On a web site, customer need to redirect all pages to HTTPS, but want to keep files in one of the folder on HTTP.
For this, i used following in .htaccess file.
|
1 2 3 4 |
RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} !^/auth/.* RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] |
Here any url like yourdomain.extn/auth/ will not get redirected to HTTPS.
See Redirect
It is better to make web site available with one URL. Many sites work with both wwww and non-www (naked domain) urls.
Using www or non-www is personal choice. One advantage of using wwww for URL is when you have lot of sub domains. If you use non-www url, cookies set by the domain will be available to sub domains. This will increase bandwidth usage as cookie need to be sent with every request browser make to web server.
If you are using Apache web server, you can redirect wwww to non-www url by adding following code in .htaccess file
|
1 2 3 |
RewriteEngine On RewriteCond %{HTTP_HOST} ^www.yourdomain.com [NC] RewriteRule ^(.*)$ https://yourdomain.com$1 [L,R=301] |
Redirect non-www to www
|
1 2 3 |
RewriteEngine On RewriteCond %{HTTP_HOST} ^yourdomain.com [NC] RewriteRule ^(.*)$ https://www.yourdomain.com$1 [L,R=301] |
If you use Nginx, it is better create a server entry for www URL, then set a redirect
|
1 2 3 4 |
server { server_name www.yourdomain.com; return 301 $scheme://yourdomain.com$request_uri; } |
If you want to use same server entry for www and non-www, add following code to nginx server entry for the web site.
Redirect www domain to non-www
|
1 2 3 |
if ( $host != 'yourdomain.com' ) { return 301 https://yourdomain.com$request_uri; } |
If you use custom ports, use
|
1 2 3 |
if ( $host != 'yourdomain.com' ) { return 301 https://yourdomain.com:$server_port$request_uri; } |
Redirect Naked Domain to www
|
1 2 3 |
if ( $host != 'www.serverok.in' ) { return 301 https://serverok.in$request_uri; } |
Related Posts
A web site had vlunerability, all allowed hacker to upload backdoor script to “uploads” folder used by the script.
As a quick fix, i disabled PHP execution from “uploads” folder. Doing this for any site is a good dea when if your site is not vlunerable at the moment.
Method 1
To disable PHP execution, create a file with name .htaccess
|
1 |
vi .htaccess |
Add
|
1 |
php_flag engine off |
Method 2
In .htacess, add
|
1 |
RewriteRule ^.*\.php$ - [F,L] |
See htaccess
Redirect domain to SSL (HTTPS)
|
1 2 3 |
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L] |
Or
|
1 2 3 |
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L] |
Redirect a Page to another
|
1 |
RedirectMatch 301 ^/old-page\.php$ /new-page.php |
You can also use
|
1 |
Redirect 301 /old-page.php https://domain.com/new-page.php |
