My site is a wordpress site. If a user lands on http://www.example.com/subfolder (non-ssl), they are being incorrectly redirected to https://www.example.com (ssl but without the subfolder). How do I stop this? They need to stay within the subfolder after being redirected to https://.
I"m using Really Simple SSL plugin within Wordpress. My .htaccess file contains this code:
#BEGIN ReallySimpleSSL
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /subfolder/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /subfolder/index.php [L]
</IfModule>
I've never been great editing the .htaccess file. Any help would be appreciated!
EDIT:.......... My .htaccess file is located within the subfolder. There is another .htaccess file located in the root, along with another website. I'm trying to keep users of the subfolder within the subfolder. *I've added a second IfModule to the above code. The .htaccess in the root contains this code:
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Running in a fresh browser window, that I haven't used yet, I am getting the same results.
CodePudding user response:
The Really simple ssl plugin can cause such issues. Check the stop editing htaccess file
option in the plugin settings and test with your htaccess code or try using the below snippet which works for me fine for subfolders/subdomains everything
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"
CodePudding user response:
The issue most likely is that rule you implemented atop the configuration file in the subfolder:
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
It gets applied before anything else in the subfolder and it inconditionally rewrites all non-ssl requests to ssl. The issue here:
The capturing pattern ^(.*)$
gets applied to the relative path in the requests, that is only the section of the path from the subfolder base on. That is how rules in distributed configuration files get applied, this is clearly documented. That actually is one of the reasons why distributed configuration files add a lot complexeity and cause so many issues...
So instead you will have to either implement the https-redirection on top level, or use the absolute path or manually add the subfolder to the redirection target. I'd go with the second option:
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]