Force all HTTPS requests to HTTP

Permalink
As it stands right now, I have several websites in Concrete5 (multi-site, multi-server, same external IP), and only two of them have SSL certificates. The rest are HTTP only, which is fine.
My problem lies in the fact that if someone uses "HTTPS" instead of "HTTP" (on a non-SSL hostname) the user winds up hitting one of the SSL enabled sites! We are talking a completely different domain name here... That's not so good.

I need to know if this can be resolved in the .htaccess file for each non-SSL site, or do I need to go somewhere else to fix this?

I have already tried modifying one non-SSL site's .htaccess (below) but it still redirected to the primary SSL site instead. I am wondering if I need a special rewrite in the "SSL" host, to make it back to the non-SSL host name. Let me know if I am on the right track, or where else I should make edits.

<IfModule mod_rewrite.c>
RewriteEngine On
# -- Force all HTTPS to HTTP --
RewriteCond %{HTTP:X-Forwarded-SSL} =on
RewriteRule (.*) http://%{HTTP_HOST}/$1 [L,R=301]
# -- end of HTTPS to HTTP
# -- concrete5 urls start --
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteCond %{REQUEST_FILENAME}/index.php !-f
RewriteRule . index.php [L]
</IfModule>
# -- concrete5 urls end --


I have also tried (as an alternative rule) but it failed as well:
RewriteCond %{HTTPS} =on
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [L,R=301]

bkinney
View Replies:
goodnightfirefly replied on at Permalink Reply
goodnightfirefly
Are these v5.6 or v5.7 sites?
rfletcher replied on at Permalink Reply
I am trying to do the same thing. I'm using v5.6.

I want to redirect any requests from a https url to http.
goldfish replied on at Permalink Reply
goldfish
If your site is NOT running on the same IP as another site with an SSL certificate (and it should not be- SSL sites should have their own IP unless you are using SNI...), you can solve this in 5.6 by simply inserting
define('BASE_URL','http://www.yoursite.com');
into confg/site.php and it should take care of it. If you do have an SSL site on the same IP, you'll need to do the above as well as modify the .htaccess file for the other site.
rfletcher replied on at Permalink Reply
Currently, my site doesnt even have a SSL certificate, but what we are seeing in Google search results is that for some reason there are about 3 pages worth of search results in google that all start with a https. We don't understand why or how this would happen.

I did notice that the BASE_URL was not set in the config/site.php file. I've added that line.

That made so if a visitor hits a https by mistake, they get the warning message in chrome, once they accept and proceed, the site flips them http.

Ideally, what i really want to have happen is that when a user attempts to hit a https url, it would just force them to http and avoid the warning message. What I've read is that this is not possible to do because the warning message is displayed before the htaccess file is fired for security reasons.

Is there something else I can change to possibly temporarily redirect URLs with https to http and avoid the warning message?
axelbenz replied on at Permalink Reply
Hi,

i have the same problem in version 5.7.5.6 - sporatically all internal links switch to https. I can repair this by clearing the cache, but it comes again. This is strange!
Now, since in this version file confg/site.php does not exist any more, what can I do?

Regards,

Axel Benz
axelbenz replied on at Permalink Reply
Is there still no one who has a solution for this?

I have a pure http site (www.campusnaturalis.de) with just one https single page. Sporatically, all the links of the site switch to https, which creates big trouble. The solution is to clear the cache, which I now have set to "every 6 hours", but that can't be the final solution. The links should not switch anwhere in the fist place.

Please, I appreciate any idea!