Geek Answers Handbook

Relay cakephp and https

I have a website that has strict requirements for SEO purposes.

The main one redirects all HTTP requests to https that I made by adding this to the AppController:

public function forceSSL() { return $this->redirect('https://' . env('SERVER_NAME') . $this->here); } public function beforeFilter() { $this->Security->blackHoleCallback = 'forceSSL'; $this->Security->requireSecure(); }

I have a problem with 404 pages, they are not redirected to https (for example, www.hublink.net/asdfg)

I also added these 2 lines to the .htaccess file (from another post) and deleted the above code, but then got a "redirect loop" error

 RewriteCond %{HTTPS} !=on [NC] RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
+7
ssl cakephp litespeed
source share
5 answers

I have this in my .htaccess file and it works fine. I ignore local and intermediate URLs, for example, if I had http://local.example.com , it will not redirect redirection for that URL. These lines can be deleted. I like to use the .htaccess approach compared to the one found in the AppController. It is also a top-level .htaccess file in a standard CakePHP installation in a shared hosting environment. A typical Cakephp installation has three .htaccess files.

 <IfModule mod_rewrite.c> RewriteEngine on RewriteBase / # FORCE SSL REDIRECTION RewriteCond %{ENV:HTTPS} !on [NC] RewriteCond %{HTTP_HOST} !^local [NC] RewriteCond %{HTTP_HOST} !^staging [NC] RewriteRule ^(.*)$ https://www.example.com/$1 [R,L] RewriteRule ^$ app/webroot/ [L] RewriteRule (.*) app/webroot/$1 [L] </IfModule>

Check your hosting environment and make sure you have .htaccess files. You must ensure that ModRewrite is installed and working as well.

+5
source 
 RewriteEngine On # This will enable the Rewrite capabilities RewriteCond %{HTTPS} !=on # This checks to make sure the connection is not already HTTPS RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L] # This rule will redirect users from their original location, to the same location but using HTTPS. # ie http://www.example.com/foo/ to https://www.example.com/foo/ # The leading slash is made optional so that this will work either in httpd.conf # or .htaccess context

See https://wiki.apache.org/httpd/RewriteHTTPToHTTPS This worked for me.

+11
source

Thus, I could not find a good way to get the whole site to work with https without getting redirect cycles and errors. This will also work at the page level if you change a separate controller for this page). in any case, this is what I finally did after I ran into him a couple of days.

Inside my controllers folder in AppController.php, I placed the following code directly below:

public function beforeFilter () {

===================================

  // Force to SSL $this->request->addDetector('ssl', array( 'env' => 'HTTP_X_FORWARDED_PROTO', 'value' => 'https' )); if($_SERVER['HTTP_X_FORWARDED_PROTO'] == "http") { return $this->redirect('https://' . env('SERVER_NAME') . $this->here); }

So what does this mean, first check to see if it has http or https. If it is http, then I redirect the page to this version of https. By placing it in the AppController.php controller ... this will ensure the safety of the entire site.

Hope this helps someone else who is also struggling.

+4
source

The last method was for CakePHP2. For CakePHP3, a little bit updated:

Inside my controllers folder in AppController.php follow these steps:

1. ******** Add to initialization function *********

 public function initialize() { parent::initialize(); /* ADD THIS NEW LINE */ $this->loadComponent('Security', ['blackHoleCallback' => 'forceSSL']); // SSL SECURITY

  1. ************ Add a new public function **********

     public function forceSSL() { return $this->redirect('https://' . env('SERVER_NAME') . $this->request->here); }

3. **** Add this to the beforeFilter function ******

 public function beforeFilter(Event $event) { /* ADD 2 NEW LINES */ parent::beforeFilter($event); $this->Security->requireSecure();
+2
source

If you see # SERVER-HTTPS-ON # (on), add

 <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTPS} !=on [NC] RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </IfModule>

If you see # SERVER-HTTPS-ON # (1), add

 <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTPS} !=1 RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </IfModule>

If you see # SERVERPORT443 # add

 <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{SERVER_PORT} !443 RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </IfModule>

If you see # LOADBALANCER #, add

 <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </IfModule>

If you see # CDN # add

 <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP:X-Forwarded-SSL} !on RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </IfModule>

If you see # Cloudflare # add

 <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"' RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </IfModule>

If you see # ENVHTTPS # add

 <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{ENV:HTTPS} !=on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </IfModule>

At the bottom of the ssl test page you will see HTTP HOST. This should be the same as your domain. If not, you may need to tightly configure the domain to prevent redirection problems, for example:

 RewriteEngine on RewriteCond %{HTTPS} !=on [NC] RewriteRule ^(.*)$ full_url_with_https/$1 [R=301,L]

more details here

+1
source

More articles:


All Articles