Home How to force www, SSL and trailing slash in SilverStripe 4?
Reply: 2

How to force www, SSL and trailing slash in SilverStripe 4?

danielmcclure
1#
danielmcclure Published in 2017-11-14 04:20:51Z

With the latest versions of SilverStripe they encourage you to use server side rules for URL re-writing and not Director::forceSSL(); and/or Director::forceWWW(); in your _config.php file as it is considered unreliable.

On an Apache server this would logically seem to suggest that it should be managed via an .htaccess file. Unfortunately the snippets shown below can fire a rewrite independently however chaining or combining in a single file seems to skip either the www or https case.

### SILVERSTRIPE START ###
### TRIMMED ROBOT/ERROR CODE ###

<IfModule mod_rewrite.c>

    # Turn off index.php handling requests to the homepage fixes issue in apache >=2.4
    <IfModule mod_dir.c>
        DirectoryIndex disabled
        DirectorySlash On
    </IfModule>

    SetEnv HTTP_MOD_REWRITE On
    RewriteEngine On
    RewriteBase '/'

    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]


    # Deny access to potentially sensitive files and folders
    RewriteRule ^vendor(/|$) - [F,L,NC]
    RewriteRule ^\.env - [F,L,NC]
    RewriteRule silverstripe-cache(/|$) - [F,L,NC]
    RewriteRule composer\.(json|lock) - [F,L,NC]
    RewriteRule (error|silverstripe|debug)\.log - [F,L,NC]


    # Process through SilverStripe if no file with the requested name exists.
    # Pass through the original path as a query parameter, and retain the existing parameters.
    # Try finding framework in the vendor folder first
    RewriteCond %{REQUEST_URI} ^(.*)$
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule .* index.php

</IfModule>
### SILVERSTRIPE END ###

<IfModule mod_rewrite.c>
    ### FORCE TRAILING SLASH ###
    ### Source - https://paulund.co.uk/using-htaccess-to-force-trailing-slash ###
    RewriteCond %{REQUEST_URI} /+[^\.]+$
    RewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]

    ### FORCE WWW ###
    #### Modified from source https://paulund.co.uk/add-www-subdomain-to-all-urls-using-htaccess ###
    RewriteCond %{HTTP_HOST} !^$
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://www.example.com%{REQUEST_URI} [R=301,L]

    ### FORCE SSL ###
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://www.example.com/$1 [R=301,L]

</IfModule>
Dan Hensby
2#
Dan Hensby Reply to 2017-11-14 15:44:11Z

You probably want to start with moving your rewrite rules above the SilverStripe ones - they can be last.

Secondly, the [L] flag on your rules means "Last" and will stop any further processing, you may want to try removing them.

Thirdly, from your code you could potentially see 2 redirects (3 requests in totla) for a URL here which (IMO) is a worse experience (thus SEO impact) than a single redirect that doesn't enforce the www and/or the trailing slash.

It looks to me like you could have the following set of redirects just to hit a page:

http://example.com/contact-us
http://example.com/contact-us/
https://www.example.com/contact-us/

The alternative is SS4 is to use a HTTPMiddleware that could enforce this for you in PHP. Whilst not recommended it could be a bit more "transportable"

leptinella
3#
leptinella Reply to 2017-11-15 03:35:43Z

Our approach is to enforce www and https in the Apache virtual host file:

<VirtualHost *:80>
  ServerName www.myexampledomain.com
  Redirect permanent / https://www.myexampledomain.com/
</VirtualHost>
<VirtualHost *:443>
  ServerName myexampledomain.com
  Redirect permanent / https://www.myexampledomain.com/
</VirtualHost>
<VirtualHost *:443>
  ServerName www.myexampledomain.com
  DocumentRoot etc etc
</VirtualHost>

Then finally we use this module to enforce trailing slashes: https://github.com/axllent/silverstripe-trailing-slash . There is a chance of a double redirect with this approach.

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.423777 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO