https:// mod rewrite redirect

[Banana Man]

Hi,

I am having problem with a mod_rewrite redirect from http:// to https:// for my login and register pages. It redirects as expected but the included css file on the https:// pages does not work when viewing the page in Google Chrome on my Mac. On these pages i am calling the https:// version of the css file and all other included resources. If i navigate to the https:// version of these pages without the mod_rewrite code it brings in the css file as expected. It seems the mod_rewrite is having a conflict somewhere. It works fine in other browsers.

Anyone know what's going on with all this?

Thanks

Code:

Options +FollowSymLinks
RewriteEngine On

# redirect non www. to www. domain

RewriteCond %{HTTP_HOST} ^mysite.com
RewriteRule (.*) http://www.mysite.com/$1 [R=301,L]



# My server automatically adds a PHP Session ID to URL's so this needs to be switched off

php_flag session.use_trans_sid off
php_flag session.use_only_cookies on



# force https secure URL for sensitive pages
RewriteCond %{HTTPS} !on
RewriteCond %{SCRIPT_FILENAME} (login|register).php$
RewriteRule (.*) https://www.mysite.com/$1 [R,QSA,L]

# force http:// non-secure URL for normal pages
RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !(login|register).php$
RewriteRule (.*) http://www.mysite.com/$1 [R,QSA,L]


# Mod Rewrite URL's
# News
RewriteRule news/([A-Za-z0-9-]+)-([0-9]+) news/index.php?dynamic_url=$1&row_id=$2
# Articles
RewriteRule nutrition-advice/([A-Za-z0-9-]+)-([0-9]+) nutrition-advice/index.php?dynamic_url=$1&row_id=$2
# Farmer
RewriteRule your-farmers/([A-Za-z0-9-]+)-([0-9]+) your-farmers/index.php?farmer_url=$1&row_id=$2


# Remove the file extension from URL's.  THIS MUST BE PLACED AFTER THE MOD REWRITE CODE
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ $1.php [L,QSA]

[dklynn]

B M,

The problem is that you're enforcing https on your two scripts and http on EVERYTHING else. Note the "EVERYTHING"? Sorry, just a rehash of my loathing of the inappropriate use of the EVERYTHING atom. Try this (and remember to escape your dot characters in regex):

Code:

# PROBABLY not necessary as it's usually in httpd.conf already
# Try without then add it back if necessary
Options +FollowSymLinks
RewriteEngine On

# redirect non www. to www. domain
# Fine as is EXCEPT for the lack of No Case flag
RewriteCond %{HTTP_HOST} ^mysite\.com [NC]
# I'd not create a new variable for this as {REQUEST_URI} is what you're capturing
RewriteRule (.*) http://www.mysite.com/$1 [R=301,L]
RewriteRule .? http://www.mysite.com%{REQUEST_URI} [R=301,L]

# My server automatically adds a PHP Session ID to URL's so this needs to be switched off
# Because Apache handles mod_rewrite LAST,
# I'd move the following to the TOP (before RewriteEngine on)

php_flag session.use_trans_sid off
php_flag session.use_only_cookies on



# force https secure URL for sensitive pages
RewriteCond %{HTTPS} !on
# WHY duplicate what you can do in the rule?
# ... UNLESS they're not in the root directory (co-located with this .htaccess)
RewriteCond %{SCRIPT_FILENAME} (login|register)\.php$
RewriteRule (login|register).php$ https://www.mysite.com/$1.php [R,QSA,L]

# force http:// non-secure URL for normal pages
# Change this to PHP scripts and it'll be fine (without the redundant condition)
RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !(login|register).php$
RewriteRule !\.php$ http://www.mysite.com%{REQUEST_URI} [R=301,L]
# QSA is redundant as you're not adding/altering any query string


# Mod Rewrite URL's
# News
RewriteRule news/([A-Za-z0-9-]+)-([0-9]+) news/index.php?dynamic_url=$1&row_id=$2
# Articles
RewriteRule nutrition-advice/([A-Za-z0-9-]+)-([0-9]+) nutrition-advice/index.php?dynamic_url=$1&row_id=$2
# Farmer
RewriteRule your-farmers/([A-Za-z0-9-]+)-([0-9]+) your-farmers/index.php?farmer_url=$1&row_id=$2
# No Last flags? Why not? There is no need to progress any further
# so you're only delaying the mod_rewrite recycle

# Also I must trust that the hyphens (dashes) in the character range definition will
# not cause confusion with the hyphen (dash) between your first and second atom 

# Remove the file extension from URL's.  THIS MUST BE PLACED AFTER THE MOD REWRITE CODE
# Remove? This ADDs the .php file extension
# ... and you're still NOT altering the query string so QSA is still not required
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ $1.php [L,QSA]

Anyone know what's going on with all this?

Yes, as commented. Okay, maybe I'm being pedantic but, if you can learn from this, so can others. Not a bad job in general but the logic was faulty with the force http (which was causing the problem you were posting about) and some of the conditions used.

Regards,

DK

[Banana Man]

Thanks dklynn. As usual your a mind of information on mod_rewrite! On my holidays at the moment but i'll give this a try later in the week.

[dklynn]

BM,

What is a holiday? I haven't had a day of rest in ... well, I can't admit to that as I did take a week off in OZ last month. Enjoy a safe and sane (sober) New Year before tackling that. Once you've made and tested your corrections, please post the result and I'll be happy to help you through whatever you missed.

Regards,

DK