Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Can't seem to get a http to https redirect

Discussion in 'General Discussion' started by mathuaerknedam, Dec 13, 2017.

  1. mathuaerknedam

    Joined:
    Oct 12, 2009
    Messages:
    22
    Likes Received:
    2
    Trophy Points:
    53
    I specifically need an http to https redirect that works in curl, so I've been testing with "curl -IL http://support.example.com". HSTS is already enabled, so normal web browsers redirect without a 301/302 in place.

    I have other redirects working in .htaccess, so I know the file is live. Same with /usr/local/apache/conf/includes/pre_virtualhost_global.conf - most things I do there work fine, it's only this redirect that's eluding me. This leads me to believe that I'm misunderstanding something, but I can't fire out what.

    This works in pre_virtualhost_global.conf, but it's just to demonstrate that I can get a single redirect in that file to give me the curl output I'm looking for.
    Code:
     Redirect 302 /foo https://support.example.com
    With that, I get the following output from curl:
    Code:
    T[mneedham@jelly:~/] curl -IL http://support.example.com/foo
    HTTP/1.1 302 Found
    Date: Wed, 13 Dec 2017 21:58:47 GMT
    Server: Apache
    Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-Xss-Protection: 1; mode=block
    Referrer-Policy: strict-origin-when-cross-origin
    Location: https://support.example.com
    Content-Type: text/html; charset=iso-8859-1
    
    HTTP/1.1 200 OK
    Date: Wed, 13 Dec 2017 21:58:48 GMT
    Server: Apache
    Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-Xss-Protection: 1; mode=block
    Referrer-Policy: strict-origin-when-cross-origin
    X-Powered-By: PHP/5.5.30
    Vary: User-Agent
    Content-Type: text/html
    This is what I need - a 302 with a location header, followed by a 200.

    For the real redirect, I have:
    Code:
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{HTTPS} off
    #    RewriteCond %{HTTPS} !=on
    #    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302]
    #    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [L,R=302]
        RewriteRule (.*) https://support.example.com%{REQUEST_URI} [R=302,L]
    </IfModule>
    The comments show some of the alternative syntax I've tried.

    But no dice:
    Code:
    T[mneedham@jelly:~/] curl -IL http://support.example.com/
    HTTP/1.1 200 OK
    Date: Wed, 13 Dec 2017 22:01:48 GMT
    Server: Apache
    Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-Xss-Protection: 1; mode=block
    Referrer-Policy: strict-origin-when-cross-origin
    Last-Modified: Sat, 14 Nov 2015 04:20:43 GMT
    ETag: "1c121-6f-524787fd69cc0"
    Accept-Ranges:  none
    Content-Length: 111
    Content-Type: text/html
    I have this working on another server (one without CPanel):
    Code:
    T[mneedham@jelly:~/] curl -IL http://gamma.example.com/
    HTTP/1.1 302 Found
    Cache-Control: no-cache
    Content-length: 0
    Location: https://gamma.example.com/
    Connection: close
    
    HTTP/1.1 200 OK
    Date: Wed, 13 Dec 2017 22:02:33 GMT
    Server: Apache/2.2.3 (CentOS)
    Strict-Transport-Security: max-age=0; includeSubdomains; preload
    X-Frame-Options: DENY
    X-Content-Type-Options: nosniff
    Last-Modified: Mon, 13 Jun 2016 16:16:30 GMT
    ETag: "3648051-247-36095380"
    Accept-Ranges: bytes
    Content-Length: 583
    Content-Type: text/html; charset=UTF-8
    Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
    X-Frame-Option: SAMEORIGIN
    Any ideas?
     
    #1 mathuaerknedam, Dec 13, 2017
    Last edited by a moderator: Dec 13, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,734
    Likes Received:
    1,706
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  3. mathuaerknedam

    Joined:
    Oct 12, 2009
    Messages:
    22
    Likes Received:
    2
    Trophy Points:
    53
    Those posts seem to all be about how to tweak curl to get it to follow redirects. I have no controls over curl (in fact, I explicitly can't ask my users to change any of their existing scripts), so I'm trying to get this working with my cPanel server like it works on my other server.

    For example, on my cPanel server, this will save 404.html, but with the file name that's being requested, because the redirect isn't being followed.
    Code:
    curl -L -O http://support.example.com/ftp/HDF/releases/HDF4.2.10/src/hdf-4.2.10.tar.gz
    On my server without cPanel, curl follows the redirect and the correct file is downloaded.
    Code:
     curl -L -O http://gamma.example.com/ftp/pub/outgoing/szip-MacOSX/SZIP-U.tar.gz
    So I need to know how to get my cPanel server to behave this way, without any changes to how curl is run on the client side.
     
    #3 mathuaerknedam, Dec 14, 2017
    Last edited by a moderator: Dec 14, 2017
  4. mathuaerknedam

    Joined:
    Oct 12, 2009
    Messages:
    22
    Likes Received:
    2
    Trophy Points:
    53
    I've confirmed that the redirect in .htaccess work, but they appear to only be working for example.com, and not for subdomains.

    If htaccess doens't contain a specific http-https redirect, the later redirect from example.com to www.example.com works in two steps.

    Code:
    T[mneedham@jelly:~/] curl -IL http://example.com/
    HTTP/1.1 302 Found
    Date: Thu, 14 Dec 2017 20:11:42 GMT
    Server: Apache
    Location: https://www.example.com/
    Content-Type: text/html; charset=iso-8859-1
    
    HTTP/1.1 200 OK
    Date: Thu, 14 Dec 2017 20:11:43 GMT
    Connection: keep-alive
    Cache-Control: public, max-age=600
    Content-Type: text/html; charset=UTF-8
    Link: ; rel=shortlink
    Server: nginx
    Set-Cookie: SESSd032b234df65d8974df0a9209036ab3e=ce1a18ef38461b932d77702ef5666752; expires=Thu, 14-Dec-2017 20:11:42 GMT; Max-Age=0
    Set-Cookie: SSESSd032b234df65d8974df0a9209036ab3e=6aed4ca399317157ec84299b4f70d73f; path=/; domain=.example.com; secure; HttpOnly
    Surrogate-Key-Raw: front post-3457 post-user-3 single
    X-Pantheon-Styx-Hostname: styx-fe1-a-2529815732-m966b
    X-Styx-Req-Id: styx-4ce7861ff9790e49a0ae2be8633dc655
    X-Tec-Api-Origin: https://www.example.com
    X-Tec-Api-Root: https://www.example.com/wp-json/tribe/events/v1/
    X-Tec-Api-Version: v1
    Via: 1.1 varnish
    Fastly-Debug-Digest: d2eba00737b281447999a6e11aa618822662cd5965810cd10e8966ec5136e560
    Accept-Ranges: bytes
    Via: 1.1 varnish
    Age: 0
    X-Served-By: cache-mdw17327-MDW, cache-ord1733-ORD
    X-Cache: MISS, MISS
    X-Cache-Hits: 0, 0
    X-Timer: S1513282302.297314,VS0,VE750
    Vary: Accept-Encoding, Cookie, Cookie
    If I add the http-https redirect at the top, I see the https redirect, followed by the www.example.com redirect. This at least tells me that the redirect syntax is correct and *IS* working (inconsistently).

    Code:
    T[mneedham@jelly:~/] curl -IL http://example.com/
    HTTP/1.1 302 Found
    Date: Thu, 14 Dec 2017 20:11:52 GMT
    Server: Apache
    Location: https://example.com/
    Content-Type: text/html; charset=iso-8859-1
    
    HTTP/1.1 302 Found
    Date: Thu, 14 Dec 2017 20:11:52 GMT
    Server: Apache
    Location: https://www.example.com/
    Content-Type: text/html; charset=iso-8859-1
    
    HTTP/1.1 200 OK
    Date: Thu, 14 Dec 2017 20:11:53 GMT
    Connection: keep-alive
    Cache-Control: public, max-age=600
    Content-Type: text/html; charset=UTF-8
    Link: ; rel=shortlink
    Server: nginx
    Set-Cookie: SESSd032b234df65d8974df0a9209036ab3e=c2ad7658d08f2322661b17f0852b7849; expires=Thu, 14-Dec-2017 20:11:52 GMT; Max-Age=0
    Set-Cookie: SSESSd032b234df65d8974df0a9209036ab3e=35a0ec0edf39b9f856cada1a46dad8a1; path=/; domain=.example.com; secure; HttpOnly
    Surrogate-Key-Raw: front post-3457 post-user-3 single
    X-Pantheon-Styx-Hostname: styx-fe1-b-907954384-fphbx
    X-Styx-Req-Id: styx-f81f66c0ca0cca5c06f88e4f79bffb71
    X-Tec-Api-Origin: https://www.example.com
    X-Tec-Api-Root: https://www.example.com/wp-json/tribe/events/v1/
    X-Tec-Api-Version: v1
    Via: 1.1 varnish
    Fastly-Debug-Digest: d2eba00737b281447999a6e11aa618822662cd5965810cd10e8966ec5136e560
    Accept-Ranges: bytes
    Via: 1.1 varnish
    Age: 0
    X-Served-By: cache-mdw17343-MDW, cache-ord1730-ORD
    X-Cache: MISS, MISS
    X-Cache-Hits: 0, 0
    X-Timer: S1513282313.530212,VS0,VE780
    Vary: Accept-Encoding, Cookie, Cookie
    But if I try this with support.example.com, or any other subdomain, there's no redirect!?

    There may be an additional, or deeper problem. It's not just the http to https redirect that isn't working properly. Even without the http-https redirect in place, http://bigtime.example.com returns 200, while https://bigtime.example.com correctly returns 302 followed by 200.

    Code:
    T[mneedham@jelly:~/] curl -IL http://bigtime.example.com/
    HTTP/1.1 200 OK
    Date: Thu, 14 Dec 2017 20:25:59 GMT
    Server: Apache
    Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-Xss-Protection: 1; mode=block
    Referrer-Policy: strict-origin-when-cross-origin
    Last-Modified: Sat, 14 Nov 2015 04:20:43 GMT
    ETag: "1c121-6f-524787fd69cc0"
    Accept-Ranges: none
    Content-Length: 111
    Content-Type: text/html
    
    T[mneedham@jelly:~/] curl -IL https://bigtime.example.com/
    HTTP/1.1 302 Found
    Date: Thu, 14 Dec 2017 20:26:14 GMT
    Server: Apache
    Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-Xss-Protection: 1; mode=block
    Referrer-Policy: strict-origin-when-cross-origin
    Location: https://w19.bthost.com/hdf/
    Content-Type: text/html; charset=iso-8859-1
    
    HTTP/1.1 200 OK
    Cache-Control: private
    Content-Length: 3879
    Content-Type: text/html
    Expires: Thu, 14 Dec 2017 20:26:31 GMT
    Server: Microsoft-IIS/7.5
    Set-Cookie: ASPSESSIONIDSSGQDCBR=JPMDMOGBINDFKGHMLEHBMBLI; secure; path=/
    X-Powered-By: ASP.NET
    X-Robots-Tag: noindex, nofollow
    Date: Thu, 14 Dec 2017 20:26:30 GMT
    Here are the relevant redirects.
    Code:
    RewriteCond %{HTTP_HOST} ^bigtime\.example\.com$
    RewriteRule ^(.*)$ "https\:\/\/w19\.domain\.com\/hdf\/$1" [R=302,L]
    
    RewriteCond %{HTTP_HOST} ^example\.com
    RewriteRule ^(.*)$ "https\:\/\/www\.example\.com\/$1" [R=302,L]
    
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
     
    #4 mathuaerknedam, Dec 14, 2017
    Last edited by a moderator: Dec 14, 2017
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,734
    Likes Received:
    1,706
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
  6. mathuaerknedam

    Joined:
    Oct 12, 2009
    Messages:
    22
    Likes Received:
    2
    Trophy Points:
    53
    Thanks, I've created support request 9113359.
     
  7. mathuaerknedam

    Joined:
    Oct 12, 2009
    Messages:
    22
    Likes Received:
    2
    Trophy Points:
    53
    This has been resolved by cPanel support.

    For anyone else who reads this, the problem was that I had DNS directing subdomains to the server, but hadn't added the subdomains within cPanel. So I removed my subdomains' DNS records, added the subdomain to cPanel (with a doc root of public_html/), and everything started working.
     
    cPanelMichael likes this.
Loading...

Share This Page