0

I cannot be able to redirect my http traffic to https so my site is reachable using both http and https but I want it only to be reachable via https. My .htaccess file located in /var/apps/web/ looks like this:

RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(/(.*))?$ https://%{HTTP_HOST}/$1 [R=301,L]

I have edited apache2.conf and added the below config:

<Directory /var/mode/cci/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
</Directory>

My document root located in /etc/apache2/sites-available looks as below:

<VirtualHost *:7777>
        ServerAdmin webmaster@localhost
        ServerName mydomain.co/
        DocumentRoot /var/apps/web/
        Header always append X-Frame-Options SAMEORIGIN
        Header always set X-XSS-Protection "1; mode=block"
        Header always unset Server
        Header always set X-Content-Type-Options nosniff
        <Directory />
                Options -Indexes -FollowSymLinks -MultiViews
                AllowOverride None
        </Directory>
        <Directory /var/apps/web/>
                LimitRequestBody 512000
                Options -Indexes -FollowSymLinks -MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -Indexes -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
        TraceEnable off

        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        ServerName mydomain.co/
        DocumentRoot /var/apps/web/
        Header always append X-Frame-Options SAMEORIGIN
        Header always set X-XSS-Protection "1; mode=block"
        Header always unset Server
        Header always set X-Content-Type-Options nosniff
        <Directory />
                Options -Indexes -FollowSymLinks -MultiViews
                AllowOverride None
 </Directory>
        <Directory /var/apps/web/>
                LimitRequestBody 512000
                Options -Indexes -FollowSymLinks -MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -Indexes -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>
         SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
        TraceEnable off

        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Kindly assist!

Shira
  • 6,392
  • 2
  • 25
  • 27
jbala
  • 21
  • 2
  • Possible duplicate: http://stackoverflow.com/questions/13977851/htaccess-redirect-to-https-www – Alex Slipknot Mar 17 '17 at 15:00
  • I want to confirm whether my document root and the apache2.conf configuration files are correct? – jbala Mar 17 '17 at 15:06
  • If your htaccess file works you need just those instructions to be placed in yours. – Alex Slipknot Mar 17 '17 at 15:10
  • how can i confirm that it works? the htaccess file is located in /var/apps/web folder, is this the valid location? – jbala Mar 17 '17 at 15:12
  • Well, the fastest way to ensure that htaccess work - just write some redirect (for example to '/ololo.html') and check it in your browser. Or write some incorrect directive - that must throw you an error by apache – Alex Slipknot Mar 17 '17 at 15:15
  • I have managed to make .httpaccess work however none of these rules are working on my favour – jbala Mar 17 '17 at 15:51
  • 1
    Ok, .htaccess file must be in the root of docs. Don't rename the file, just make mistake in this file – Alex Slipknot Mar 17 '17 at 15:55
  • still not working, the .htaccess is accessible though because if i put deny from all as first line the application throws a forbidden status. – jbala Mar 20 '17 at 07:30
  • Great! So you found that htaccess works. Then you can paste code from another answer just to be sure that http->https works. If it does - add your instructions from old htaccess. – Alex Slipknot Mar 20 '17 at 07:32
  • both protocols work. can you share a proper configuration to paste on the .htaccess to direct http traffic to https? – jbala Mar 20 '17 at 08:40
  • See accepted answer:http://stackoverflow.com/questions/13977851/htaccess-redirect-to-https-www – Alex Slipknot Mar 20 '17 at 08:42

0 Answers0