htaccess - allow multiple domain origins, force https, force www, rewrite url with subdirectory

Question

I would like to create an .htaccess to

allow origin (https://www.example.com and https://example.com and https://subdomain.example.com)
force https
force www
rewrite url with the subdirectory

Edit: Here is my new .htaccess file

    RewriteEngine on

    Header add Access-Control-Allow-Origin "https://www.example.com, https://example.com, https://subdomain.example.com"
    Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
    Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type, X-CSRF-Token"

    RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
    RewriteRule ^ https://www.%1%{REQUEST_URI} [L,R=301,NE]

    RewriteRule ^(path/to/directory/file)/([^/]+)/?$ $1.php?u=$2 [NC,L,QSA]

Here is my .htaccess file

RewriteEngine on

Header add Access-Control-Allow-Origin "https://www.example.com, https://example.com, https://subdomain.example.com"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type, X-CSRF-Token"

RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$

RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ "https\:\/\/www\.example\.com\/$1" [R=301]


RewriteRule ^path/to/directory/file/([^/]*)$ path/to/directory/file.php?u=$1 [L]

This rule is working: (http://example.com/file/xxxx)

RewriteRule ^file/([^/]*)$ path/to/directory/file.php?u=$1 [L]

Edit: This rule is working (http://example.com/path/to/directory/file/xxxx)

RewriteRule ^path/to/directory/file/([^/]*)$ path/to/directory/file.php?u=$1 [L]

Edit:

Think to remove the first slash after ^ to make it working as said in this subject.

The only difference I see is the first rule starting *without* slash and the second one starting *with* slash. — Olaf Dietsche, Jun 02 '16 at 21:19
I did an edit. It's not changing something (I tested the second with and without and it works). To be more clear I removed the second. — Alex01, Jun 02 '16 at 21:31
@anubhava I am sorry I did not understand your question. xxxx represent the value of the **u** var. It's the id of an user. — Alex01, Jun 02 '16 at 21:34
Is there any other .htaccess in your system or any other rule? — anubhava, Jun 02 '16 at 21:36
Right. Thank you! There was a bad .htaccess located on the path/to/directory with bad remaining lines. I removed it and the subdirectory problem is solved. I tested the other rules it's still possible to go on : [https://example.com/](https://example.com/) — Alex01, Jun 02 '16 at 21:40
With my code above, `http://www.example.com, http://example.com and https://www.example.com are redirected to https://www.example.com but not https://example.com` — Alex01, Jun 02 '16 at 21:50

score 3 · Accepted Answer · answered Jun 02 '16 at 22:01

3

Replace all of your existing code with this:

RewriteEngine on

Header add Access-Control-Allow-Origin "https://www.example.com, https://example.com"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type, X-CSRF-Token"

RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,R=301,NE]

RewriteRule ^(path/to/directory/file)/([^/]+)/?$ $1.php?u=$2 [NC,L,QSA]

Make sure to clear your browser cache before testing this.

answered Jun 02 '16 at 22:01

anubhava

761,203
64
569
643

1

Thank you all is working perfectly: allow 2 origins, force https, force www, redirection with subdirectory. :) – Alex01 Jun 02 '16 at 22:15
A last question, if you would like, if I want to add successive rewriting rules like this one `RewriteRule ^(path/to/directory/file)/([^/]+)/?$ $1.php?u=$2 [NC,L,QSA]` in order to have several friendly urls, should I just keep the same flags? – Alex01 Jun 02 '16 at 22:19
Hi, loading fontawesome icons from a subdomain is generating this error how can I solve this please? `Font from origin 'https://example.com' has been blocked from loading by Cross-Origin Resource Sharing policy: The 'Access-Control-Allow-Origin' header contains multiple values 'https://www.example.com, https://example.com', https://subdomain.example.com' but only one is allowed. Origin 'https://subdomain.example.com' is therefore not allowed access.` – Alex01 Jun 09 '16 at 07:00
Yes, also the subdomain directory is located on the /home/sitename directory and the htaccess is located on /home/sitename/public_html directory in order to prevent it from www redirection. But I have still problem with Access-Control-Allow-Origin on the subdomain. – Alex01 Jun 09 '16 at 20:35
I think I should have an .htaccess for the directory of the subdomain file. Focing without www and forcing with https. - Edit, ok done through the cPanel redirections. However I'm still stuck with allow origin header it's like it doesn't work – Alex01 Jun 09 '16 at 20:39
It's rightly `Header add Access-Control-Allow-Origin` in the .htaccess of example.com. I've edited the .htaccess above the thread to show you how it is. – Alex01 Jun 09 '16 at 20:45
Then it works the subdomain is allowed. However I'd like to be sure to allow the 3 ones. – Alex01 Jun 09 '16 at 20:55
You can add 2 more lines of `Header add Access-Control-Allow-Origin` – anubhava Jun 09 '16 at 20:57
Hi it doesn't work then I've an allow origin problem again. `Header add Access-Control-Allow-Origin "https://www.example.com" Header add Access-Control-Allow-Origin "https://example.com" Header add Access-Control-Allow-Origin "https://subdomain.example.com"` – Alex01 Jun 09 '16 at 22:12
[Check this answer for multiple original domains](http://stackoverflow.com/a/1850482/548225) – anubhava Jun 10 '16 at 11:12

score 1 · Answer 2 · answered Jun 02 '16 at 21:43

1

Allow Origin:

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
</IfModule>

Force HTTPS:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Force WWW:

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com[nc]
RewriteRule ^(.*)$ http://www.example.com/$1 [r=301,nc]

URL to subdomain:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteRule ^(/)?$ example [L]

answered Jun 02 '16 at 21:43

Joe

4,877
5
30
51

Thank you there is no more problem with www and https redirection. Is it possible to add only `https://www.example.com` and `https://www.example.com` in the allowed origins? And I don't really understand the URL to subdomain part. – Alex01 Jun 02 '16 at 21:53

htaccess - allow multiple domain origins, force https, force www, rewrite url with subdirectory

2 Answers2