0

There are other posts discussing HTTP to HTTPS redirection but none of hem answer this question.

I have an XCART website and want to direct ALL traffic to https in the htaccess file.

The rewrite section currently looks like this, which I believe is the xcart method of enabling clean uls. Note I have commented out the HTTPS redirection code.

<IfModule mod_rewrite.c>
RewriteEngine On

# RewriteCond %{HTTPS} =off [NC]
# RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteBase /

RewriteCond %{REQUEST_URI} !^/(payment|admin|provider|partner)/
RewriteCond %{REQUEST_FILENAME} !\.(gif|jpe?g|png|js|css|swf|php|ico)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.*)$ dispatcher.php [L]

</IfModule>

If I uncomment the HTTPS redirection condition & rule I get a redirect loop when trying to load any HTTP urls. I have tried lots of variations - putting the redirect after the second rule, changing the syntax. Nothing works. Perhaps it isn't possible to combine the XCART clean url feature (redirecting to dispatcher.php) with a universal HTTP to HTTPS redirection.

In the meantime, I have included the following HSTS header which forces temporary HTTPS usage but which isn't a redirect. I'd prefer a redirect...

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
jdk
  • 143
  • 7
  • What if you just go directly to an https URL with your redirect commented out? Does XCART's dispatcher redirect you? – Jon Lin Sep 12 '14 at 16:02
  • no with the version of the https rewrite rule above the https urls are fine, it's just http requests that form a loop. Though I've had variations on the https rewrite that do mess up https urls too. – jdk Sep 13 '14 at 00:26
  • Sorry Jon I misunderstood your comment. YES dispatcher rewrites the urls properly when in HTTPS mode. Just not in HTTP. All httpd urls result in a redirect loop. – jdk Sep 15 '14 at 08:42

0 Answers0