0

I'm trying to force HTTPS using the .htaccess of a site running expression engine. As of right now you are able to go to the site using https:// but when i add any of these rules it presents a redirect loop.

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

or

RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

or

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://mydomain.com/$1 [R,L]

and also this fancy one

RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

and I've also tried rearranging all the rules on each of them so I'm pretty sure it has something to do with the conditions matching when they shouldn't.

I've also read some things about load balancers redirecting things counter to the .htaccess from here: .htaccess redirect loop when trying to add forced HTTPS rule (Amazon Elastic Beanstalk) and here: https://serverfault.com/questions/283525/force-ssl-on-one-page-via-htaccess-without-looping

i think my client is using inmotion hosting but I don't have access to the load balancer settings so I want to make sure that is the problem.

here is the entire htaccess. I removed some of the default expression engine stuff, but it was also not working before I did that.

<IfModule mod_rewrite.c>
# Enable Rewrite Engine
# ------------------------------
RewriteEngine On
RewriteBase /

# RewriteCond %{HTTPS} off
# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

# RewriteCond %{HTTP:X-Forwarded-Proto} !https
# RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

# Redirect index.php Requests
# ------------------------------
RewriteCond %{THE_REQUEST} ^[^/]*/index\.php [NC]
RewriteCond %{THE_REQUEST} ^GET
RewriteRule ^index\.php(.+) $1 [R=301,L]

# Standard ExpressionEngine Rewrite
# ------------------------------
RewriteCond $1 !\.(css|js|images|gif|jpe?g|png) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
</IfModule>

(I have them disabled because the site is live)

Community
  • 1
  • 1
user3544769
  • 1
  • 1

2 Answers2

1

You might be better off posting on the EE Stack Overflow site. Or have a search on it as there's a few answers relating to https and .htaccess

Here's a post I replied to previously with an answer you might want to try: https://expressionengine.stackexchange.com/questions/7601/adding-a-htaccess-redirect-to-https-that-plays-nicely-with-existing-ee-htacces/7659#7659

If this condition didn't work:

RewriteCond %{SERVER_PORT} !^443$

Try this:

RewriteCond %{HTTPS} !=on

Instead of this one:

RewriteCond %{HTTPS} off
Community
  • 1
  • 1
Peter Lewis
  • 1,090
  • 1
  • 9
  • 16
1

I've had the same situation and here's what just worked for me with an EE3 site:

#non-www to www
RewriteCond %{HTTP_HOST} !^www\.domainname\.co.uk$
RewriteRule (.*) https://www.domainname.co.uk/$1 [R=301,L]

# Force HTTPS
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# Removes index.php from ExpressionEngine URLs
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteCond %{REQUEST_URI} !/system/.* [NC]
RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]
IC360 Oliver Cannell
  • 87
  • 1
  • 2