http -> https (vice versa) for certain files only

Fix it!!

http -> https (vice versa) for certain files only

Postby coda » Wed Aug 16, 2006 12:43 am

See below for my .htaccess rules.
Everything with "/myaccount" in the URI should be served as https, everything else should be http. It's all working except for the line with SCRIPT_FILENAME, which I've included for external CSS and JavaScript includes that are served from the pages. These includes are linked with a relative path (as are images within them) which is why I've included this condition. Any ideas? Have I missed something?

Code: Select all
RewriteEngine On

# forces everything not under /myaccount to non-secure if secure (http)
RewriteCond %{SERVER_PORT} =443
RewriteCond %{REQUEST_URI} !(myaccount.*)$
RewriteCond %{SCRIPT_FILENAME} !(myaccount.*)$
RewriteRule ^(.*)$ http://%{SERVER_NAME}/$1 [R,L]

# forces everything under /myaccount to secure if non-secure (https)
RewriteCond %{SERVER_PORT} =80
RewriteRule ^(myaccount.*)$ https://%{SERVER_NAME}/$1 [R,L]


Thanks.
coda
 
Posts: 6
Joined: Thu Oct 06, 2005 7:03 pm

Postby richardk » Sat Aug 19, 2006 2:09 pm

Does this do what you want?
Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteCond %{SERVER_PORT} =443
RewriteCond %{REQUEST_URI} !\.(js|css|jpe?g|png|bmp|gif)$ [NC]
RewriteRule !^myaccount(/.*)?$ http://%{SERVER_NAME}% [R=301,L]

RewriteCond %{SERVER_PORT} =80
RewriteRule ^myaccount(/.*)?$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Yes

Postby coda » Wed Aug 23, 2006 2:58 am

That's excellent, thank you Richard
coda
 
Posts: 6
Joined: Thu Oct 06, 2005 7:03 pm

A small issue here :)

Postby humaneasy » Wed Feb 21, 2007 10:14 pm

Hi again.

On the other recipe richardk gave me for

subdomains.domain.tld -> /subsites/subdomains

and also to work with WordpressMu (which works prety fine) I decided to add this rule above -- hopefully well inserted so when the user goes to:

http://(.*)healthblogs.org/wp-admin/(.*) is automaticaly redirected to https://(.*)healthblogs.org/wp-admin/(.*)

And that is the *problem*

If you go to http://healthblogs.org/wp-admin/ you will end up with an error at https://www.healthblogs.org/wp-admin/ (not now because I had to comment the rules).

Before the insertion of this rule I go to any address in that domain with http or https without problems.

The code:
Code: Select all
Options +FollowSymLinks

<IfModule mod_rewrite.c>
  RewriteEngine On
  #RewriteBase /

  RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
  RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

  #RewriteCond %{HTTPS} =on
  RewriteCond %{SERVER_PORT} =443
  RewriteCond %{REQUEST_URI} !\.(js|css|jpe?g|png|bmp|gif|php)$ [NC]
  RewriteRule !^wp-admin(/.*)?$ http://%{SERVER_NAME}% [R=301,L]

  #RewriteCond %{HTTP} =on
  RewriteCond %{SERVER_PORT} =80
  RewriteRule ^wp-admin(/.*)?$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

  RewriteRule ^(stats(/.*)?|failed_auth\.html)$ - [NC,L]

  RewriteCond %{HTTP_HOST} ^([^\.]+)\.healthblogs.org$ [NC]
  RewriteCond %{DOCUMENT_ROOT}/subsites/%1%{REQUEST_URI}/ -d
  RewriteRule [^/]$ %{REQUEST_URI}/ [R=301,L]

  RewriteCond %{ENV:REDIRECT_STATUS} ^$
  RewriteCond %{HTTP_HOST} ^([^\.]+)\.healthblogs.org$ [NC]
  RewriteCond %{DOCUMENT_ROOT}/subsites/%1/ -d
  RewriteRule ^(.*)$ /subsites/%1/$1 [QSA,L]

  RewriteCond %{ENV:REDIRECT_STATUS} ^$
  RewriteCond %{REQUEST_URI} ^/([^/]+)(/(.*))?$
  RewriteCond %{DOCUMENT_ROOT}/subsites/%1/ -d
  RewriteRule .* http://%1.healthblogs.org/%3 [R=301,L]

  RewriteRule ^(.*/)?files/(.*)$ /wp-content/blogs.php?file=$2 [L]

  RewriteCond %{ENV:REDIRECT_STATUS} !^$ [OR]
  RewriteCond %{SCRIPT_FILENAME} -f [OR]
  RewriteCond %{SCRIPT_FILENAME} -d
  RewriteRule . - [L]

  RewriteRule  ^([_0-9a-zA-Z-]+/)?(wp-.*|.*\.php)$ $2 [L]
  RewriteRule . index.php [L]
</IfModule>


Any ideia of what am i doing wrong?

Thanks a lot.
humaneasy
 
Posts: 14
Joined: Sat Jul 08, 2006 4:37 pm

Postby richardk » Thu Feb 22, 2007 11:26 am

an error

What kind of error? 404, 500, a Wordpress error?

Try
Code: Select all
  RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
  RewriteRule !^wp-admin(/.*)?$ http://%1%{REQUEST_URI} [R=301,L]

  RewriteCond %{SERVER_PORT} ^443$
  RewriteCond %{REQUEST_URI} !\.(js|css|jpe?g|png|bmp|gif|php)$ [NC]
  RewriteRule !^wp-admin(/.*)?$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

  RewriteCond %{SERVER_PORT} ^80$
  RewriteRule ^wp-admin(/.*)?$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Thanks you!

Postby humaneasy » Thu Feb 22, 2007 1:56 pm

Hi,

First, sorry for the cross-posting :-?
After 18hours of continuous work the judgment is weak :(

richardk wrote:
an error

What kind of error? 404, 500, a Wordpress error?


When I put http://healthblogs.org/wp-admin/ I saw the status bar bouncing redirections from healthblogs.org to www.healthblogs.org and at some time it breaks with a message saying that the server is having some sort of redirection error and ends at https://www.healthblogs.org/wp-admin/ and it's that :)

Browser: Firefox 2.0.0.1

Tomorrow I'll test it because today I must really rest.

I'll post here what was the result.

Thanks again a lot for your kind patiente with all of us.

Lopo
humaneasy
 
Posts: 14
Joined: Sat Jul 08, 2006 4:37 pm

One more tiny issue...

Postby humaneasy » Thu Feb 22, 2007 2:03 pm

Also have another stupid error:

I have in a subsite activeCollab installed and it uses also a directory called "files" like the one Wordpress uses in the mod_rewrite rule.

Result: If I try to access any file in the aC "files" dir it jumps me directly to the Wordpress Mu's "Create a New Blog" page :)

It should be the damn general Wordpress "files" rule that is too generic, eheh :)

No fuss for the moment. I'm not really using but just showing it off.

The guys from the hosting replied with such a silly answer that only shows that the guy didn't understand a line from mod_rewrite. ISP tech support :o

Thanks again.
8) Lopo
humaneasy
 
Posts: 14
Joined: Sat Jul 08, 2006 4:37 pm

Postby richardk » Thu Feb 22, 2007 2:37 pm

Result: If I try to access any file in the aC "files" dir it jumps me directly to the Wordpress Mu's "Create a New Blog" page

Try moving
Code: Select all
RewriteRule ^(.*/)?files/(.*)$ /wp-content/blogs.php?file=$2 [L]

to below
Code: Select all
RewriteRule . - [L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby humaneasy » Fri Feb 23, 2007 11:29 am

The last rule I didn't check yet but this would not stop the rewrite needed to Wordpress to find its "files"?

I'm probably wrong but would the below work IF the domain start with ac. Else it will use the second rule?

Code: Select all
    RewriteRule ^ac.(.*/)?files/(.*)$ - [L]
    RewriteRule ^(.*/)?files/(.*)$ /wp-content/blogs.php?file=$2 [L]


By the way, what would be a great book on this subject that you would advise me to buy so I would bother you only with more difficult stuff :D ;)

You see, I'm not just asking for recipes but trying also to understand this so complicated Apache rules :o :)



Best and thanks,

8) Lopo
humaneasy
 
Posts: 14
Joined: Sat Jul 08, 2006 4:37 pm

Postby richardk » Fri Feb 23, 2007 1:55 pm

The last rule I didn't check yet but this would not stop the rewrite needed to Wordpress to find its "files"?

I don't think so, why not try it? If the files are really where you requested them, then it won't.

I'm probably wrong but would the below work IF the domain start with ac.

Domains are matched with HTTP_HOST.
Code: Select all
RewriteCond %{HTTP_HOST} ^ac\. [NC]
RewriteRule ^(.*/)?files/(.*)$ - [L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Next

Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 12 guests

cron