cakephp and https redirects

L

6

13

I have a site that has some strict requirements for SEO purposes.

The main one is redirecting all http requests to https which I have done by adding this into the AppController:

public function forceSSL() {
    return $this->redirect('https://' . env('SERVER_NAME') . $this->here);
}

public function beforeFilter() {
    $this->Security->blackHoleCallback = 'forceSSL';
    $this->Security->requireSecure();
}

The issue I have is with 404 pages, they do not redirect to https (eg. www.hublink.net/asdfg)

I have also added these 2 lines to the .htaccess file (from another post), and removed the above code but then get a "redirect loop" error

RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Lithiasis answered 12/8, 2014 at 23:43 Comment(0)

I

9

I have this in my .htaccess file and it works great. I have it ignoring local and staging URLs, like if I had http://local.example.com it will not force redirection for that url. Those lines can be removed. I like using the .htaccess approach over the one in the AppController. This is also the top level .htaccess file in a standard CakePHP install on a shared hosting environment. There are three .htaccess files in a normal Cakephp install.

<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteBase /

    # FORCE SSL REDIRECTION
    RewriteCond %{ENV:HTTPS} !on [NC]
    RewriteCond %{HTTP_HOST} !^local [NC]
    RewriteCond %{HTTP_HOST} !^staging [NC]
    RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

    RewriteRule ^$ app/webroot/ [L]
    RewriteRule (.*) app/webroot/$1 [L]
</IfModule>

Check your hosting environment and make sure your allowed to have .htaccess files. Need to make sure ModRewrite is installed and working as well.

Idaidae answered 13/8, 2014 at 2:28 Comment(3)

Thanks for that, unfortunately I still get the "This web page has a redirect loop" error as soon as I edit the .htaccess file Will check with hosting company with regards to ModRewrite – Lithiasis 14/8, 2014 at 6:54

BTW - hosting company use LiteSpeed rather than Apache – Lithiasis 14/8, 2014 at 7:18

@DavidC checkout the answer from Janckos on this same page. – Irradiance 1/6, 2015 at 0:55

V

22

RewriteEngine On
# This will enable the Rewrite capabilities

RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e.  http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context

See https://wiki.apache.org/httpd/RewriteHTTPToHTTPS It worked for me.

Vidavidal answered 7/2, 2015 at 19:58 Comment(2)

perfect solution. this was what worked for me. I also appreciate the fact that it's done at .htaccess level – Irradiance 1/6, 2015 at 0:56

After too much wasting time, got a perfect solution. Thanks. – Pyramid 22/9, 2016 at 19:19

I

9

I have this in my .htaccess file and it works great. I have it ignoring local and staging URLs, like if I had http://local.example.com it will not force redirection for that url. Those lines can be removed. I like using the .htaccess approach over the one in the AppController. This is also the top level .htaccess file in a standard CakePHP install on a shared hosting environment. There are three .htaccess files in a normal Cakephp install.

<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteBase /

    # FORCE SSL REDIRECTION
    RewriteCond %{ENV:HTTPS} !on [NC]
    RewriteCond %{HTTP_HOST} !^local [NC]
    RewriteCond %{HTTP_HOST} !^staging [NC]
    RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

    RewriteRule ^$ app/webroot/ [L]
    RewriteRule (.*) app/webroot/$1 [L]
</IfModule>

Check your hosting environment and make sure your allowed to have .htaccess files. Need to make sure ModRewrite is installed and working as well.

Idaidae answered 13/8, 2014 at 2:28 Comment(3)

Thanks for that, unfortunately I still get the "This web page has a redirect loop" error as soon as I edit the .htaccess file Will check with hosting company with regards to ModRewrite – Lithiasis 14/8, 2014 at 6:54

BTW - hosting company use LiteSpeed rather than Apache – Lithiasis 14/8, 2014 at 7:18

@DavidC checkout the answer from Janckos on this same page. – Irradiance 1/6, 2015 at 0:55

S

5

So I couldn't find a good way to force my entire site to https without getting redirect loops and errors. This will work on a page level as well if you modify the individual controller for that page). anyway, this is what I finally did after messing with this for a couple of days.

Inside my controllers folder in the AppController.php I placed the following code directly under:

public function beforeFilter() {

=================================

 // Force to SSL
 $this->request->addDetector('ssl', array(
    'env' => 'HTTP_X_FORWARDED_PROTO',
    'value' => 'https'
));
if($_SERVER['HTTP_X_FORWARDED_PROTO'] == "http") {  return $this->redirect('https://' . env('SERVER_NAME') . $this->here); }

So what this does is first check for whether it's http or https. If it's http, then I redirect the page to it's https version. By putting it in the AppController.php controller ... this will secure the entire site.

Hope this helps someone else who is also struggling.

Solberg answered 9/4, 2015 at 2:17 Comment(3)

Straight-forward: if($_SERVER['REQUEST_SCHEME'] == "http") { return $this->redirect('https://' . env('SERVER_NAME') . $this->here); }. Not everyone will have $_SERVER['HTTP_X_FORWARDED_PROTO'] – Douceur 11/7, 2017 at 5:52

For which version of cake? It worked for 2.x with @Douceur comment on apache... – Neoma 9/1, 2019 at 12:45

I still recommend doing it with .htaccess – Douceur 9/1, 2019 at 14:30

Q

4

The Last Method was for CakePHP2. The following is updated slightly for CakePHP3:

Inside my controllers folder in the AppController.php do the following:

1.******** Add In The Initialize Function *********

public function initialize()
{
    parent::initialize();

    /* ADD THIS NEW LINE */
    $this->loadComponent('Security', ['blackHoleCallback' => 'forceSSL']); // SSL SECURITY

************ Add A New Public Function **********

public function forceSSL()
{
 return $this->redirect('https://' . env('SERVER_NAME') . $this->request->here);
}

3.**** Add this in the beforeFilter function ******

public function beforeFilter(Event $event)
{

    /* ADD 2 NEW LINES */
    parent::beforeFilter($event); 
    $this->Security->requireSecure();

Quarterback answered 14/1, 2017 at 15:48 Comment(0)

S

2

in Controller/AppController.php
This code is working for my CakePHP 3.8

use Cake\Routing\Router;

and

public function initialize()
    {
        parent::initialize();
        if(env('REQUEST_SCHEME')=='http')
        {
            return $this->redirect('https://www.' . env('SERVER_NAME') . Router::url($this->request->getRequestTarget()));
        }else{
            $split=explode('.',env('SERVER_NAME'));
            if($split[0]!='www'){
                return $this->redirect('https://www.' . env('SERVER_NAME') . Router::url($this->request->getRequestTarget()));
            }
        }
}

Smiley answered 3/12, 2019 at 12:14 Comment(0)

C

1

If you see #SERVER-HTTPS-ON# (on), add

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

If you see #SERVER-HTTPS-ON# (1), add

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=1
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

If you see #SERVERPORT443#, add

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

If you see #LOADBALANCER#, add

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

If you see #CDN#, add

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

If you see #Cloudflare#, add

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:CF-Visitor} ‘”scheme”:”http”‘
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

If you see #ENVHTTPS#, add

<IfModule mod_rewrite.c>
RewriteEngine on   RewriteCond %{ENV:HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

On the bottom of the ssl test page, you will see HTTP HOST. This should be the same as your domain. If not, you might need to hardcode your domain to prevent redirect issues, like this:

RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ full_url_with_https/$1 [R=301,L]

more info here

Comparison answered 31/8, 2017 at 6:31 Comment(0)

Recommended topics

Hot tags