I have a few questions about redirecting my forum to https on a SSL certificate in my server, to remove Google penalties for not using https on your site to make it more secure. See here: https://searchengineland.com/google-sta ... tes-199446
1. First, are these redirect codes you put in your .htaccess file the same? What's the difference?
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]]
2. Second question. After doing some research here it seems that some of you say that redirect code only needs to be in the site root .htaccess file but not the forum subfolder .htaccess file. Others say that the redirect code needs to be in both of them. Have you guys come to an agreement on that yet?
3. Third question. I heard you aren't supposed to have two "RewriteEngine On" commands in the same .htaccess file. Is that so? What if my default forum .htaccess file already has that? See below. This is the default .htaccess file that came in the phpbb default files.
Code: Select all
<IfModule mod_rewrite.c>
RewriteEngine on
#
# Uncomment the statement below if URL rewriting doesn't
# work properly. If you installed phpBB in a subdirectory
# of your site, properly set the argument for the statement.
# e.g.: if your domain is test.com and you installed phpBB
# in http://www.test.com/phpBB/index.php you have to set
# the statement RewriteBase /phpBB/
#
#RewriteBase /
#
# Uncomment the statement below if you want to make use of
# HTTP authentication and it does not already work.
# This could be required if you are for example using PHP via Apache CGI.
#
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
#
# The following 3 lines will rewrite URLs passed through the front controller
# to not require app.php in the actual URL. In other words, a controller is
# by default accessed at /app.php/my/controller, but can also be accessed at
# /my/controller
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ app.php [QSA,L]
#
# If symbolic links are not already being followed,
# uncomment the line below.
# http://anothersysadmin.wordpress.com/2008/06/10/mod_rewrite-forbidden-403-with-apache-228/
#
#Options +FollowSymLinks
</IfModule>
# Apache content negotation tries to interpret non-existent paths as files if
# MultiViews is enabled. This will however cause issues with paths containg
# dots, e.g. for the cron tasks
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
# module mod_authz_host to a new module called mod_access_compat (which may be
# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
# We could just conditionally provide both versions, but unfortunately Apache
# does not explicitly tell us its version if the module mod_version is not
# available. In this case, we check for the availability of module
# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
<IfModule mod_version.c>
<IfVersion < 2.4>
<Files "config.php">
Order Allow,Deny
Deny from All
</Files>
<Files "common.php">
Order Allow,Deny
Deny from All
</Files>
</IfVersion>
<IfVersion >= 2.4>
<Files "config.php">
Require all denied
</Files>
<Files "common.php">
Require all denied
</Files>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
<IfModule !mod_authz_core.c>
<Files "config.php">
Order Allow,Deny
Deny from All
</Files>
<Files "common.php">
Order Allow,Deny
Deny from All
</Files>
</IfModule>
<IfModule mod_authz_core.c>
<Files "config.php">
Require all denied
</Files>
<Files "common.php">
Require all denied
</Files>
</IfModule>
</IfModule>
Code: Select all
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]]
4. Fourth question. Is it still necessary to change your server settings under ACP to this:
https://www.phpbbservices.com/2017/01/3 ... q0jbGgzbcd
Some of you said not to change the port settings, but the above instructions say to change the port settings from 80 to 443. Is that necessary or important? What about the server protocol?Configuring phpBB to use HTTPS
By default, phpBB assumes you will be using HTTP, not HTTPS. Once your certificate is installed and tested, it’s easy to change phpBB in the Administration Control Panel: ACP > General > Server configuration > Server settings. Then change server protocol from http:// to https:// and the server port from 80 to 443. What this does is change the links across the site.
Also, change your cookie settings to use a secure cookie: ACP > General > Server configuration > Cookie settings.
Thanks for your help.