We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Understanding and using most common htaccess directives for a CI website

April 22, 2012 5:18pm

Subscribe [2]

  • #1 / Apr 22, 2012 5:18pm

    novice32

    57 posts

    In the past I merely lifted htaccess code from online but never really understood how parts of it worked. So, I attempted to add some documentation around 3 common scenarios 1) forcing “www” version of your website 2) enabling web-friendly URLs and 3) forcing specific pages to be HTTPS (this works in localhost vhost setup with self-signed cert).

    Let me know your thoughts, suggestions, or if I completely missed the mark with anything. Feel free to add as well.

    RewriteEngine on
Options +FollowSymLinks

#force redirect to "www" version of the URL
#also appends REQUEST_URI (i.e, $1) to redirected version of URL
#tell browser or agent this is a permanent redirect
RewriteCond %{HTTP_HOST} ^domain1\.com
RewriteRule ^(.*)$ <a href="http://www.domain1.com/$1">http://www.domain1.com/$1</a> [R=permanent,L]

#rewrite friendly URL and pass to CI web app in proper format (i.e, which includes "index.php")
#ignore requests made directly to index.php, robots.txt, favicon.ico
#or files in folders images, assets and js
#example rewrite: <a href="http://www.domain1.com/web/about">http://www.domain1.com/web/about</a> => <a href="http://www.domain1.com/index.php/web/about">http://www.domain1.com/index.php/web/about</a>
RewriteCond $1 !^(index\.php|images|assets|js|robots\.txt|favicon\.ico)
RewriteRule ^(.*)$ /index.php/$1 [L]

#GOAL: force https for login page
#IF request on port 80 and not made directly to index.php, robots.txt, favicon.ico
#or files in folders images, assets and js 
#THEN create a rewrite rule for URI /user/login  to redirect ("Found 302") to https
#version of URL. "$1" backreferences "(.*)", which is anything appended after 
#after "/user/login". "$1" appends additional data to the secured version of the URL 
RewriteCond %{SERVER_PORT} 80
RewriteCond $1 !^(index\.php|images|assets|js|robots\.txt|favicon\.ico)
RewriteRule /user/login(.*)$ https://%{HTTP_HOST}/user/login$1 [L]

#force https for registration page
RewriteCond %{SERVER_PORT} 80
RewriteCond $1 !^(index\.php|images|assets|js|robots\.txt|favicon\.ico)
RewriteRule /user/register(.*)$ https://%{HTTP_HOST}/user/register$1 [L]

  • #2 / Apr 22, 2012 9:03pm

    skunkbad

    1326 posts

    It is not PCI compliant to force HTTPS. you should instead send a 404 error.

  • #3 / Apr 22, 2012 10:08pm

    novice32

    57 posts

    Thanks Skunkbad - interesting point. Strictly speaking, for an e-commerce website, you would want to throw a 404 for a non-secured version of resource, endpoint, or page; this allows strict following of the API.

    My website doesn’t perform e-commerce. I’m currently enabling HTTPS for only a few pages (login, change password, register). I couldn’t find an easier way to force SSL for certain pages, generically, that would work for both localhost and on live website.

    I figured the above - provided correct - could be a learning resource for folks who don’t quite understand htaccess. The one implied flaw is if the visitor is on a HTTPS page and clicks on a “relative” href link, then the HREF page will also be secured, even though it may not have been intended. One could add another rewrite rule to force non-targeted SSL page back to HTTP.

     

  • #4 / Apr 22, 2012 10:24pm

    CroNiX

    4713 posts

    Lines like this:

    RewriteCond $1 !^(index\.php|images|assets|js|robots\.txt|favicon\.ico)

    would be much better written as:

    RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

    So you don’t have to constantly readjust it every time you add a new directory, file or whatever, that you don’t want CI to execute.

  • #5 / Apr 23, 2012 9:02pm

    novice32

    57 posts

    Thanks, CroNix, that’s certainly a more elegant solution.

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register