"Too Many Redirects" SSL

[brentnl]

Hi,

I have a problem which I've never had before; normally I always use a known hostingcompany and never had any issue's with SSL (they implement it for free at every domain you set-up).

But now I'm dealing with another host for some reason and apparently they have another approach of dealing with SSL. When I don't use the HTTPS option for a page in CMSMS everything works fine; you could access the page at both the HTTP or HTTPS version. But when I'm using the HTTPS-checkbox I'll get a 'Too Many Redirects' error from Google Chrome. It somehow got caught in a loop.

And another issue; normally I use this .htaccess to force everyone towards the HTTPS version;

Code: Select all

#Options +FollowSymLinks
  RewriteEngine on
  RewriteBase /

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Link to http://website.com then redirect to http://www.website.com
RewriteCond %{HTTP_HOST} ^domain\.com [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301] 

  # 301 Redirect all requests that don't contain a dot or trailing slash to
  # include a trailing slash
  # except for form POSTS
  RewriteCond %{REQUEST_URI} !/$
  RewriteCond %{REQUEST_URI} !\.
  RewriteCond %{REQUEST_METHOD} !POST$
  RewriteRule ^(.*) %{REQUEST_URI}/ [R=301,L]
 
  # Rewrites urls in the form of /parent/child/
  # but only rewrites if the requested URL is not a file or directory
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.+)$ index.php?page=$1 [QSA] 

But that doesn't work either, no matter Use HTTPS is checked or not.

I use mod_rewrite in my config.php for Pretty URL's.

[DIGI3]

I would unset all of the 'use https for this page' options, that was a holdover from when you might only want one or two pages to be https. You can use the bulk feature of Content Manager to do this.

Once you've done that, revisit your htaccess and follow the logic. For example, you have:

Code: Select all

RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301] 

The "L" in that rule means ignore all following rules, so it's not going to get the https rule added. You could replace all of it with these rules:

Code: Select all

# Force www: from http://stackoverflow.com/a/4958847/1078583
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# Force SSL: From http://stackoverflow.com/q/24322035/
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]

Or, if you want NO www added, you can use:

Code: Select all

#force non-www and https
RewriteCond %{HTTP_HOST} ^(www\.)(.+) [OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)
RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]

There's lots of other ways to write it, but the order matters, and the placement of parameters such as 'L' is important.

[Rolf]

https://cmscanbesimple.org/blog/setting ... ade-simple

[brentnl]

I've unchecked every 'use https' box and I've tried both htaccess versions, of both Rolf and DIGI3, both non of them seem to work. 'Too Many Redirects' is the error I keep getting..

I've submitted a ticket at the hosting company, Argeweb, so they will have a look at it as well.

[brentnl]

Nobody?

If I visit the website while adding 'https' the homepage works normally but as soon as I navigate to another menu-item it serves me the HTTP version instead..

The hosting company couldn't help me as well.

[DIGI3]

Do you have any urls entered into your config.php?

[brentnl]

Do you have any urls entered into your config.php?

Code: Select all

$config['dbms'] = 'mysqli';
$config['db_hostname'] = '---';
$config['db_username'] = '---';
$config['db_password'] = '---';
$config['db_name'] = '---';
$config['db_prefix'] = 'cmssite_';
$config['timezone'] = 'Europe/Amsterdam';
$config['admin_dir'] = 'inloggen';
$config['query_var'] = 'pagina';
$config['url_rewriting'] = 'mod_rewrite';
$config['permissive_smarty'] = 1;
$config['root_url'] = 'https://www.domain.nl';
$config['admin_url'] = 'https://www.domain.nl/inloggen';

This is my config file..

[DIGI3]

Nothing obvious there. Are you able to share the url to the site?

[brentnl]

Nothing obvious there. Are you able to share the url to the site?

www.partycrew.nl

[DIGI3]

Looks like an htaccess issue to me. When you hover over the links they are https, but when clicked they redirect to http. You should be able to test that by temporarily replacing htaccess with the htaccess.txt sample from the docs directory.

Make sure to check higher level directories for .htcaccess files as well, they're recursive.

[brentnl]

Looks like an htaccess issue to me. When you hover over the links they are https, but when clicked they redirect to http. You should be able to test that by temporarily replacing htaccess with the htaccess.txt sample from the docs directory.

Make sure to check higher level directories for .htcaccess files as well, they're recursive.

There are no top-level .htaccess-files present and I've tried the htaccess.txt from /doc and it works fine, so the problem must have something to do with the htaccess combined with the server-settings?

The only thing remaining is forcing non-https request to the https-url. Any suggestions?

[DIGI3]

If it works fine with the stock htaccess, then you just need to troubleshoot what is wrong with yours. Typically it's an order of operations thing, it needs to be quite specific. Some trial and error and/or googling may be in order.