.htaccess redirecting non SSL Domain to another SSL Domain
I have the following .htaccess:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.old_domain.de$
RewriteRule (.*) https://new_domain.de/$1 [R=301,L]
The Problem is, the rule seem to only redirect www.old_domain.de or http://www.old_domain.de correctly, but does not redirect https://old_domain.de or old_domain.de (Which jumps to https:// automaticaly). I the second case I get the following error:
SSL_ERROR_UNRECOGNIZED_NAME_ALERT
I already tried to rewrite https:// and non-www domains into http://www. but wasn't able to achieve the wanted results somehow. Probably I miss something Important here.
Is it possible there's something wrong with the https:// forcing at the .htaccess of my new domain?
1 answer
-
answered 2018-10-18 13:06
Ankit Rastogi
For redirecting http://www.old_domain.de or www.old_domain.de or http://old_domain.de or old_domain.de use the below code
RewriteEngine on RewriteCond %{HTTP_HOST} ^(www\.)?old_domain\.de$ [NC] RewriteRule (.*) https://new_domain.de/$1 [R=301,L]
Your code is missing the
(www\.)?
in RewriteCond which will make the rewrite works irrespective of whether it contains a www or not.You can test the same using htaccess tester at link
Similarly you should have a separate virtual host configured for SSL (HTTPS). In that virtual host you also needs to copy the above code.
SSL is configured on port 443 to listen, so search for something similar to below code in your htaccess
<VirtualHost *:443> ServerName www.old_domain.de ServerAlias old_domain.de SSLEngine on SSLCertificateFile /etc/apache2/ssl/example/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/example/apache.key </VirtualHost>
If you are still unable to find the file where virtual host listening on 443 is configured you can run the apache with the -S flag like below command
httpd -S or apachectl -S
This will give you the name of the file where virtual host listening on 443 is configured as in the below output
*:80 default server xxx.xxx.xxx.xxx (/etc/httpd/conf.d/eco.conf:1) port 80 namevhost xxx.xxx.xxx.xxx (/etc/httpd/conf.d/eco.conf:1) *:443 default server xxx.xxx.xxx.xxx (/etc/httpd/conf.d/ssl.conf:1) port 443 namevhost xxx.xxx.xxx.xxx (/etc/httpd/conf.d/ssl.conf:1)
For example
/etc/httpd/conf.d/ssl.conf
is the file in which virtual host listening on 443 is configured.
See also questions close to this topic
-
solr join two cores and apply OR condition on each core field
I have two cores in the same Solr server
Core 1 has below structure:
"id":"1234.1", "created_s":"2018-08-15", "pd_data_s":"F10001VIS", "snum_s":"0001", }, { "id":"1234.2", "created_s":"2017-08-15", "pd_data_s":"F2001", "snum_s":"002", },
Core 2 has below structure
{ "id":"5234.2", "modified_s":"2017-08-15", "pd_number_s":"F2001", "product_type":"t-shirt", }, { "id":"6234.2", "modified_s":"2018-08-15", "pd_number_s":"F10001VIS", "product_type":"t-shirt", },
I want to join the two cores to match the pd_number_s(core 2) to pd_number_s (core 1) and apply "OR condition" the date fields on two cores.
I used below query to filter the data. But in this case the date fields are running independently for filtering the data.
http://localhost:8983/solr/core2/select?q=*:*&fq={!join from=pd_number_s to=pd_data_s fromIndex=core1}(snum_s:001 AND created_s:[2018-01-01 TO *])&fq=modified_s:[2019-02-07T17:00:00 TO *]
What would be Solr equivalent to the below SQL query
select * from companies core1 inner join company_types core2 on core1.company_type_id = core2.id and (core1.created_at>=2012-08-1 OR core2.created_at>=2012-08-1)
-
Apache mod_rewrite change domain extension
I want to have a 4 conditional mod_rewrite.
http to https http://example.com to https://example.com www. to non-www. https://www.example.com to https://example.com https://www.subdomain.example.com to https://subdomain.example.com non-plural ending to plural ending domain https://www.example.com to https://examples.com .com (or that is not .co) domain extension to .co https://www.example.com to https://examples.co
I so far have this code:
ServerName examples.co ServerAlias *.examples.co examples.com *.examples.com example.co *.example.co example.com *.example.com RewriteEngine On RewriteCond %{HTTP_HOST} ^www\.(.+) [NC] RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301] RewriteCond %{HTTP_HOST} !examples\.co$ RewriteCond %{HTTP_HOST} ^([^.]+\.)?examples\. RewriteRule ^ https://%1examples.co%{REQUEST_URI}
I am having trouble finding an example to create change example to examples and .com (or other non-.co) to .co.
I want the rule to be anything that is not examples.co, turn into examples.co, maintain all subdomains, but trim off www..
All the domains are pointing to the same server. But www.subdomain.examples.co won't trim www. And it wont change domain from .com to .co or change to plural version.
-
Problem when deploying django rest in xampp
I have a rare problem on the part of the client, I am using angular 5 as part of the client. I already made all the changes in Apache to run Django, it works well on my PC and on my cell phone when I connect to the server. when the request is made to the server it only works on my pc where the server is and on my cell phone.
this is proof of this here the application is done well. but when I try to access the server of another pc the request is made to the old address, which is Django's
this is the apache configuration.
<IfModule wsgi_module> WSGIPythonPath C:\xampp\htdocs\tutorial <VirtualHost *:8081> Alias /static "C:\xampp\htdocs\tutorial\static" <Location "/media"> SetHandler None </Location> <LocationMatch "\.(jpg|gif|png|js|css)$"> SetHandler None </LocationMatch> <Directory C:\xampp\htdocs\tutorial\static> Require all granted </Directory> <Directory C:\xampp\htdocs\tutorial > <Files wsgi.py> Require all granted </Files> </Directory> WSGIScriptAlias / C:\xampp\htdocs\tutorial\tutorial\wsgi.py </VirtualHost> </IfModule>
and before making the deployment of the client I made the change of the url of the service.
URLCategorias : string = 'http://10.0.0.16:8081/api/categorias/';
is the only place that used the service
and this es mi configuration hosts.
DEBUG = False ALLOWED_HOSTS = ['10.0.0.16', 'localhost']
I don't know what the problem is, why when making the call to the server, it points to another place.
-
.htaccess in subdirectory to deny everything in subdirectory except index.php
Here's what the web hosted directory looks like:
public_html
- subdirectory
- index.php
- other stuff
- .htaccess
- subdirectory
Is there a way to make the .htaccess file deny everything relative to its location (i.e. everything in the subdirectory) except for the index.php file in that directory, without affecting anything located in its parent directory?
I've tried the following, but it's denying me access to /subdirectory/ as well. If I do /subdirectory/index.php it seems to work.
Order Deny,Allow Deny from all Allow from 127.0.0.1 <Files ./index.php> Order Allow,Deny Allow from all </Files>
The most ideal is if the solution is agnostic of the directory structure it's in -- that is in the future I could move everything to the parent directory, and it'd still work.
-
Httacess Conflict with htpasswd
I have this htaccess Code
RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ index.php?section=$1 [QSA,L]
That makes SEO friendly URLs
But then i wanted to secure my adminindex.php with user and pass using this code
Options -Indexes RewriteEngine On SetEnvIf Request_URI "adminindex.php" require_auth=true <filesmatch "adminindex.php"> AuthUserFile /home/******/public_html/.htpasswd AuthName "you must log in to see this file" AuthType Basic require valid-user </filesmatch>
It works but after removing the Above SEO Urls code
RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ index.php?section=$1 [QSA,L]
and my Httaccess Looks like this
Options -Indexes RewriteEngine On SetEnvIf Request_URI "adminindex.php" require_auth=true <filesmatch "adminindex.php"> AuthUserFile /home/pagosav2/public_html/.htpasswd AuthName "you must log in to see this file" AuthType Basic require valid-user </filesmatch> RewriteEngine On RewriteCond %{HTTPS} !=on ErrorDocument 404 https://*********.com/index.php?section=404 #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)? RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] #ErrorDocument 404 https://***********.com/404.tpl <IfModule mod_php5.c> php_value suhosin.upload.max_uploads 50 </IfModule> RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ index.php?section=$1 [QSA,L]
So my question is how do i keep both my code and make both features work
-
Can't find malicious code creating 'parseopmlo' directory
I work for a non-profit. Our WordPress site (shared hosting on Bluehost) was hacked earlier this week, and the hacker appears to have created a script that automatically creates a directory in root named 'parseopmlo' which has two files in it, index.php and moban.html. It simultaneously edits the .htaccess file, adding this code:
RewriteRule ^.*[-/]n(\d+)-.*$ parseopmlo/index\.php?id=$1&%{QUERY_STRING} [L] RewriteRule ^n(\d+)-.*$ parseopmlo/index\.php?id=$1&%{QUERY_STRING} [L] RewriteRule ^r(\d+)[-/].*[-/]n(\d+)-.*$ parseopmlo/index\.php?id=$1-$2&%{QUERY_STRING} [L] RewriteRule ^r(\d+)[-/]n(\d+)[-/].*$ parseopmlo/index\.php?id=$1-$2&%{QUERY_STRING} [L] RewriteRule ^n(\d+)[-/].*[-/]r(\d+)[-/].*$ parseopmlo/index\.php?id=$2-$1&%{QUERY_STRING} [L] RewriteRule ^n(\d+)[-/]r(\d+)[-/].*$ parseopmlo/index\.php?id=$2-$1&%{QUERY_STRING} [L] RewriteRule ^.*[-/]n(\d+)[-/]r(\d+)[-/].*$ parseopmlo/index\.php?id=$2-$1&%{QUERY_STRING} [L] RewriteRule ^.*[-/]n(\d+)[-/].*[-/]r(\d+)[-/].*$ parseopmlo/index\.php?id=$2-$1&%{QUERY_STRING} [L] RewriteRule ^.*[-/]r(\d+)[-/].*[-/]n(\d+)[-/].*$ parseopmlo/index\.php?id=$1-$2&%{QUERY_STRING} [L] RewriteRule ^.*[-/]r(\d+)[-/]n(\d+)[-/].*$ parseopmlo/index\.php?id=$1-$2&%{QUERY_STRING} [L]
I have deleted the directory several times now, and restored a clean .htaccess file several times. Each time, the directory is recreated and .htaccess is hacked again within 5-30 minutes.
I changed all passwords to automatically generated, very strong passwords. There is no way someone is sitting around logged into our site's FTP, manually making these changes.
It's a script on our server, but I can't find it. I used SSH with the grep command to recursively search every file on the server for anything containing the text string 'parseopmlo' and the only results were the lines of code in .htaccess. I was hoping it would show up in whatever file contains the script creating the directory. No dice.
If you Google 'parseopmlo' you'll get a ton of hits featuring other websites that have been hacked in the same way, but no mention of how to fix this.
Any ideas on how to find and delete the malicious code?
-
Dummy HTML API?
Is there a service which provide a dummy HTML page that I can request via HTTP/HTTPS (Ajax)? It's needed not to be blocked by CORS policy. (Not using CORB)
Basically I want dummy HTML code without dealing with CORS.
I know there is similar services for JSON:
$.ajax({ type: "GET", url: "dummysite.com", crossDomain: true, success: function (data) { // do something with server response data outputElm.innerHTML += data; }, error: function (err) { // handle error logic here console.log(err); } });
-
camel proxy configuration camel-https4
We have to connect out java camel application with an external system over https. In the middle we have a proxy, but this proxy only accepts http connections.
I have configured http and https proxies in the camel context but it seems that this does not help. The http4s component runs into connection closed exception. So I configured the proxy directly at the https4 endpoint. This configuration works but it seems that the component wants to communicate over https with our proxy and I receive this exception.
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
I inspect the debug log and I can see this log entry which indicates that the connection to the proxy is done over https
[DEBUG]: org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {tls}->https://<proxy>:<port>->https://<3rdPartySystem>:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 200]
here the camel component configuration
to("https4:<3rdPartySystem>/services/oauth2/token?proxyAuthHost=...&proxyAuthPort=...")
So my question is: How can I configure a proxy in java in a way that https traffic is done over http between the java app and the proxy. From proxy to the 3rd party system communication should be done over https.
By the way the "old" http-camel component works perfect with the same proxy.
-
Problem redirecting site from http to https
such problem. We have old site with no ssl certificate
example1.com
pages from him already indexed in google
we made new site with ssl
example.com
and made redirects 301 from old site
if( url == '/some' ) { header('HTTP/1.1 301 Moved Permanently'); header( 'Location: https://example.com/some' ); }
But when we make search in google "some keyword" we receive old domain link
example1.com/some_link
and after redirect to
https://example.com/some_link
we receive an ssl error "Connection unsecure" but browser shows that certificate is valid
how to fix this?
-
URL Requests with SSL Pinning in iOS App are failing for few websites
I have an iOS app which has SSL pinning feature for few particular requests. As SSL Pinning is not working due to some reason, I have downloaded SSL Certificates for 3 sites using Firefox browser (or
openssl
command in mac terminal app) and kept in project local folder. Below are the results, when I run from the iOS app.URL:
https://www.google.com/
RESULT:WORKING with ssl enabled
- I could see some response as HTML data in the console
URL:
https://www.google.com/
RESULT:cancelled 2019-02-14 15:30:27.702813+0530 CertPinning[30996:733590] Task <B7EEA492-BE74-4E2A-9F47-2F8C964B8539>.<1> finished with error - code: -999 2019-02-14 15:30:27.704132+0530 CertPinning[30996:733596] Task <B7EEA492-BE74-4E2A-9F47-2F8C964B8539>.<1> HTTP load failed (error code: -999 [1:89])
URL:
https://api.sendgrid.com/
RESULT
Error Domain=NSURLErrorDomain Code=-999 "(null)" UserInfo={NSUnderlyingError=0x600001c7dd10 {Error Domain=NSURLErrorDomain Code=-999 "cancelled" UserInfo={NSErrorFailingURLStringKey=https://api.sendgrid.com/v3/mail/send, NSErrorFailingURLKey=https://api.sendgrid.com/v3/mail/send, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <F7FF95D3-ADC7-474C-8B38-0ABA09058AA8>.<1>" ), _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <F7FF95D3-ADC7-474C-8B38-0ABA09058AA8>.<1>, NSLocalizedDescription=cancelled}}, StatusCode=0, ResponseText=, ServiceType=Login, URL=https://api.sendgrid.com/v3/mail/send}
Code from dowloaded from GITHUB
import Foundation import UIKit class ViewController: UIViewController, URLSessionDelegate { override func touchesBegan(_ touches: Set<UITouch>, with event: UIEvent?) { let config = URLSessionConfiguration.default let session = URLSession(configuration: config, delegate: self, delegateQueue: nil) guard let url = URL(string: "https://www.google.com/") else { return } let task = session.dataTask(with: url) { (data, response, error) in if let error = error { print(error.localizedDescription) return } if let data = data, let contents = String(data: data, encoding: String.Encoding.utf8) { print(contents) } } task.resume() } func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) { guard challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust, let serverTrust = challenge.protectionSpace.serverTrust, SecTrustEvaluate(serverTrust, nil) == errSecSuccess, let serverCert = SecTrustGetCertificateAtIndex(serverTrust, 0) else { reject(with: completionHandler) return } let serverCertData = SecCertificateCopyData(serverCert) as Data guard let localCertPath = Bundle.main.path(forResource: "wwwgooglecom", ofType: "crt"), let localCertData = NSData(contentsOfFile: localCertPath) as Data?, localCertData == serverCertData else { reject(with: completionHandler) return } accept(with: serverTrust, completionHandler) } func reject(with completionHandler: ((URLSession.AuthChallengeDisposition, URLCredential?) -> Void)) { completionHandler(.cancelAuthenticationChallenge, nil) } func accept(with serverTrust: SecTrust, _ completionHandler: ((URLSession.AuthChallengeDisposition, URLCredential?) -> Void)) { completionHandler(.useCredential, URLCredential(trust: serverTrust)) } }
Why the the errors are seen in the later two requests ?
While sending email using
SendGrid API
, mail isn't being sent, as SSL Pinning is failing. I am not sure where I am going wrong. If I don't go for SSL Pinning, everything works as expected. Any one faced the same problem before? -
Could not create SSL/TLS secure channel using webApplication deployed on IIS
I have added Client certificate in UAT machine (Testing Server). I am facing issue on IIS server , my desktop test app and SoapUI tool receive response successfully but when i deployed my web application on IIS server it causes exception that "Could not create SSL/TLS secure channel". i added certificate in Trusted Root Certification Authorities. and in my code i get this by
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(delegate { return true; }); X509Certificates.X509Store store = new X509Certificates.X509Store(X509Certificates.StoreName.Root, X509Certificates.StoreLocation.LocalMachine); X509Certificates.X509Certificate2 cert4 = store.Certificates.Find(X509Certificates.X509FindType.FindByThumbprint, "60 0c 63 d0 54 6f 80 21 de 10 5e 9f bd 5a 8d 78 1f 9f 6c 62", false)[0]; store.Close();
-
Dask Client can't connect to dask-scheduler
I'm on dask 1.1.1 (latest version) and I have started a dask scheduler at the commandline with this command:
$ dask-scheduler --port 9796 --bokeh-port 9797 --bokeh-prefix my_project distributed.scheduler - INFO - ----------------------------------------------- distributed.scheduler - INFO - Clear task state distributed.scheduler - INFO - Scheduler at: tcp://10.1.0.107:9796 distributed.scheduler - INFO - bokeh at: :9797 distributed.scheduler - INFO - Local Directory: /tmp/scheduler-pdnwslep distributed.scheduler - INFO - ----------------------------------------------- distributed.scheduler - INFO - Register tcp://10.1.25.4:36310 distributed.scheduler - INFO - Starting worker compute stream, tcp://10.1.25.4:36310 distributed.core - INFO - Starting established connection
then... I tried to start up a client to connect to the scheduler using this code:
from dask.distributed import Client c = Client('10.1.0.107:9796', set_as_default=False)
but upon trying to do that, I get an error:
... File "/root/anaconda3/lib/python3.7/site-packages/tornado/concurrent.py", line 238, in result raise_exc_info(self._exc_info) File "<string>", line 4, in raise_exc_info tornado.gen.TimeoutError: Timeout During handling of the above exception, another exception occurred: ... File "/root/anaconda3/lib/python3.7/site-packages/distributed/comm/core.py", line 195, in _raise raise IOError(msg) OSError: Timed out trying to connect to 'tcp://10.1.0.107:9796' after 10 s: connect() didn't finish in time
This has been hardcoded in a system that's been running for months now. So I'm just writing this question to verify I'm not doing anything wrong programmatically right? I think it must be something wrong with the environment. Does everything look right to you? what kind of things could be stopping this outside of dask and python? certificates? differing versions of packages? thoughts
-
How to redirect .com.sg to .sg in Google App Engine?
I was using Firebase Hosting, but recently our team decided to change to GAE.
After we added two custom domains, we need to redirect
.com.sg
to.sg
always.Does anyone know how to achieve this feature?
Am using Nodejs as server language. Any help will be appreciated very much! Cheers
-
In firefox is a ajax call deleted before a redirect
First, in Chrome this working every time 100% and in Firefox not working 100%.
In a click-event, I want only submit data with ajax to the server for statistics. There is no response needed, it should only submit the data to the server. After submitting ajax-data the visitor should immediately redirect to another page. I can't do redirect after ajax callback or something like async=false, because the calculation takes its time and visitors should not waiting seconds.
The only solution that I can see, its to use setTimeout() as a workaround for Firefox, so the ajax call is successfully submitted and redirect called after a period of milliseconds. Is there a preferred documented value in milliseconds for this task? So its working 100% for all future versions of Firefox.
Actual I can only guess a value that working on my pc in my actual firefox version. Is there maybe an official value for this in firefox?
Is this may be an issue in Firefox? I can fully understand that async=true don't give callbacks with outside redirects.
But I don't need callbacks, I want only to submit data with ajax. Why firefox kills these requests silently? There is no trace in the network.
-
Correct .htaccess to redirect all https:// pages to https://www
I want to redirect all non-www pages to https://, but only the home page does so as expected. That is, http://kraftgiftbox.com will redirect to https://www.kraftgiftbox.com/ as I expect, that's ok! But none of the sub-level page will, like https://kraftgiftbox.com/odd-shaped-boxes.html, it won't redirect to the www version. I had a .htaccess file as follows:
RewriteOptions inherit RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteRule ^(.*)$ https://kraftgiftbox.com/$1 [R,L] ErrorDocument 404 /404.shtml RewriteCond %{HTTP_HOST} ^kraftgiftbox\.com$ RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteRule ^/?$ "https\:\/\/www\.kraftgiftbox\.com\/" [R=301,L]
Can someone please help me correct the code? Thanks!