2

Per: https://exp-resso.com/blog/post/2011/08/securing-your-expressionengine-website-with-https

RewriteEngine On RewriteCond %{HTTPS} off RewriteCond $1 ^(member|account|checkout|system) [NC] RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This tells your server “If HTTPS is off, and the request starts with member OR account OR checkout OR system (not case sensitive), redirect to https://current-domain/current-page”. It’s a nice simple method of locking down entire subfolders / template groups.

I've added this to my htaccess file like this:

<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} off RewriteCond $1 ^(sign-in|sign-up) [NC] RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </IfModule>

However, when I go to my http://mydomain.com/sign-in, the URL doesn't change to https://mydomain.com/sign-in. Any idea what's wrong?

EDIT 1:

My htaccess also has the following (to remove "www") and I wonder if having both might be causing the problem?

RewriteCond %{HTTPS} !=on RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]

EDIT 2:

Process of elimination, it turns out this is causing the problem:

<IfModule mod_rewrite.c> RewriteEngine On # Removes index.php from ExpressionEngine URLs RewriteCond $1 !\.(gif|jpe?g|png)$ [NC] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ /index.php/$1 [L] </IfModule>

When I comment out the RewriteRule, the https:// is forces. What's causing the conflict?

Improve this question
1
  • Any reasons why you use .htaccess style files instead of the normal configuration? Those files are error prone, slow everything down and are hard to debug. Commented Nov 23, 2013 at 10:30

3 Answers 3

Reset to default
1

Try to put (sign-in|sign-up) condition inside RewriteRule:

RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(sign-in|sign-up)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,NC,R=301]
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

@StackOverflowNewbie Are you sure, that mod_rewrite is on? Does any redirect work?
@StackOverflowNewbie I tested it here: htaccess.madewithlove.be and it worked.
When I use this, it works (https everything): RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
@StackOverflowNewbie This redirect must work only for 2 pages: /sign-in and /sign-up. Doesn't it work?
@StackOverflowNewbie remove www condition for a while for pure testing
|
0

What about this? (If port == 80 then redirect )

RewriteEngine on RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} member [OR] RewriteCond %{REQUEST_URI} account [OR] RewriteCond %{REQUEST_URI} checkout [OR] RewriteCond %{REQUEST_URI} system RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
Improve this answer

1 Comment

Is RewriteEngine On necessary? Do I just copy the RewriteCond $1 ^(member|account|checkout|system) [NC] above the RewriteRule?
0

First make sure that rewrite works on your server and that the htaccess is read (e.g. by issuing a redirect on every URL).

Then use RewriteCond %{REQUEST_URI} ^/(sign-in|sign-up) instead of RewriteCond $1 ^(sign-in|sign-up) [NC]

It works and is easier to read too

So you htaccess should look like this

RewriteEngine On RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_URI} ^/(sign-in|sign-up) [NC] RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.