Forum
Is there a way to force https to http?
Gilad
20 December 2014, 18:47
Hi,
I'm looking for a URL toolkit rule set or any other way to force https:// to go to http://
For some bizzare reason even if I remove my 443 port configuration the browser still redirects my site to https.
Any advice?
Hiawatha version: 9.9
Operating System: Ubuntu 12
I'm looking for a URL toolkit rule set or any other way to force https:// to go to http://
For some bizzare reason even if I remove my 443 port configuration the browser still redirects my site to https.
Any advice?
Hiawatha version: 9.9
Operating System: Ubuntu 12
Gilad
21 December 2014, 06:29
To be more specific - I need a URL toolkit that detects SSL and if it is SSL redirects to http (non ssl) permantly.
If possible (not a must but good to have) I want to exclude one folder (i.e http://www.mysite.com/securefolder/) which will remain under ssl.
Is that possible? How?
If possible (not a must but good to have) I want to exclude one folder (i.e http://www.mysite.com/securefolder/) which will remain under ssl.
Is that possible? How?
Hugo Leisink
21 December 2014, 08:35
Yes, that is possible:
Why do you want to switch from HTTPS to HTTP?
UrlToolkit {
ToolkitID = https_to_http
Match ^/securefolder/ Return
UseSSL skip 1
Return
Match ^/(.*) Redirect http://www.mysite.com/$1
}
Why do you want to switch from HTTPS to HTTP?
Gilad
21 December 2014, 09:30
Thanks Hugo!
I've tried it but I get a syntax error on the skip 1 line (I did fix the capitilzed letter):
UrlToolkit {
ToolkitID = https_to_http
Match ^/securefolder/ Return
UseSSL Skip 1
Return
Match ^/(.*) Redirect http://www.mysite.com/$1
}
Any idea why?
Also - can I do it so it also support subdomains (i.e. me.mysite.com and www.mysite.com)?
I've tried it but I get a syntax error on the skip 1 line (I did fix the capitilzed letter):
UrlToolkit {
ToolkitID = https_to_http
Match ^/securefolder/ Return
UseSSL Skip 1
Return
Match ^/(.*) Redirect http://www.mysite.com/$1
}
Any idea why?
Also - can I do it so it also support subdomains (i.e. me.mysite.com and www.mysite.com)?
Hugo Leisink
21 December 2014, 11:00
Hmmm, my bad. The error is in the single 'Return' line.
UrlToolkit {
ToolkitID = https_to_http
Match ^/securefolder/ Return
UseSSL skip 1
Match .* Return
Match ^/(.*) Redirect http://www.mysite.com/$1
}
Gilad
21 December 2014, 11:33
Thanks!
That solved the syntax error but seems this causes a redirect loop - site goes to http but something redirects it to https and so on.
Any idea what on the Hiawatha config can cause that? Maybe there's a way to totally disable SSL for the site? Even if I remove the 443 listener the site still redirects to https for some bizzare reason :-(
That solved the syntax error but seems this causes a redirect loop - site goes to http but something redirects it to https and so on.
Any idea what on the Hiawatha config can cause that? Maybe there's a way to totally disable SSL for the site? Even if I remove the 443 listener the site still redirects to https for some bizzare reason :-(
Hugo Leisink
21 December 2014, 11:36
My guess is it is because of HSTS [en.wikipedia.org]. Hiawatha v9.9 incorrectly sends an HSTS header when using HTTPS. You can overrule this via a "RequireSSL = no, 0" via every virtual host. Will be fixed in v9.10.
Gilad
21 December 2014, 12:15
I just tried adding that to this site's virtual host but it still goes to a redirect loop.
I'm indeed on 9.9 but I am clueless about why this redirect happens?
I'm indeed on 9.9 but I am clueless about why this redirect happens?
Hugo Leisink
21 December 2014, 12:21
Oh, yeah, sorry. Forgot to explain some more. Your browser remembers the HSTS setting for a website, even if you remove the header. That's the whole idea of HSTS, to force browsers to use HTTPS. To make your browser forget it, look up the site in your browser's history (assuming you are using Firefox) and choose "Forget About This Site".
Gilad
21 December 2014, 13:20
Ahhh, thanks. I just did that yet the site keeps going to a redirect loop.
So frustrating :-(
So frustrating :-(
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
