Forcing non-www and https redirects correctly

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
urzh
Registered User
Posts: 52
Joined: Mon Aug 05, 2019 1:51 pm
Name: Robert

Forcing non-www and https redirects correctly

Post by urzh » Tue Aug 06, 2019 2:16 pm

I had my .htaccess redirects working fine previously with a different site in the same roo dirt, but now they aren't. I use the following .htaccess to redirect www.funnyinterestingcool.com to funnyinterestingcool.com and to force https (and also http -> https redirect). I have secure cookies enabled and the following secure server settings

Code: Select all

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.
RewriteCond %{HTTPS}s ^on(s)|off
RewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\.)?(.+)$
RewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]
CapturFiles_1.png
Is there anything else i need to setup in ACP to get this working?

User avatar
</Solidjeuh>
Registered User
Posts: 1689
Joined: Tue Mar 29, 2016 3:45 am
Location: Aalst (Belgium)
Name: Andy Dm
Contact:

Re: Forcing non-www and https redirects correctly

Post by </Solidjeuh> » Tue Aug 06, 2019 2:23 pm

Try adding " https:// " in server protocol

urzh
Registered User
Posts: 52
Joined: Mon Aug 05, 2019 1:51 pm
Name: Robert

Re: Forcing non-www and https redirects correctly

Post by urzh » Tue Aug 06, 2019 2:52 pm

Had tried that earlier too, but its there now. No difference

User avatar
</Solidjeuh>
Registered User
Posts: 1689
Joined: Tue Mar 29, 2016 3:45 am
Location: Aalst (Belgium)
Name: Andy Dm
Contact:

Re: Forcing non-www and https redirects correctly

Post by </Solidjeuh> » Tue Aug 06, 2019 2:54 pm

Try

Code: Select all

RewriteEngine on
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:  # regel niet uitvoeren wanneer verbonden via https
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
If that's not working, contact your server. Then the system is not reading .htaccess.

urzh
Registered User
Posts: 52
Joined: Mon Aug 05, 2019 1:51 pm
Name: Robert

Re: Forcing non-www and https redirects correctly

Post by urzh » Tue Aug 06, 2019 3:12 pm

So that seems to force www which i don't want. I want www requests to resolve to https://funnyinterestingcool.com

User avatar
</Solidjeuh>
Registered User
Posts: 1689
Joined: Tue Mar 29, 2016 3:45 am
Location: Aalst (Belgium)
Name: Andy Dm
Contact:

Re: Forcing non-www and https redirects correctly

Post by </Solidjeuh> » Tue Aug 06, 2019 3:14 pm

Code: Select all

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

urzh
Registered User
Posts: 52
Joined: Mon Aug 05, 2019 1:51 pm
Name: Robert

Re: Forcing non-www and https redirects correctly

Post by urzh » Tue Aug 06, 2019 3:25 pm

Ok, so somewhere in this jumbo of rules it's working exactly how i want it. I copied it from another older site i had. Maybe can help me clean it up?

Appreciate your replies for this and I learned what I have on my other sites now :)

Code: Select all

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.
RewriteCond %{HTTPS}s ^on(s)|off
RewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\.)?(.+)$
RewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

User avatar
EA117
Registered User
Posts: 755
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Forcing non-www and https redirects correctly

Post by EA117 » Tue Aug 06, 2019 5:20 pm

To combine "get rid of www subdomain" with "force HTTPS", I expect the concise rule to be:

Code: Select all

RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP_HOST} ^www\.funnyinterestingcool\.com$ [NC]
RewriteRule ^(.*)$ https\:\/\/funnyinterestingcool\.com\/$1 [L,R=301]
thecoalman would also give you sage advice to not put the ,R=301 into the redirect until after you have tested and confirmed everything is working, since many browsers would typically cache a "hard" 301 redirect. If your rule behavior wasn't quite to your liking yet, having the 301 already included means now you're fighting both the rule behavior and the cached browser behavior in your testing.

urzh
Registered User
Posts: 52
Joined: Mon Aug 05, 2019 1:51 pm
Name: Robert

Re: Forcing non-www and https redirects correctly

Post by urzh » Tue Aug 06, 2019 6:06 pm

Thanks, doing this though does not redirect www.funnyinterestingcool.com to https://funnyinteresingcool.com/. I also would like https://www.funnyinterestingcool.com to redirect https://funnyinteresingcool.com/

I left it in place if you wanted to see it
Last edited by Mick on Wed Aug 14, 2019 5:19 pm, edited 1 time in total.
Reason: Unnecessary quoting removed.

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21333
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket - definitely

Re: Forcing non-www and https redirects correctly

Post by Mick » Tue Aug 06, 2019 6:31 pm

Another option is to speak to your host, mine does all the www/not www and http/https stuff themselves. I never have to mess with .htaccess.
"The more connected we get the more alone we become" - Kyle Broflovski

User avatar
EA117
Registered User
Posts: 755
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Forcing non-www and https redirects correctly

Post by EA117 » Tue Aug 06, 2019 6:31 pm

urzh wrote:
Tue Aug 06, 2019 6:06 pm
Thanks, doing this though does not redirect www.funnyinterestingcool.com to https://funnyinteresingcool.com/. I also would like https://www.funnyinterestingcool.com to redirect https://funnyinteresingcool.com/

I left it in place if you wanted to see it
Thanks, I'm done looking, if you want to keep changing now.

Agreed that accessing the site didn't force removal of www subdomain. But the rule didn't seem to be firing at all on the site. i.e. Access to the site was not forcing HTTPS either, and I could still access the site using HTTP, too.

So it think its more a matter of either the rule isn't in the correct .htaccess file, or there is something else in the overall .htaccess which is negating or skipping where the rule has been added. You may need to post the entire .htaccess to see if someone can identify any potential problems with how the rule has been integrated.

The other sense I got trying to access your site is that possibly the "www" subdomain is not pointing to the same document root as your funnyinteresingcool.com site? e.g. The URL https://funnyinterestingcool.com/favicon.ico resolves successfully, but the URL https://www.funnyinterestingcool.com/favicon.ico returns a 404 not found, in addition to not getting redirected?

This would be a hosting & web server configuration question, maybe in a "Subdomains" section of your CPanel or similar, where it's declared what domains are being directed to which document root directories. It's also possible your hosting provider does this at a DNS management level instead of in "the web server configuration", so you may just need to get input from your hosting provider if it doesn't already seem clear.

If there are two different document root directories involved, this could also be part of the explanation why "rules I'm adding to the .htaccess don't seem to have the intended effect." Since if a separate document root exists for the www domain, the .htaccess on your main site isn't getting the opportunity to redirect those URLs (except as secondary to whatever redirect the www document root might or might not have setup).

urzh
Registered User
Posts: 52
Joined: Mon Aug 05, 2019 1:51 pm
Name: Robert

Re: Forcing non-www and https redirects correctly

Post by urzh » Tue Aug 06, 2019 6:57 pm

EA117, the reason that was happening was because even though I had a www root defined (same site root) I didn't give it SSL properties. This is fixed now. And now, the below rules works as expected in the ways I want. Also, this is all that's in my .htaccess.

@Mick I do my own hosting (non-cpanel) and always used htaccess so not sure if this is the best option in my scenario

Code: Select all

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.
RewriteCond %{HTTPS}s ^on(s)|off
RewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\.)?(.+)$
RewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

User avatar
EA117
Registered User
Posts: 755
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Forcing non-www and https redirects correctly

Post by EA117 » Tue Aug 06, 2019 7:56 pm

urzh wrote:
Tue Aug 06, 2019 6:57 pm
EA117, the reason that was happening was because even though I had a www root defined (same site root) I didn't give it SSL properties. This is fixed now. And now, the below rules works as expected in the ways I want. Also, this is all that's in my .htaccess.
In that case, possibly the issue -- if you replaced the entire file contents with literally my proposed rule -- was the absence of RewriteEngine on. Since I was proposing just the rule syntax, and not the entire .htaccess contents. That could also potentially explain why "the rule just doesn't seem to be firing at all" once you implemented that change.

If you like your current rules and it's working for you, by all means status quo is fine too. I feel like there are multiple things that seem just random or that I can't explain about those current rules, so I'm not saying "they're fine too." But it's not that I've studied them hard enough to say "here are the issues you'll still have."

urzh
Registered User
Posts: 52
Joined: Mon Aug 05, 2019 1:51 pm
Name: Robert

Re: Forcing non-www and https redirects correctly

Post by urzh » Tue Aug 06, 2019 8:17 pm

EA711, yep you are right. I was missing that part and I must have stripped it originally from my file when copying (working too fast sometimes). This is now implemented and it's working how I want it. Yea, the other stuff that accumulated in my htaccess was from many years, half of which I didn't do.

Code: Select all

RewriteEngine on
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP_HOST} ^www\.funnyinterestingcool\.com$ [NC]
RewriteRule ^(.*)$ https\:\/\/funnyinterestingcool\.com\/$1 [L,R=301]

Thank you very much!!

User avatar
EA117
Registered User
Posts: 755
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Forcing non-www and https redirects correctly

Post by EA117 » Wed Aug 07, 2019 12:09 am

That's great; glad you were able to figure all that out.

Since you indicated this was the only content in the .htaccess, I should at least mention and confirm that you're aware there is a default .htaccess file included with phpBB itself, which is otherwise the default basis for .htaccess content "expected" to be at the directory level where phpBB is installed. You may be fully aware of that and had omitted using it for some specific reason; I just didn't want to end this thread without at least mentioning it.

The main "behavior that the phpBB site might be expecting", I would say, is the app.php re-write rule included in the phpBB default .htaccess content. Meaning if the incoming URL is funnyinterestingcool.com/foo, and funnyinterestingcool.com/foo doesn't exist as a file, and funnyinterestingcool.com/foo/ doesn't exist as a directory, then the URL is re-written as funnyinterestingcool.com/app.php/foo to give the phpBB app controller a chance to let phpBB or installed extensions handle that path.

For example, I access the mChat extension's Archive page with /mchat/archive, rather than app.php/mchat/archive. Maybe you're fine without that, and maybe your installed extensions are fine without that too. And you may have the "Enable URL Rewriting:" setting in ACP, General, Server Configuration, Server Settings, Path Settings disabled accordingly. This is just the main "functionality" I feel like I'm getting from having used phpBB's default .htaccess file.

The phpBB default .htaccess contents are also blocking all access to config.php and common.php through the web server, for what it's worth.

Post Reply

Return to “[3.2.x] Support Forum”