Force https://www. for Codeigniter in htaccess with mod_rewrite
46,672
Solution 1
I think, instead of
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
you should have something like
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
do have the rewrite rule match. Your link is currently produced by the third rule.
Solution 2
You could do it in code instead of using htaccess.
You can create a helper function that will redirect the page to be over SSL, which you call from your controller.
In your helper;
function force_ssl() {
if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") {
$url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
redirect($url);
exit;
}
}
Then in your controller;
class Whatever extends CI_Controller {
function __construct() {
parent::__construct();
$this->load->helper(array('your_ssl_helper'));
}
public function index() {
force_ssl();
...
}
}
Solution 3
Use this
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R=301,L]
instead of
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Comments
-
Ben over 3 years
I'm using Codeigniter and following these instructions to force ssl but all requests are being redirected to
http://staging.example.com/index.php/https:/staging.example.com
My
.htaccess
is:### Canonicalize codeigniter URLs # Enforce SSL https://www. RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] ### # Removes access to the system folder by users. # Additionally this will allow you to create a System.php controller, # previously this would not have been possible. # 'system' can be replaced if you have renamed your system folder. RewriteCond %{REQUEST_URI} ^system.* RewriteRule ^(.*)$ /index.php/$1 [L] # Checks to see if the user is attempting to access a valid file, # such as an image or css document, if this isn't true it sends the # request to index.php RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php/$1 [L]
-
Lightness Races in Orbit over 12 yearsCool story! What's the question? SO != debug-it-for-me.com
-
-
feeela over 11 yearsFrom my point of view, the protocol is something the server should handle without the application having anything to with it, if that is possible (respecting the app-requirements). Clients may use either HTTP or HTTPS, or maybe even SPDY.
-
Oliver Holmberg about 10 yearsI think this is a very elegant solution for CI. Although I can appreciate feeela's point of view, I find that controlling this from within your app is consistent with the CI workflow and style. Similarly, other common .htaccess tasks are handled withing CI's routing feature.
-
YudhiWidyatama about 9 yearsI need to change the constant from $_SERVER['HTTPS'] != "on" to $_SERVER['HTTPS'] != "1" for this to work in my system.