID to URL's so this needs to be switched off
    
    php_flag session.use_trans_sid off
    php_flag session.use_only_cookies on
    
    
    
    # force https secure URL for sensitive pages
    RewriteCond %{HTTPS} !on
    RewriteCond %{SCRIPT_FILENAME} (login|register).php$
    RewriteRule (.*) https://www.mysite.com/$1 [R,QSA,L]
    
    # force http:// non-secure URL for normal pages
    RewriteCond %{HTTPS} on
    RewriteCond %{SCRIPT_FILENAME} !(login|register).php$
    RewriteRule (.*) http://www.mysite.com/$1 [R,QSA,L]
    
    
    # Mod Rewrite URL's
    # News
    RewriteRule news/([A-Za-z0-9-]+)-([0-9]+) news/index.php?dynamic_url=$1&row_id=$2
    # Articles
    RewriteRule nutrition-advice/([A-Za-z0-9-]+)-([0-9]+) nutrition-advice/index.php?dynamic_url=$1&row_id=$2
    # Farmer
    RewriteRule your-farmers/([A-Za-z0-9-]+)-([0-9]+) your-farmers/index.php?farmer_url=$1&row_id=$2
    
    
    # Remove the file extension from URL's.  THIS MUST BE PLACED AFTER THE MOD REWRITE CODE
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ $1.php [L,QSA]

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,653
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    B M,

    The problem is that you're enforcing https on your two scripts and http on EVERYTHING else. Note the "EVERYTHING"? Sorry, just a rehash of my loathing of the inappropriate use of the EVERYTHING atom. Try this (and remember to escape your dot characters in regex):

    Code:
    # PROBABLY not necessary as it's usually in httpd.conf already
    # Try without then add it back if necessary
    Options +FollowSymLinks
    RewriteEngine On
    
    # redirect non www. to www. domain
    # Fine as is EXCEPT for the lack of No Case flag
    RewriteCond %{HTTP_HOST} ^mysite\.com [NC]
    # I'd not create a new variable for this as {REQUEST_URI} is what you're capturing
    RewriteRule (.*) http://www.mysite.com/$1 [R=301,L]
    RewriteRule .? http://www.mysite.com%{REQUEST_URI} [R=301,L]
    
    # My server automatically adds a PHP Session ID to URL's so this needs to be switched off
    # Because Apache handles mod_rewrite LAST,
    # I'd move the following to the TOP (before RewriteEngine on)
    
    php_flag session.use_trans_sid off
    php_flag session.use_only_cookies on
    
    
    
    # force https secure URL for sensitive pages
    RewriteCond %{HTTPS} !on
    # WHY duplicate what you can do in the rule?
    # ... UNLESS they're not in the root directory (co-located with this .htaccess)
    RewriteCond %{SCRIPT_FILENAME} (login|register)\.php$
    RewriteRule (login|register).php$ https://www.mysite.com/$1.php [R,QSA,L]
    
    # force http:// non-secure URL for normal pages
    # Change this to PHP scripts and it'll be fine (without the redundant condition)
    RewriteCond %{HTTPS} on
    RewriteCond %{SCRIPT_FILENAME} !(login|register).php$
    RewriteRule !\.php$ http://www.mysite.com%{REQUEST_URI} [R=301,L]
    # QSA is redundant as you're not adding/altering any query string
    
    
    # Mod Rewrite URL's
    # News
    RewriteRule news/([A-Za-z0-9-]+)-([0-9]+) news/index.php?dynamic_url=$1&row_id=$2
    # Articles
    RewriteRule nutrition-advice/([A-Za-z0-9-]+)-([0-9]+) nutrition-advice/index.php?dynamic_url=$1&row_id=$2
    # Farmer
    RewriteRule your-farmers/([A-Za-z0-9-]+)-([0-9]+) your-farmers/index.php?farmer_url=$1&row_id=$2
    # No Last flags? Why not? There is no need to progress any further
    # so you're only delaying the mod_rewrite recycle
    
    # Also I must trust that the hyphens (dashes) in the character range definition will
    # not cause confusion with the hyphen (dash) between your first and second atom 
    
    # Remove the file extension from URL's.  THIS MUST BE PLACED AFTER THE MOD REWRITE CODE
    # Remove? This ADDs the .php file extension
    # ... and you're still NOT altering the query string so QSA is still not required
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ $1.php [L,QSA]
    Anyone know what's going on with all this?
    Yes, as commented. Okay, maybe I'm being pedantic but, if you can learn from this, so can others. Not a bad job in general but the logic was faulty with the force http (which was causing the problem you were posting about) and some of the conditions used.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Addict Banana Man's Avatar
    Join Date
    Dec 2005
    Posts
    391
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Thanks dklynn. As usual your a mind of information on mod_rewrite! On my holidays at the moment but i'll give this a try later in the week.

  4. #4
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,653
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    BM,

    What is a holiday? I haven't had a day of rest in ... well, I can't admit to that as I did take a week off in OZ last month. Enjoy a safe and sane (sober) New Year before tackling that. Once you've made and tested your corrections, please post the result and I'll be happy to help you through whatever you missed.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •