Change Details

We need to force redirect all http traffic to https on space.wmflabs.org. Currently all links and navigation point to HTTPS, but we'd like to have this forced so there are no accidents. :) I've tried doing this at the Apache level (via .htaccess rules). ``` # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress # Don't allow indexing in directories Options -Indexes # Force HTTPS RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] ``` This results in a redirection loop. I also have a rule in the WordPress config which is recommended as a best practice. This does not force HTTPS. ```lang=php /* SSL Settings */ define('FORCE_SSL_ADMIN', true); if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS'] = 'on'; ```

We need to force redirect all http traffic to https on space.wmflabs.org. Currently all links and navigation point to HTTPS, but we'd like to have this forced so there are no accidents. :) I've tried doing this at the Apache level (via .htaccess rules). ``` # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress # Don't allow indexing in directories Options -Indexes # Force HTTPS RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] ``` I also have a rule in the WordPress config which is recommended as a best practice. This does not force HTTPS for subpages space.wmflabs.org///sometthing //can still be accessed via http ```lang=php /* SSL Settings */ define('FORCE_SSL_ADMIN', true); if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS'] = 'on'; ```

We need to force redirect all http traffic to https on space.wmflabs.org. Currently all links and navigation point to HTTPS, but we'd like to have this forced so there are no accidents. :) I've tried doing this at the Apache level (via .htaccess rules). ``` # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress # Don't allow indexing in directories Options -Indexes # Force HTTPS RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] ``` This results in a redirection loop. I also have a rule in the WordPress config which is recommended as a best practice. This does not force HTTPS. for subpages space.wmflabs.org///sometthing //can still be accessed via http ```lang=php /* SSL Settings */ define('FORCE_SSL_ADMIN', true); if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS'] = 'on'; ```