CODEWITHSUNDEEP
phpregexapache.htaccessmod-rewrite
Jaimin MosLake
Jaimin MosLake

Reputation: 675

Redirect http to https in Yii2 .htaccess

htaccess file which redirects my advanced Yii2 app to frontend index.php file for that there is already an .htaccess file. which has following lines..

This is Right Now my .HTACCESS at root directory

Options -Indexes

<IfModule mod_rewrite.c> 
 RewriteEngine on

  RewriteCond %{REQUEST_URI} !^public
  RewriteRule ^(.*)$ frontend/web/$1 [L] 
</IfModule>

# Deny accessing below extensions
  <Files ~ "(.json|.lock|.git)">
    Order allow,deny
    Deny from all
  </Files>

# Deny accessing dot files
  RewriteRule (^\.|/\.) - [F]

now i searched internet and i found this if i want to redirect to https then i have to add this.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

so i added like this....

Options -Indexes

<IfModule mod_rewrite.c> 
  RewriteEngine on

  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 

  RewriteCond %{REQUEST_URI} !^public
  RewriteRule ^(.*)$ frontend/web/$1 [L] 
</IfModule>

# Deny accessing below extensions
  <Files ~ "(.json|.lock|.git)">
    Order allow,deny
    Deny from all
  </Files>

# Deny accessing dot files
  RewriteRule (^\.|/\.) - [F]

then it loads website withouat any js and css... and also it is in http. But content it requires should be in https.

I do understand it is because of my another rewrite statement. But i am not so expertise in it. Please mae some suggetion.

Here this thing if it is alone it works perfect without any problem.

  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

It will send my http to https. So it works perfact.

Or if this is alone

   RewriteCond %{REQUEST_URI} !^public
   RewriteRule ^(.*)$ frontend/web/$1 [L]

This rule tells that execute index.php file from the [.htaccess Directory/frontend/web/] directory . Means execute frontend/web/index.php . Here it is very important to do this as this is as per the framework structure.

So i have to combine these two rules together and build a .htaccess which will work for both scenario.

CONCLUSION

So my .HTACESS should tell the server we have to run [.HTACESS DIR/frontend/web/index.php] in https.

UPDATE TO QUESTION

this is the .htaccess under frontend/web/ folder where my index.php is

And this is at root/frontend/web folder where index.php exists.

RewriteEngine on

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . index.php

Do i have to add https thing here ?

Upvotes: 7

Views: 20313

Answers (5)

lubosdz
lubosdz

Reputation: 4500

The easiest way might be setting the on beforeRequest event handler in /config/web.php like so:

...
'bootstrap' => ['log'],
'on beforeRequest' => function ($event) {
    if(!Yii::$app->request->isSecureConnection){
        $url = Yii::$app->request->getAbsoluteUrl();
        $url = str_replace('http:', 'https:', $url);
        Yii::$app->getResponse()->redirect($url);
        Yii::$app->end();
    }
},
...

Upvotes: 18

Jaimin MosLake
Jaimin MosLake

Reputation: 675

In root .htaccess when i put this. It also works for me.

RewriteEngine on

RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ frontend/web/$1 [L]

Upvotes: 2

anubhava
anubhava

Reputation: 785246

You root/frontend/web/.htaccess should be like this:

RewriteEngine on
RewriteBase /frontend/web/

RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=301]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [L]

Just remember that a sub-directory .htaccess always takes precedence over parent directory .htaccess.

Upvotes: 14

Soronbe
Soronbe

Reputation: 926

Another approach would be to change the virtual host on port 80 (HTTP):

<VirtualHost *:80>
    ServerName mywebsite.com
    Redirect permanent / https://mywebsite.com
</VirtualHost>

and then have a separate virtual host for port 443 (HTTPS).

Assuming a Debian(-fork) Linux server you'd have to put the above in /etc/apache2/sites-available/myname.conf. After you've done that use sudo a2ensite myname.conf (if this fails, you can create the symlink in /etc/apache2/sites-enabled/ yourself, but try not to). Now restart apache with 'sudo service apache2 restart'.

Upvotes: 1

Bruno Santos
Bruno Santos

Reputation: 1

I've used this code below.

RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www.(.*) [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www.(.*) [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

Upvotes: 0

Related Questions