Redirecting with htaccess

Tags how-to Web

You can redirect users either through an .htaccess file or within a webpage. This is especially useful in making sure users trying to get to secure content stay on the secure site.

Issues with the back button

Any time you issue a redirect from inside a page, what happens is the browser requests and receives the page the user navigated to, then the server tells it to move on to the right page. If the user clicks the back button, the browser will go back one page, but that's the page with the redirect, so the server tells it to move on again. If the user doesn't know how to use their browser's history, they are stuck in an endless loop. For that reason, using the .htaccess file is recommended whenever possible.

Redirecting from a webpage

You can immediately redirect users, or redirect them after a brief delay. If you have a delay, you can display a message to users before the redirect occurs.

Immediate redirect

In a php page

<?php
header('Location: https://dept.astro.lsa.umich.edu/index.php');
?>

If the user doesn't pay attention to the address bar in their browser, they may not notice anything happened.

The url can be absolute (as in this example) or relative.

In an HTML page

<meta http-equiv="refresh" content="0;url=https://dept.astro.lsa.umich.edu/index.php" />

Again, the url changes immediately, so the user may not even notice the redirect. Also, the url can be absolute (as in this example) or relative.

Redirect after a delay with a message

In a php page

<?php
header( 'refresh: 10; url=https://dept.astro.lsa.umich.edu/index.php');
echo "You are being redirected to the secure site.  You can avoid this message in the future by making sure you
include the https on the front of the url when you type it into your browser.  If you need to go back, you will 
need to press your browser's back button twice or use your browsing history.";
?>

The header line must go before any output (like the echo line). However, you can check variables (e.g., to see if someone is logged in) and perform other operations as long as it doesn't output anything to the browser.

The number after refresh: is the time in seconds to wait before redirecting.

The URL can be an absolute or a relative path.

Note that the echo statement includes directions for going back, which may help users avoid the back button problems.

In an HTML page

<html>
<meta http-equiv="refresh" content="10;url=https://dept.astro.lsa.umich.edu/index.php" />
<p>You are being redirected to the secure site. You can avoid this message in the future by making sure you 
include the https on the front of the url when you type it into your browser. If you need to go back, you will 
need to press your browser's back button twice or use your browsing history.</p>
</html>

Just as in the php example, the number at the start of the content= field is the time in seconds to wait before redirecting.

Using .htaccess

There are actually a couple of commands you can use in an .htaccess file. Simply add the lines to the .htaccess file.

Redirect

Redirect tells the browser to get the content of the page from a different source. It also sends a status code to the browser so it knows why it is being sent to another page.

The syntax for the redirect is

Redirect [status] URL-path URL

For example, the directive

Redirect permanent http://dept.astro.lsa.umich.edu/ https://dept.astro.lsa.umich.edu/

tells the browser to always go to https://... to get anything under the dept.astro.... site.

If you leave the status field empty, it defaults to temporary, so the browser will continue to check the original resource.

RedirectMatch

RedirectMatch allows you to use a regular expression instead of a URL-path:

RedirectMatch [status] regex URL

Otherwise, it works the same as Redirect.

Rewrite

Rewrite has a number of options that must be used in conjunction with one another, however, it can be very powerful. The Apache documentation may be helpful.

To simply flip from http to https (slightly faster than a redirect),

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Details

Article ID: 1613
Created
Wed 5/27/20 8:26 AM
Modified
Tue 10/13/20 9:58 AM