Symphony.

What is the best setup in the htaccess file to redirect all traffic over https?

I keep getting the index.php file appended to the end of the URL with this rule:

#RewriteCond %{HTTPS} off
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

This below was mentioned in another post but not sure where in the htaccess file it should be placed? under the RewriteBase?

RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^quotes/?$ https://www.domain.ca/quotes/ [R=301,L]

Andrew, it depends where you put the rule(s) If you want to redirect with https you've got to redirect before any of the other Symphony rules fire, so basically first in line, and I'd put an [L] flag, to make sure the https redirect goes straight away.

If a normal symphony internal redirect takes place before, you'll most likely notice the index.php as you mentioned.

In addition to how you mentioned it can also be done in the vhosts setup if not mistaken, but I don't know the exact rule.

@gunglien is right concerning the positioning of the rule. Any custom rules should be placed before the Symphony section of the .htaccess file—especially because the Symphony section may be changed by Symphoy, e.g. during an update.

Here is an example that redirects the backend to SSL:

RewriteCond %{SERVER_PORT} !443
RewriteCond %{REQUEST_URI} ^/symphony/.*$ [NC]
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
...
### Symphony 2.3.x ###
...
######

Your first example should work as well i f you add [R=301,L] to the rewrite.

Thanks Michael,

So my first example will remove the index.php appended to the end of the url if I place the '[R=301,L]' right? Cos I'm seeing the index.php file using the first rule.

If you are testing, delete the browser cache after every change to the htacess rules, especially if you are using Safari. It will cache redirects (which is very annoying).

If you add [R=301,L], that means:

• R=301: send a 301 Moved Permanently status (and the new location) to the browser
• L: the current rule should be applied immediately without considering further rules, see http://httpd.apache.org/docs/current/rewrite/flags.html#flag_l

So no, it will not remove anything. But it will work as desired. :-)

I should mention that Safari is not doing anything "wrong" if it caches 301 type redirects. As far as I know, a permanent redirect may be cached forever by any Proxy, Browser, whatever. This is the reason why most people use temporary (a.k.a. 302) redirects ([R] resp. [R,L]).

301 vs. 302: http://webdesign.about.com/od/http/qt/tip301v302redir.htm

From this page:

Using mod_rewrite to do this isn't the recommended behavior. See RedirectSSL

The RedirectSSL page shows how to do it with the VirtualHosts, avoiding the need to rely on .htaccess, which is nice.

I needed to do the exact same thing in Hiawatha the other day, and that too does it via a single vhost config line: RequireSSL = yes

I was about to chip in with that myself.

Andrew, I can talk you through all this if need be, done it many times now. Drop me a 'chat' when you need help.

Thanks all, I may bug you tomorrow John. It needs to be htaccess method so will take this route.

BTW this does not work on AWS environments. You need to use HTTP:X-Forwarded-Proto:

RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{ENV:APP_ENV} ^production$
RewriteCond %{REQUEST_URI} !^/status$
RewriteCond %{REQUEST_URI} !^/version$
RewriteCond %{REQUEST_URI} !^/_hostmanager/
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]