0

Something is redirecting my https traffic on all pages to http. I can not find the error in .conf file or .htaccess. Everything I have tried to force https has failed. Something is overriding my efforts and sending everything back to http. Example: https://www.tjoselfstorage.com/admin

Here is .conf file

<VirtualHost *:80>
    DocumentRoot /var/www

    <Directory />
        Options FollowSymLinks
        AllowOverride All
    </Directory>

    # staging htpasswd protection
    <Directory /var/www/>
        SetEnvIfNoCase always_match ^ CARET_ENV=live
        Options -Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:443>
    DocumentRoot /var/www

    <Directory />
        Options FollowSymLinks
        AllowOverride All
    </Directory>

    # staging htpasswd protection
    <Directory /var/www/>
        SetEnvIfNoCase always_match ^ CARET_ENV=live
        Options -Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/20f8a253809bd7bd.crt
    SSLCertificateKeyFile /etc/apache2/ssl/www.tjoselfstorage.com.key
    SSLCertificateChainFile /etc/apache2/ssl/gd_bundle-g2-g1.crt
</VirtualHost>

Here is my .htaccess

    RewriteEngine on

RewriteCond %{ENV:CARET_ENV} live [NC]
RewriteCond %{HTTP_HOST} !^www.tjoselfstorage.com$ [NC]
RewriteCond %{HTTP_HOST} ((.*).(org|net|com)|(.*).(.*).(org|net|com)|[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}) [NC]




# Remove trailing slashes
RewriteCond %{REQUEST_URI} !^/$
RewriteCond %{REQUEST_FILENAME} !__\^.php
RewriteRule ^(.*)/$ /$1 [R=301,L]

# serve thru caret if the file doesn't exist
RewriteCond %{REQUEST_FILENAME} !-f [OR]
# or if the file does exist but isn't a static resource (CSS, images, JS, etc)
RewriteCond %{REQUEST_FILENAME} !resources
# and make sure we're not already directing to caret (handles additional loops through this htaccess file)
RewriteCond %{REQUEST_FILENAME} !__\^.php
RewriteRule (.*) \__\^.php/$0 [L]
Dayna Dukett
  • 1
  • 1

1 Answers1

0

Your PHP Application is:

curl -Ik https://www.tjoselfstorage.com/admin
HTTP/1.1 302 Found
Date: Sun, 14 Jan 2018 04:32:08 GMT
Server: Apache/2.2.20 (Ubuntu)
X-Powered-By: PHP/5.3.6-13ubuntu3.6  <---------------!!! here!!!!
Set-Cookie: PHPSESSID=dsaapjf4cml9fdcblbjf9p9550; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Status-Code: 301
Location: http://www.tjoselfstorage.com/account/login?redirect=%2Fadmin
Vary: Accept-Encoding
Content-Type: text/html

Sidenotes:
<Directory /> points to your ROOT / in your filesystem. You should not use that in virtualhost, but rather in server config and with deny all.

What you certainly want is:
<Directory /path/to/documentroot>

You should not be using .htaccess if you are the admin of the web site. .htaccess is not a rewrites depot, it is a means for non-admin users to configure specific directories, right now you are allowing any .htaccess in your whole filesystem to be read and interpreted by httpd. Quite insecure and slow.

Daniel Ferradal
  • 2,727
  • 1
  • 13
  • 19
  • So, I am a little confused to what I should update. Are you saying to just update my directory root path to and remove the rewrites in .htaccess? – Dayna Dukett Jan 15 '18 at 14:28