Force HTTPS redir with phpbb

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
thecas
Registered User
Posts: 55
Joined: Sun Feb 04, 2018 4:25 pm

Force HTTPS redir with phpbb

Post by thecas »

Hi. What is the best way to force when an user enter into the website to use HTTPS/TLS instead http?

I've tried the easiest way with modifing the default phpbb's .htaccess but my solution create a 400 error,

Can you suggest me a clean way?
Google prefers websites HTTPS sites only today ;)
Last edited by thecas on Fri Dec 27, 2019 9:17 am, edited 1 time in total.
Bermudez
Registered User
Posts: 162
Joined: Mon Aug 15, 2011 11:56 pm
Location: Spain
Name: Juan Antonio
Contact:

Re: Force HTTPS redir with phpbb

Post by Bermudez »

First: Do you have your domain configured with SSL in your hosting?
thecas
Registered User
Posts: 55
Joined: Sun Feb 04, 2018 4:25 pm

Re: Force HTTPS redir with phpbb

Post by thecas »

Sure! Now i can access via both http or https!
User avatar
Mick
Support Team Member
Support Team Member
Posts: 23057
Joined: Fri Aug 29, 2008 9:49 am

Re: Force HTTPS redir with phpbb

Post by Mick »

This should work in your .htaccess:

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
DON'T duplicate RewriteEngine On

If it doesn't and you still get the error please post your .htaccess file here in code tags.
"The more connected we get the more alone we become" - Kyle Broflovski©
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 4259
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: Force HTTPS redir with phpbb

Post by thecoalman »

Quick tip about this:

Code: Select all

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Use this first:

Code: Select all

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L]

If there is problem with a redirect by not adding the R=301 browsers, search engines etc. will not cache the redirect and it's lot easier to troubleshoot. Once you know it's working properly then add the R=301
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
thecas
Registered User
Posts: 55
Joined: Sun Feb 04, 2018 4:25 pm

Re: Force HTTPS redir with phpbb

Post by thecas »

No. Again with these lines it doesn't work.
Image

I've already clean my web data cookie.
This is my htaccess

Code: Select all

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#
# Uncomment the statement below if URL rewriting doesn't
# work properly. If you installed phpBB in a subdirectory
# of your site, properly set the argument for the statement.
# e.g.: if your domain is test.com and you installed phpBB
# in http://www.test.com/phpBB/index.php you have to set
# the statement RewriteBase /phpBB/
#
#RewriteBase /

#
# Uncomment the statement below if you want to make use of
# HTTP authentication and it does not already work.
# This could be required if you are for example using PHP via Apache CGI.
#
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

#
# The following 3 lines will rewrite URLs passed through the front controller
# to not require app.php in the actual URL. In other words, a controller is
# by default accessed at /app.php/my/controller, but can also be accessed at
# /my/controller
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ app.php [QSA,L]

#
# If symbolic links are not already being followed,
# uncomment the line below.
# http://anothersysadmin.wordpress.com/2008/06/10/mod_rewrite-forbidden-403-with-apache-228/
#
#Options +FollowSymLinks
</IfModule>

# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
# module mod_authz_host to a new module called mod_access_compat (which may be
# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
# We could just conditionally provide both versions, but unfortunately Apache
# does not explicitly tell us its version if the module mod_version is not
# available. In this case, we check for the availability of module
# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
<IfModule mod_version.c>
	<IfVersion < 2.4>
		<Files "config.php">
			Order Allow,Deny
			Deny from All
		</Files>
		<Files "common.php">
			Order Allow,Deny
			Deny from All
		</Files>
	</IfVersion>
	<IfVersion >= 2.4>
		<Files "config.php">
			Require all denied
		</Files>
		<Files "common.php">
			Require all denied
		</Files>
	</IfVersion>
</IfModule>
<IfModule !mod_version.c>
	<IfModule !mod_authz_core.c>
		<Files "config.php">
			Order Allow,Deny
			Deny from All
		</Files>
		<Files "common.php">
			Order Allow,Deny
			Deny from All
		</Files>
	</IfModule>
	<IfModule mod_authz_core.c>
		<Files "config.php">
			Require all denied
		</Files>
		<Files "common.php">
			Require all denied
		</Files>
	</IfModule>
</IfModule>
User avatar
janus_zonstraal
Registered User
Posts: 5128
Joined: Sat Aug 30, 2014 1:30 pm

Re: Force HTTPS redir with phpbb

Post by janus_zonstraal »

Why not ask your host, the have to know what the best way is on there servers.
Sorry! My English is bat ;) !!!
thecas
Registered User
Posts: 55
Joined: Sun Feb 04, 2018 4:25 pm

Re: Force HTTPS redir with phpbb

Post by thecas »

According with what i googled from my host this is the best way to avoid multiple redir.

Code: Select all

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP_HOST} ^www.
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
It is a bit different than your solution but now works ;)
Post Reply

Return to “[3.2.x] Support Forum”