Why does my .htaccess work for all browsers but Internet Explorer?

8,414

Solution 1

In the section marked:

# BEGIN GD-SSL

You can safely delete the line:

RewriteCond %{HTTP_USER_AGENT} ^(.+)$

This is causing your problem though for the life of me I cannot figure out why this line exists. It is a do nothing line really but somehow it did not match the agent name IE was giving. The general rule when doing regular expressions is the match the least first- meaning match only what is necessary. The reason for this is simple. Matching too much always has unintended consequences.

One other thing: And this is important- clear your browser cache just in case. We all have done it. We have fixed a problem, forgot to clear the cache, then think the problem is not solved and try and find another solution. Think Homer Simpson- Dooh!!

Solution 2

Try checking if the port being requested is 80 instead of 443. If 80, redirect to HTTPS.

<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain.com/$1 [R,L]
Header add Strict-Transport-Security "max-age=300"
</IfModule>

8,414

gdaniel

Updated on September 18, 2022

Comments

gdaniel over 1 year
The code .htaccess below is working on all browsers, except for IE (I tested it on IE10 and IE11). The goal is to redirect all HTTP traffic to HTTPS, but IE seems to ignore it. Does IE need specific code?
```
# BEGIN GD-SSL
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_USER_AGENT} ^(.+)$
RewriteCond %{SERVER_NAME} ^domain\.com$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
Header add Strict-Transport-Security "max-age=300"
</IfModule>
# END GD-SSL


# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.+)$
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
```
On Firefox, Safari and Chrome if I access any of these:
```
http://domain.com
http://www.domain.com
https://www.domain.com
```
I am redirected to https://domain.com

On IE I am not redirected, or I am redirected to HTTP (not HTTPS).

Any ideas as to why?
- closetnoc over 9 years
  
  Htaccess has nothing to do with the browser normally. However, this line RewriteCond %{HTTP_USER_AGENT} ^(.+)$ is looking for a user agent name. Not sure what this line is supposed to do, but you can safely remove it to at least test. Make a back-up of your htaccess file before editing it.
- gdaniel over 9 years
  
  Yes, I know .htaccess has nothing to do with the browser, but it's weird that's only IE that doesn't redirect. I will try removing that line to see what happens.
- closetnoc over 9 years
  
  That is the only code you have that has anything to do with the browser. It is looking at the agent name and I am not sure why it is there, but I m sure removing it will stop the different behaviors between browsers.
- dan over 9 years
  
  Most often that's used to target a specific browser, like: RewriteCond %{HTTP_USER_AGENT} .*MSIE.* You can try removing that, however be sure to delete all cache in your browser - IE is notorious for caching issues when testing SSL/HTTPS modifications.
- closetnoc over 9 years
  
  @dan Thanks! I forgot about browser caching. Excellent point!! I was also jumping around busy today so I did not really sit down and try and determine why ^(.+)$. At first glance, it does not make sense to me at all. What would be the point?? I am communing with Carlos Santana on that very question as we speak. So far he has a lot to say, but nothing on this topic yet.
- dan over 9 years
  
  @closetnoc A lot of .htaccess code just gets copied from answers on sites like this one or Stack Overflow. It might have been meant to check for browsers versus bots or scripts that might not provide a User Agent.
- closetnoc over 9 years
  
  @dan Yeah. You are right. I know that regex and .htaccess looks complicated, but it really is not. So people think that one set of cryptic code will solve all their problems but it may not. So they copy and paste before looking into what the code is really doing. Don't get me wrong, regex can make anyone go cross-eyed sometimes, but if you look at the matches I make, then any .htaccess regex is nothing.
- gdaniel over 9 years
  
  @closetnoc you can post your initial comment as the answer. That did the trick.
- dan over 9 years
  
  @closetnoc Checking back over my comments, I can see you meant to ask what does the regex ^(.+)$ do? The period will match any character except newlines, and the plus makes it greedy, the rest means from the start to the end. So it was basically just checking for any User Agent, which apparently for some reason didn't match what IE was sending(?), unless the OP cleared his cache simultaneously. As the OP indicated, you might answer this (but include the part about clearing the cache just in case, I've seen this come up numerous times before).
- closetnoc over 9 years
  
  @dan Thanks! I meant it as a general comment really. Lately I have been busy and jumping around. Especially the last 2 days where I have just been stupid tired and not always making sense. Tomorrow I get a bit of a break. I just did the background check on a new tenant and now I have to figure out about getting a lease signed and when he can move in. What I did not understand was why someone would put that line in. It was a do nothing regex and so the motivation was not exactly clear.
- closetnoc over 9 years
  
  @dan A bit late- but I added an answer.
gdaniel almost 9 years

It's been a while. But just wanted to let you know that removing the user agent worked.