HTTP to HTTPS redirect advice

[BLiZZaRD]

Ahhh... GoDaddy... there is the issue.

They run php through CGI, but they use their own coding. Try this and let me know what happens. If this doesn't work, we will need to get some information from your CPanel log in.

Code:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Options +ExecCGI
AddHandler application/x-httpd-lsphp .html
AddType audio/ogg .oga
AddType video/ogg .ogv
AddType application/ogg .ogg
AddHandler application-ogg .ogg .ogv .oga

## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType text/html "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 1 month"
</IfModule>
## EXPIRES CACHING ##

<Files ~ "^\.(htaccess|htpasswd)$">
deny from all
</Files>
Options Indexes
order deny,allow
<IfModule mod_headers.c>
  <FilesMatch "\.(js|css|xml|gz)$">
    Header append Vary: Accept-Encoding
  </FilesMatch>
</IfModule>

AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

We may need to remove your deflate arguments as well. I can't remember if GD allows deflation or not. I will have to research.

[theremotedr]

Hi,
I have applied & left the code is post #11 now in the htaccess file for you to see etc.
This also did not work.

Also shows same message as before.

Thanks
If i need to go to c panel can you advise path etc so i can get the info you require quickly.

Thanks

[BLiZZaRD]

Before we do all of that, let's figure out what is breaking the .htaccess file. One or more of the solutions should have already worked, even in GoDaddy.

Start with this and let me know what happens.

Code:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Options +ExecCGI
AddHandler application/x-httpd-lsphp .html

[theremotedr]

Hi that worked ok.

Code:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Options +ExecCGI
AddHandler application/x-httpd-lsphp .html

[BLiZZaRD]

Just go through and make sure all the other elements of your site work as expected.

I figured most of that was overlay from the previous host, which you probably don't need anymore. If you find that you do, just let me know and we will get the right coding for it.

[theremotedr]

Hi,
I have been looking around but i dont see any issues,basically what ever i click on etc it does what it is supposed to do.

With respects of the old code i dont know what it did anyway but do you think we should put it in or just leave it as it is ?

Thanks

[BLiZZaRD]

I wouldn't add anything you don't need.

Code:

## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType text/html "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 1 month"
</IfModule>
## EXPIRES CACHING ##

Basically, this is a cookie expiry module. Probably left over from a script that was run on the old server. Unless you actually need to control cookies for a particular reason, this can be left out. One example of a requirement would be a sign up pop up. If the user sees the pop up and closes it, the expiry wouldn't show that pop up to them again for XX number of days. It's basically useless except in direct marketing.

Code:

<Files ~ "^\.(htaccess|htpasswd)$">
deny from all
</Files>
Options Indexes
order deny,allow

All this is doing is preventing anyone from directly accessing your .htaccss file. However, with Apache, there is no direct access anyway and most reliable servers will have this encoded in the main file on the whole server. There is no need for it.

Code:

<IfModule mod_headers.c>
  <FilesMatch "\.(js|css|xml|gz)$">
    Header append Vary: Accept-Encoding
  </FilesMatch>
</IfModule>

Again, this is probably from the old server. GoDaddy uses FastCGI and the cache modules are already there. This forces them to run again, which can slow down the server or break your site. Either way, if it is already run, you don't need to run it again.

Code:

AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

This is a compression force value for each of the file types. It is used to speed up load times of your site for the client side (visitors). Unless you are running HUGE amounts of scripting and server side cache, implimentation and other such things, the compression won't really matter much. You may leave this out and only suffer a few miliseconds of laod time, which isn't enough to kick anyone off your site because images and scripts aren't loading.

Code:

AddType audio/ogg .oga
AddType video/ogg .ogv
AddType application/ogg .ogg
AddHandler application-ogg .ogg .ogv .oga

This allows your site to process and play .ogg files which are native to Linux. The Vorg Obb file format is similar to .wav for windows. If you aren't posting any .ogg files, there isn't a need to have this either. If you are, there are better ways to display them (and you should have mp4 and mp3 back ups running anyway).

If nothing is broken, I would suggest you just leave it as is. Bloat isn't needed.

[theremotedr]

Thanks for your time & effort with this.
I will leave the code which is running at present.

Cheers & have a nice day.

[rajputrana]

However, on the Outside, shifting from http to https is Very straight forward:

1. Buy an SSL certification,
2. put in your own SSL certification in your own website's hosting accounts,
3. Be certain any internet site backlinks are shifted from http to https so that they really are perhaps not divided once you reverse your https swap, also
4. Setup 301 redirects from HTTP to HTTPS to ensure your web page's addresses have shifted so anyone who's sought a webpage in your own internet site is instantly redirected to the https tackle once you reverse off the change.