10

I have a simple .htaccess file that works great on the http version of the site but not when I go to https. Why?

RewriteEngine on
#This is so if the file exists then use the file
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ %{REQUEST_FILENAME} [L]

#These conditions check if a file or folder exists just for reference
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d

#if someone adds ".php" to the slug get rid of it
RewriteRule ^(.*)\.php$ $1  

#don't add the [R] here because we don't want it to redirect
RewriteRule ^(.*)$ index.php?id=$1 [L,QSA]
Sheldon McGee
  • 441
  • 1
  • 7
  • 14

4 Answers4

20

There's not 100% enough info here to go on, but in the usual default SSL setup (Red Hat/CentOS/Fedora e.g.) the VirtualHost for SSL is set up in it's own container. The use of mod_rewrite requires at a minimum "AllowOverride FileInfo" to be set on the document root for it to act.

Check your config for SSL (/etc/httpd/conf.d/ssl.conf by default), ensure that it looks something like:

DocumentRoot /var/www/html
<Directory /var/www/html>
  AllowOverride FileInfo
</Directory>

The default for AllowOverride is 'None', so any other setting (such as 'All') which adds FileInfo capabilities is OK.

http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride

  • 1
    I can't see /etc/httpd/conf.d/ssl.conf in my linux, how to find it ? – Ashok KS Aug 21 '14 at 10:45
  • 1
    (1) You might need to search for the conf file.. For example, on some systems it's `/etc/apache2/sites-enabled/default-ssl.conf` (2) To be super-clear, if you're still having issues, try `AllowOverride All` instead of `AllowOverride FileInfo`. Once you get it working, you can read the Apache `AllowOveride` docs in detail to limit access more specifically to maximize security. (3) Remember you must restart apache for settings to take effect. – SilentSteel Jul 10 '16 at 15:12
4

Could it be possible that mod_rewrite is not enabled for the HTTPS server, or that the .htaccess is not being used?

Check the AllowOveride permissions in use for the regular site and compare against the SSL version, probably a discrepancy. Probably introduced to improve security, if not an accident.

mod_rewrite is next to essential though, so any decent hosting provider should help sort this out.

Orbling
  • 298
  • 5
  • 8
1

"working on apache2 + ubuntu precise"

A similar problem occured to me while I was using Slim framework and trying to remove the index.php required in the url. The reWrite worked perfectly for http but for https: it was showing url not found, which meant that the reWrite was not working.

After some hit-n-trial , I came up with this solution: 

 cd /etc/apache2/sites-enabled
 sudo vim default-ssl

Change AllowOverride None to All. Similarly sudo vim ssl

mareenator
  • 111
  • 3
0

I had similar problem, this is what worked for me.

In your httpd.conf, make sure you have both:

ServerName domain.com

ServerAlias www.domain.com

Yoni Hassin
  • 95
  • 3