The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HTTP to HTTPS Redirect via htaccess not working

Discussion in 'Security' started by Boneshanks, Nov 15, 2015.

  1. Boneshanks

    Boneshanks Member

    Joined:
    Nov 15, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    After scouring the web for several days, I've finally decided to create a thread (my first!) here...

    I am at a loss.
    I have a php-based website (say, example.com) set up in its own public_html directory, with SSL certification for both "example.com" and "www.example.com".
    The https-prefixed version works great across the entire site, without issue.
    However, since I advertise my website as simply "example.com", I want people to be able to simply type that in, and not the full "Example Domain" to be able to access the secure site.

    I also have SSLv3 (for POODLE vulnerability) disabled via the include editor in WHM, as suggested by whynopadlock.com's analysis.

    Unfortunately, now all users who enter the web address without the "https://" prefix get sent to a page saying nothing more than "Index of" with links to "cgi-bin/" and "www/" below, with the error "Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips DAV/2 mod_bwlimited/1.4 Server at www.example.com Port 80" below that.

    I have tried every combination of rules & rewrites I've found for htaccess, with absolutely no change.
    I have attempted to add PHP code for redirection at the top of web pages, but they do not even get loaded.
    I have used cPanel's built-in Redirects tool, with absolutely no difference made (though I see the changes made within htaccess file). Clicking on the directory "/" in the listed redirects sends me to the same "Index of" page.

    Should I ditch the SSLv3 disabling, and just use a redirect function in PHP to ensure all pages are the https version? Or would that then be opening the POODLE vulnerability again.

    I'm not a server-admin expert, at all. Any suggestions would be appreciated.
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello,

    Can you please try to disable old .htaccess code and try with following code.

    Code:
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,786
    Likes Received:
    665
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you let us know which rules were added that do not work as intended?

    Thank you.
     
  4. Boneshanks

    Boneshanks Member

    Joined:
    Nov 15, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Hi, thanks for the reply.
    I just tried your code, with nothing else in htaccess, and still get sent to that "Index of" page when I try either variant of the domain (without the https prefixed)...

    Code:
    [SIZE=6][B]Index of /[/B][/SIZE]
    [LIST]
    [*][URL='http://domain.ca/cgi-bin/']cgi-bin/[/URL]
    [*][URL='http://domain.ca/www/']www/[/URL]
    [/LIST]
    Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips DAV/2 mod_bwlimited/1.4 Server at domain.ca Port 80
    
    
     
    #4 Boneshanks, Nov 16, 2015
    Last edited by a moderator: Nov 17, 2015
  5. Boneshanks

    Boneshanks Member

    Joined:
    Nov 15, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Hi, thanks for replying.
    I honestly can't recall every combination that I've tried, but it's been a LOT, from many sources/forums/blogs.
    Each one has been attempted independently of others though, with no other competing code in htaccess.
    I'm almost convinced that the htaccess isn't even being used. Only when I put in some code that forces a redirect loop do I see something other than that stupid "Index of" page...
    I will happily try any combo again that people suggest here, though, or any other thing.
     
  6. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello,

    I can see you have root access of your server, so can you please let me know following command out from your server.

    Code:
    cd /home/cPanel_User/public_html/
    ls -la
    Note: use your cPanel user name instead of cPanel_User in above command.
     
  7. Boneshanks

    Boneshanks Member

    Joined:
    Nov 15, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Hi, thanks.
    That command lists all the web files & subdirectories for my website, including the index.php which gets loaded normally when the domain name is entered with the https prefix. The htaccess file in (attempted) use is also listed in that same public_html directory.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,786
    Likes Received:
    665
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  9. Boneshanks

    Boneshanks Member

    Joined:
    Nov 15, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Hi, thanks.

    No, with no redirect rules in htaccess, pages do NOT load as they should. Without the "https" prefix, users get sent to that "Index of" page regardless of whether there are redirect rules in the htaccess or not.
    The only thing that ever changes that is if I put in something that causes a redirect loop. Otherwise, it's always "Index of".
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,786
    Likes Received:
    665
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Are you sure there are no rules in the .htaccess file within the public_html directory or the account's home directory when the index page appears? Is the "Indexes" option enabled for "Directory “/” Options" in "WHM Home >> Service Configuration >> Apache Configuration >> Global Configuration"?

    Thank you.
     
  11. Boneshanks

    Boneshanks Member

    Joined:
    Nov 15, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Hi, thanks for the help.
    I just checked WHM>Service Configuration>Apache Configuration>Global Configuration and the section for Directory "/" Options has ExecCGI, FollowSymLinks, IncludesNOEXEC, Indexes, and SymLinksIfOwnerMatch all checked, with both Includes & Multiviews unchecked.
    The account's home directory IS public_html, if that helps clarify anything.
    There is currently NOTHING in that directory's htaccess. Empty file. No other htaccess files hiding anywhere else in public_html or its subdirectories.
    The thing that makes it so baffling to me is that as long as you type in the "https://" prefix along with the domain (with or without www), the index page loads fine, along with everything else in the website, all of it under SSL.
    Any combination of "domain.com", "www.domain.com", "http:// domain . com", or "http:// www . domain . com" results in the "Index of" page (without the spaces of course).

    Frustrating. Thanks for the continued help, though. Don't give up on me!
     
  12. Boneshanks

    Boneshanks Member

    Joined:
    Nov 15, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Still haven't resolved this issue.
    No other ideas from anyone?
     
Loading...

Share This Page