htaccess https dropping paddlock/logo

Last edited by Garry on Wed Apr 20, 2011 2:44 pm; edited 1 time in total

Hi,

I have the below is my .htaccess to redirect login and signup.php to HTTPS, that part works.

The problem is with HTTP 301 redirect part.
It is removing the HTTPS/SSL Paddlock and logo depending on browsers, whenit has (.*) in the RewriteRule.

If I remove (.*) from the RewiteRule it doesn't always redirect back to http.

For example without (.*)
If I go to https://www.mydomain.tld] - It redirects back to http

But if I got to https://www.mydomain.tld/faq.php - It doesn't redirect and stays on the https, which is not what I am looking for.

Also currently with the (.*) it has broken my login page.

[code]
# HTTPS 301 redirect on login.php and signup.php
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(login.php|signup.php)$ https://%{HTTP_HOST}/$1 [R=301,L]

# HTTP 301 redirect
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{REQUEST_URI} !^/(login.php|signup.php)$
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
[/code]

I have tried changing the * for a + and ? which didn't work, I also try changing %{REQUEST_URI} to /$1 which didn't work either

Can anyone help?

NetHosted Staff Joined: 22 Mar 2004 Posts: 7017

Garry,

Where is the .htaccess file with these rules? I can take a look but I'll need to be able to access the real .htaccess to try my changes.

Thanks,

Andrew

Posted: Wed Apr 20, 2011 2:43 pm Post subject:

Hi Andrew,

It is on my dev site.
Username: devosdat
Server: Venus
The .htaccess is in the public_html folder

For you to be able to access the site, you will need to add your IP at the top to allow access.

It is for the Login and Signup they are on the top right side.

Thank you

NetHosted Staff Joined: 22 Mar 2004 Posts: 7017

Garry,

I made one minor change, the rules appear to be working as desired now. Can you confirm?

Thanks,

Andrew

Posted: Wed Apr 20, 2011 3:07 pm Post subject:

Thanks

I just looked at the .htaccess in the public_html folder and it looks the same.

NetHosted Staff Joined: 22 Mar 2004 Posts: 7017

Garry,

Is it working? It does for me.

Thanks,

Andrew

Posted: Wed Apr 20, 2011 3:09 pm Post subject:

The https is there but there is no symbol paddlock or logo in Firefox 4 or IE9

NetHosted Staff Joined: 22 Mar 2004 Posts: 7017

That rule is designed to redirect users that visit pages that aren't login.php or signup.pp using https to the non-https version of the page. It's doing that and as the pages it is redirecting to aren't https there won't be any padlock.

Andrew

Posted: Wed Apr 20, 2011 3:14 pm Post subject:

But if they go to login.php or signup.php there in no paddlock.
If I remove (.*) there is.

But then the redirect doesn't fully work

NetHosted Staff Joined: 22 Mar 2004 Posts: 7017

Hi,

Neither page shows as secure to me whether you have any rewrite rules in the .htaccess or not.

This is likely due to elements of the pages being linked insecurely.

Thanks,

Andrew

Posted: Wed Apr 20, 2011 3:21 pm Post subject:

Ok, thanks for looking, I will have a check of the files etc...

Posted: Wed Apr 20, 2011 3:43 pm Post subject:

Ok, I have just create test.php that works fine, so I think you are right, it must be unsecure content in those files.

Thanks again for checking it out for me

NetHosted Staff Joined: 22 Mar 2004 Posts: 7017

No problem!

Thanks,

Andrew

Client Support	Community	Server Status	Contact Us	Client Login
Email Hosting	Website Hosting	Reseller Hosting	VPS Hosting	Dedicated Servers