We've a problem trying to redirect the user from http to https - Both works and https is using ssl and working flawless.
When we're trying to redirect the user with different methods we keep getting this error:
ERR_TOO_MANY_REDIRECTS
The methods we have tried..
htaccess
Applying a global filter in MVC
Attributes in the controller (RequireHttpsAttribute)
Web.config (Rewrite Rules)
It's the same result for the 404-page that doesn't use a controller.
Provide how you are doing the redirect. Are you in a web farm? Is SSL offloaded to a load balancer?
In certain cloud/hosting scenarios, the latter is the possible culprit -
e.g.
in your application, you're checking for an SSL connection and the application tries to redirect to an https url (i.e. HttpRequest.IsSecureConnection)
however, if a load balancer handles SSL for your servers (farm), the connection from the load balancer to your hosts may not be via https - and there's your loop (the ssl check in your application will always be false)
browser: https < - > SSL/Load Balancer < - - > web farm: http
in this scenario check with your provider - they usually will have custom headers that you can inspect when they forward the request to your servers indicating that the original request was via https.
Thanks for the help, my hosting provider solved it with .htaccess - I guess I was using it wrong.. Thanks again, Stackoverflow!
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.(.*)$ [NC]
RewriteCond %{HTTP:HTTPS} !on
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} ^www.(.*)$ [NC]
RewriteCond %{HTTP:HTTPS} !on
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Related
I am trying to implement a Xero Webhook in my Ruby on Rails application. However, the Xero documentation says that the response should not contain any cookie. Hence, I am trying to find a way to remove all the cookies from the response, but I have no luck. There is always a cookie with name _rails-devise_session which is the cookie to support sessions.
How can I have this cookie removed (or not present in the first place) but only for the specific end-point that serves the Xero Webhook?
Due to the inflexibility and poor documentation of the Xero web hook API I created a file outside the framework and used .htaccess to to direct the incoming traffic.
Invalidating a cookie does not work, nor does setting the value to null. If an array key for a cookie exists at all, the web hook will not function.
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .*xerowebhook /webhooklanding.php [QSA,L,END]
RewriteRule ^ index.php [QSA,L]
I have yet to find a viable alternative where session cookies are in use.
protect_from_forgery with: :null_session
in my controller, worked for me.
I need to redirect traffic for all the visitors coming from a bunch of domains, but they all have the same page.
So all referrers like this:
hxxp://domain1.com/search.php
hxxp://domain2.com/search.php
hxxp://domain3.com/search.php
So when these visitors come to my page, they will be redirected through another url, however all other referring visitors will go to the site.
Ideas?
In your .htaccess file, assuming YourNewDestination.com is the desired destination:
RewriteEngine on
RewriteCond %{HTTP_REFERER} /search\.php$ [NC]
RewriteRule ^(.*)$ http://YourNewDestination.com
I'm trying to do a 301 permanent redirect for
assets.example.com/x/y/z?a=b
to
example.com/x/y/z?a=b
unless
x == assets
The context here is a CDN that makes origin requests to assets.example.com. The assets.example.com sub-domain shares the same DocumentRoot, and therefore the same robots.txt as example.com. So, it is currently theoretically possible to access any page vai the assets.example.com sub-domain instead of example.com. I would like to redirect everything under the assets.example.com sub-domain except actual assets (which are all under the /assets/ directory).
Here you go - I tested this with Apache 2.2. It should work with any recent version.
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/assets
RewriteCond %{HTTP_HOST} ^assets\.example\.com
RewriteRule ^/(.*) http://example.com/$1 [R=301,L]
The logic here is that rewrite conditions are AND'ed together. It simply walks through the things that need to be true to do the redirect. First it tests if the first path segment is not /assets. Then it tests if the hostname is assets.example.com. If both of those are true, then it does a permanent redirect and ends the ruleset.
I have a web site with .htacess file looks like this:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^wendabang.com$ [NC]
RewriteCond %{HTTP_HOST} !^www.wendabang.com$ [NC]
RewriteRule ^(.*)$ http://www.wendabang.com/$1 [L,R=301]
This morning when I was checking Google web master tool I fond in the back link section Google listed wendabang.com as a site has links back to www.wendabang.com site.
I think this issue should be rested in my .htacess file. But I can not spot the issue.
Another shameless question what I should do if I want to redirect http://www.wendabang.com/ and www.wendabang.com to wendabang.com, I think ditching http:// and www is nice.
Thank you in advance.
the site has multiple issues
the http://www.wendebang.com/ redirects HTTP 302 temp. redirect to http://wendebang.com/. a HTTP 302 comunicate the start url to google as the right url. this means you tell google to see http://www.wendebang.com/ as the url it should display to its users.
additionally, inside your HTML you have
<link rel="canonical" href="http://www.wendabang.com">
and your links look like this
<a href="http://www.wendabang.com/web-analytics-beautiful-shortcomings.html"
as the canonical tag is treated by google like an HTTP 301 permanent redirect you are google again redirecting to the www version.
and a lot of the links point to the www version as well.
at this stage i believe it is a only due to google magnificent error handling that your site is still indexed by google.
1) please see this answer to see about the right way to da an www to non www redirect via .htaccess. Generic htaccess redirect www to non-www
2) change your canonical tags to non www urls
3) change your internal links to non www urls.
and http is a protocol, you can not ditch it (said that, you could ditch is and invent your own protocol on top of the tcp/ip layer, but that is probably not what you want)
When people access my app on www.example.com and log in, they get a cookie. I'm using the cookie option to store session on Rails. Accessing example.com (without the www), they must log in again, because Firefox does not recognize the previous session.
So, what do you think is the best way to avoid this?
I guess I will use a small .htaccess rule (Apache + Passenger) like this:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com
RewriteRule ^(.*)$ http://www.example.com/$1 [R=permanent,L]
Do you guys think that is a good solution?
What I would do is:
Set up separate virtual hosts for domain.com and www.domain.com
Never publish links to domain.com, only to www.domain.com
When a user agent requests http://domain.com/, redirect with a 301 response to http://www.domain.com/
Only issue cookies from www.domain.com
Don't try to make the whole site available from domain.com, just the main page (which is redirected)
You don't need to involve rails in this solution at all.
Create separate virtual host entry:
ServerName domain.com
Redirect permanent / http://www.domain.com
The redirect points the user to your other virtual host:
ServerName www.domain.com