Need rule for https to http redirect

Topics: Developer Forum, Project Management Forum, User Forum
Nov 4, 2010 at 11:27 AM

Hello I am new to ISAPI rewrite and i have configure Ionics Isapi filer on my web server and its working fine for me to redirect non www to www.

below is my code in Iirf.ini file

 

RewriteCond  %{HTTP_HOST}  ^(?!www\.).*mywebsite\.com$
RedirectRule ^/(.*)$       http://www.mywebsite.com/$1         [R=301]

 

Now my issue is that i have web site and wants when user type https://www.mywebsite.com or https://mywebsite.com it will redirect to non https pages like http://www.mywebsite.com.

but i have some pages that required https connection so that i want when users access those pages they will be on the https pages not on the http pages how i can exclude some pages to user https to http redirection

i have pages like accLogin.asp,ACCREGISTER.ASP,ACCINFO.ASP,CHECKOUT.ASP,FREIGHTPROCESS.ASP,SHIPPING.ASP,CCPROCESS.ASP,ORDER.ASP,ADDCARD.ASP,ORDLIST.ASP,ORDSTATUS.ASP

i try this but not success here is my code for this it work fine for all pages work with non https but not working with some specific pages exception.

RewriteCond %{SERVER_PORT} ^443$
RedirectRule ^/(.*)$ http://www.mywebsite.com/$1 [R=301]

All help will appreciated.

Amit

 

Coordinator
Nov 5, 2010 at 9:04 PM

Hello Amit,

This code:

RewriteCond  %{HTTP_HOST}  ^(?!www\.).*mywebsite\.com$
RedirectRule ^/(.*)$       http://www.mywebsite.com/$1         [R=301]

... will redirect for all requests to mysite.net, regardless of the use of http or https.   I think this is not what you want.  You want to redirect to http://www.mysite.com if http was used in the original request, and you want to redirect to https://www.mysite.com if https was used in the original request.

This code:

RewriteCond %{SERVER_PORT} ^443$
RedirectRule ^/(.*)$ http://www.mywebsite.com/$1 [R=301]

...will always redirect a https request to an http URL, which I think is exactly what you DO NOT want.

What you want is to combine the conditions that test for no presense of www, and http/https. You will need two distinct rules. Like so:

# handle non-www HTTPS redirects. Consecutive conditions are implicitly ANDed together.
RewriteCond %{SERVER_PORT} ^443$
RewriteCond  %{HTTP_HOST}  ^(?!www\.).*mywebsite\.com$
RedirectRule ^/(.*)$ https://www.mywebsite.com/$1 [R=301]

# All requests arriving to this point either use www for the hostname, or use 
# HTTP for the protocol. 

# handle non-www non-HTTPS redirects
RewriteCond  %{HTTP_HOST}  ^(?!www\.).*mywebsite\.com$
RedirectRule ^/(.*)$ http://www.mywebsite.com/$1 [R=301]

The first rule will redirect to HTTPS when the original request used https. The second rule will redirect to http when the original request used http.

Good luck.

 

You could combine these using a RewriteMap, but I don't think it would be clearer.

Nov 8, 2010 at 9:43 AM

Hello Cheeso

Thanks for reply. I try it but it not working for me.

my intention is that is anyone use https intentionally on normal pages like https://www.bamboohardwoods.com it will automatic redirect to http://www.bamboohardwoods.com

secondly when he login to web site where it require https then it automatic redirect on https://www.bamboohardwoods.com.

I used this code as per your update

 

RewriteCond %{SERVER_PORT} ^443$
RewriteCond  %{HTTP_HOST}  ^(?!www\.).*bamboohardwoods\.com$
RedirectRule ^/(.*)$ https://www.bamboohardwoods.com/$1 [R=301]

# All requests arriving to this point either use www for the hostname, or use 
# HTTP for the protocol. 

# handle non-www non-HTTPS redirects
RewriteCond  %{HTTP_HOST}  ^(?!www\.).*bamboohardwoods\.com$
RedirectRule ^/(.*)$ http://www.bamboohardwoods.com/$1 [R=301]

 

Thanks again

Amit

 

Coordinator
Nov 9, 2010 at 12:19 PM
Edited Nov 9, 2010 at 4:05 PM

ok, well ...

the way you have now stated your requirement is different from what I understood previously, and the rules I suggested don't do what you want.  If I understand correctly, there are two things you want to do: 

  1. apply a www to any hostname that does not have one
  2. redirect away from https when not authenticating.

For the 2nd requirement, you want to distinguish between the case "when someone intentionally uses https like https://bamboo.com ..."    and the case when someone logs in (authenticates) administratively to the site.

I think in order to distinguish these cases, you need to examine an http header - something that comes in with the request. Normally when a site offers a login, it sets a cookie in the browser, and in the cookie there is a string that indicates the user is authenticated.  If your site is like this, then you'd use a RewriteCond that tested for the presence of this well-known string in the cookie. 

# if not authenticated and using HTTPS, redirect away from https 
RewriteCond %{HTTP_COOKIE} (?!Authenticated=.+)   [I]
RewriteCond %{SERVER_PORT} ^443$
RedirectRule ^/(.*)$ http://www.bamboohardwoods.com/$1 [R=301]

For the www requirement, you can use a simplified version of what I gave you previously.  Based on your updated description, the use of www is independent of the use of http/https. So the simpler rule looks like this:

# redirect to the www host if not already there
RewriteCond  %{HTTP_HOST}  ^(?!www\.).*mywebsite\.com$
RedirectRule ^/(.*)$ http://www.mywebsite.com/$1 [R=301]

 

Nov 9, 2010 at 12:39 PM

Thanks Cheeso,

if i use this then i can't login to web site it show in URL

http://www.bamboohardwoods.com/accLogin.asp?from=CheckCookie&msg=[R=301][R=301]&CookieMsg=200&Ic=&Qty=&EqCode=&Tp=&FgtPass=

Https to http working but it show this message on the url

http://www.bamboohardwoods.com/index.asp?url=IND[R=301]

Coordinator
Nov 9, 2010 at 4:06 PM

I had a typo in the suggested rule above (I've fixed it now).

you need to insert a space between the $1 and the [R=301].

 

Nov 10, 2010 at 5:38 AM

Sorry but no luck.

Is any way i can allow https on some of my pages mean your rule for https to http not working for some of my specified pages.

I know which pages use for customer login and checkout process that req https connection. like account.asp, login.asp

If this will possible then i will be very happy.

 

Thank You.

Coordinator
Nov 10, 2010 at 4:38 PM
Amitsolanki wrote:

Sorry but no luck.

Is any way i can allow https on some of my pages mean your rule for https to http not working for some of my specified pages.

I don't understand your question.  I don't understand your problem.  Those words don't make any sense.

I suggest that you spend some time thinking about things on your end.  Take your time.  Be precise.  Write up some rules.  Try them out.  Play with them.  If they don't do what you expect, take the time to understand why.  Make some modifications to the rules.  Test again.  And so on.  Iterate. Get a feel for how things work. Try different options.  Try the R=301, try different conditions.  Get a feel for it.

Telling me "no luck" is not a way to make progress.  Telling me "it didn't work, now what?"  is also not fruitful.   You need to clearly understand, for yourself, exactly what your requirements are.  You then need to precisely express those requirements in IIRF rules.  Then you need to clearly understand the results you see with those rules.  Then you need to reconcile the difference between your desired results and your actual results, by modifying the rules.  You need to iterate.  I can't do this for you. If you try to involve me in each iteration, you won't solve your problem until 2017.

I can answer questions (if they are expressed in reasonable English syntax). I can make suggestions. I can't read your mind, or magically understand what results you see, and what results you desire.

Good luck!

 

 

Nov 11, 2010 at 12:57 PM

Hello Cheeso,

Firstly sorry for the communication

Secondly I am new to IIRF and rewriting syntax so that I have this type of issue.

Let me explain all from starting what I want with IIRF rewriting tool.

1.      I want my web site must run FQDN like http://www.bamboohardwoods.com  if any users open our web site without using www like http://bamboohardwoods.com then it will be corrected to http://www.bamboohardwoods.com that why we used this rule and it working fine no issue.

 

RewriteCond  %{HTTP_HOST}  ^(?!www\.).*bamboohardwoods\.com$

RedirectRule ^/(.*)$       http://www.bamboohardwoods.com/$1         [R=301]

2.      I want my web site will run without https (SSL) connection on the normal pages like http://www.bamboohardwoods.com if any users intentionally use https(SSL) connection like https://www.bamboohardwoods.com then it must be converted to http://www.bamboohardwoods.com

But we have some web pages that I want to run with https(SSL) connection like https://www.bamboohardwoods.com/account.asp , https://www.bamboohardwoods.com/accLogin.asp and this type some more pages if my specified pages browse on the web site then https to non http rule will not work. I know we have seven to eight pages. Your rule working fine to redirect all https pages to http it was working on the whole web site but I want this rule not apply on the some of the pages how I can restrict this rule for some pages.

 

Thanks for your support and sorry for communication.

Amit

Coordinator
Nov 11, 2010 at 10:25 PM
Edited Nov 12, 2010 at 11:01 AM

ok Amit, very clear.

To exclude some pages from the https-to-http redirection rule, you can apply a rule that appears ABOVE that rule in the iirf.ini file.  This rule should apply to pages like accounts.asp or accLogin.asp, and it should do "nothing".  Including this rule, as well as the www prepend rule, and your https-to-http redirect rule, your complete ini file should look like this, I think:

# rule 1a: redirect to the hostname if someone is using ip address.
RewriteCond  %{HTTP_HOST}   ^[\.0-9]+$
RedirectRule ^/(.*)$        http://www.bamboohardwoods.com/$1     [R=301]

# rule 1b: prepend www to the hostname, when it is not present.
RewriteCond  %{HTTP_HOST}   ^(?!www\.).*bamboohardwoods\.com$
RedirectRule ^/(.*)$        http://www.bamboohardwoods.com/$1     [R=301]


# rule 2: exclude a few pages from any IIRF rules that appear below this one,
# including in particular the https-to-http redirection rule.  The replacement 
# string of dash (-) tells IIRF to "do nothing".  The rule decorated with the [L] 
# (last) modifier to tell IIRF - no more rules processing for this request. 
RewriteRule  ^/(account|accLogin|OtherPageNamesGoHere)\.asp  -    [L]

# rule 3: redirect to http if https is in use
RewriteCond %{SERVER_PORT} ^443$
RedirectRule ^/(.*)$  http://www.bamboohardwoods.com/$1  [R=301]

Now, with rule #2 above, account.asp or accLogin.asp (and you can add others as shown above) will NOT get redirected from https to http. any other page will get redirected to http, if https is in use. This is because rule #2 will "do nothing" and will stop processing rules in the IIRF.ini file, if one of those pages is requested.

Rule 1a and 1b handle hostnames. Rule 1a handles the case where someone specifies an IP address for your server in the URL. In this case the value of HTTP_HOST will be whatever the IP address is (for example, 44.234.1.82). You need to decide what you want to do in this case; I inserted a rule (1a) to redirect to the actual hostname. Rule 1b just prepends www when it is not present, which was your original requirement.

Rule #3 will redirect to http if https is in use, as you desired.

One thing to consider: if someone enters the site as https://bamboohardwoods.com/account.asp, then rule #1b will apply, and the user will be redirected to http://www.bamboohardwoods.com/account.asp. In this case, the www will be prepended, and ALSO the https will be replaced with http. This may be what you want, or it may not, or it may be irrelevant. You'll have to think about that situation and decide.  You may need to change rule #1b if you don't like this behavior.

Good luck.

Nov 12, 2010 at 5:37 AM

Hello Cheeso,

Thank you very much all rules working fine with our web site.

it was really great help providing by you.

 

Thanks again

Amit

 

Coordinator
Nov 12, 2010 at 1:53 PM

I'm glad I was able to help.

good luck!

Feb 28, 2011 at 4:33 PM

Hello Cheeso,

How are you? assume you are doing good.

Now i have new query i want to redirect just non www domain to www domain no matter it is http or https

mean when user open http://mydomain.com it will redirect to http://mydomain.com  and when your user https://mydomain.com and it will redirect to https://www.mydomain.com

 

Sorry i know this is very easy for you.

 

Thanks in Advance

Amit Solanki

Coordinator
Mar 8, 2011 at 3:05 PM

Please see the IIRF documentation .