“Too many redirects” when try to redirect site using htaccess

1 Views

I need to redirect my site from example.net to www.example.net with a 301 redirect.

I’m using All In One WP Security & Firewall for my website and it’s automatically adding additional code inside my .htaccess file. The redirect is not working and I think this is caused by that extra code. The error I see in my browser is:

Read More

Too many redirects occurred trying to open www.example.net.

Will All In One WP Security & Firewall generates such error?

My 301 code: 

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^example.net [NC]
RewriteRule ^(.*)$ www.example.net/$1 [L,R=301,NC]

All in One code: 

# BEGIN All In One WP Security
#AIOWPS_BLOCK_WP_FILE_ACCESS_START
<Files license.txt>
order allow,deny
deny from all
</files>
<Files wp-config-sample.php>
order allow,deny
deny from all
</Files>
<Files readme.html>
order allow,deny
deny from all
</Files>
#AIOWPS_BLOCK_WP_FILE_ACCESS_END
#AIOWPS_BASIC_HTACCESS_RULES_START
<Files .htaccess>
order allow,deny
deny from all
</Files>
ServerSignature Off
LimitRequestBody 10240000
<Files wp-config.php>
order allow,deny
deny from all
</Files>
#AIOWPS_BASIC_HTACCESS_RULES_END
#AIOWPS_PINGBACK_HTACCESS_RULES_START
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
#AIOWPS_PINGBACK_HTACCESS_RULES_END
#AIOWPS_DISABLE_INDEX_VIEWS_START
Options -Indexes
#AIOWPS_DISABLE_INDEX_VIEWS_END
#AIOWPS_IP_BLACKLIST_START
Order allow,deny
Allow from all
#AIOWPS_IP_BLACKLIST_END
#AIOWPS_DISABLE_TRACE_TRACK_START
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
#AIOWPS_DISABLE_TRACE_TRACK_END
#AIOWPS_FORBID_PROXY_COMMENTS_START
RewriteCond %{REQUEST_METHOD} =POST
RewriteCond %{HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIENT_IP} !^$
RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteRule .* - [F,NS,L]
#AIOWPS_FORBID_PROXY_COMMENTS_END
#AIOWPS_DENY_BAD_QUERY_STRINGS_START
RewriteCond %{QUERY_STRING} tag=     [NC,OR]
RewriteCond %{QUERY_STRING} ftp:     [NC,OR]
RewriteCond %{QUERY_STRING} http:    [NC,OR]
RewriteCond %{QUERY_STRING} https:   [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} (;|'|"|%22).*(request|insert|union|declare|drop) [NC]
RewriteRule ^(.*)$ - [F,L]
#AIOWPS_DENY_BAD_QUERY_STRINGS_END
#AIOWPS_ADVANCED_CHAR_STRING_FILTER_START
<IfModule mod_alias.c>
RedirectMatch 403 ,
RedirectMatch 403 :
RedirectMatch 403 ;
RedirectMatch 403 =
RedirectMatch 403 @
RedirectMatch 403 [
RedirectMatch 403 ]
RedirectMatch 403 ^
RedirectMatch 403 `
RedirectMatch 403 {
RedirectMatch 403 }
RedirectMatch 403 ~
RedirectMatch 403 "
RedirectMatch 403 $
RedirectMatch 403 <
RedirectMatch 403 >
RedirectMatch 403 |
RedirectMatch 403 ..
RedirectMatch 403 %0
RedirectMatch 403 %A
RedirectMatch 403 %B
RedirectMatch 403 %C
RedirectMatch 403 %D
RedirectMatch 403 %E
RedirectMatch 403 %F
RedirectMatch 403 %22
RedirectMatch 403 %27
RedirectMatch 403 %28
RedirectMatch 403 %29
RedirectMatch 403 %3C
RedirectMatch 403 %3E
RedirectMatch 403 %3F
RedirectMatch 403 %5B
RedirectMatch 403 %5C
RedirectMatch 403 %5D
RedirectMatch 403 %7B
RedirectMatch 403 %7C
RedirectMatch 403 %7D
# COMMON PATTERNS
Redirectmatch 403 _vpi
RedirectMatch 403 .inc
Redirectmatch 403 xAou6
Redirectmatch 403 db_name
Redirectmatch 403 select(
Redirectmatch 403 convert(
Redirectmatch 403 /query/
RedirectMatch 403 ImpEvData
Redirectmatch 403 .XMLHTTP
Redirectmatch 403 proxydeny
RedirectMatch 403 function.
Redirectmatch 403 remoteFile
Redirectmatch 403 servername
Redirectmatch 403 &rptmode=
Redirectmatch 403 sys_cpanel
RedirectMatch 403 db_connect
RedirectMatch 403 doeditconfig
RedirectMatch 403 check_proxy
Redirectmatch 403 system_user
Redirectmatch 403 /(null)/
Redirectmatch 403 clientrequest
Redirectmatch 403 option_value
RedirectMatch 403 ref.outcontrol
# SPECIFIC EXPLOITS
RedirectMatch 403 errors.
RedirectMatch 403 config.
RedirectMatch 403 include.
RedirectMatch 403 display.
RedirectMatch 403 register.
Redirectmatch 403 password.
RedirectMatch 403 maincore.
RedirectMatch 403 authorize.
Redirectmatch 403 macromates.
RedirectMatch 403 head_auth.
RedirectMatch 403 submit_links.
RedirectMatch 403 change_action.
Redirectmatch 403 com_facileforms/
RedirectMatch 403 admin_db_utilities.
RedirectMatch 403 admin.webring.docs.
Redirectmatch 403 Table/Latest/index.
</IfModule>
#AIOWPS_ADVANCED_CHAR_STRING_FILTER_END
#AIOWPS_BLOCK_SPAMBOTS_START
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^(.*)?wp-comments-post.php(.*)$
RewriteCond %{HTTP_REFERER} !^http(s)?://example.net.au [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule .* http://127.0.0.1 [L]
</IfModule>
#AIOWPS_BLOCK_SPAMBOTS_END
#AIOWPS_PREVENT_IMAGE_HOTLINKS_START
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} .(gif|jpe?g?|png)$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://example.net.au [NC]
RewriteRule .(gif|jpe?g?|png)$ - [F,NC,L]
</IfModule>
#AIOWPS_PREVENT_IMAGE_HOTLINKS_END
# END All In One WP Security
Post Views: 1

Related posts

Leave a Reply

3 comments

  1. The problem is with 

    RewriteRule ^(.*)$ www.example.net/$1 [L,R=301,NC]

    www.example.net is taken as a relative path and not as a different domain.

    This is the reason, why it rewrites the URL http://example.net/some/path to http://example.net/www.example.net/some/path, which again is rewritten to http://example.net/www.example.net/www.example.net/some/path and so on.

    If you want to rewrite from domain example.net to domain www.example.net you must add the protocol (http) as well, e.g. 

    RewriteRule ^(.*)$ http://www.example.net/$1 [L,R=301,NC]

    Another way to redirect a domain wholesale, is using the Redirect directive 

    Redirect / http://www.example.net

    RewriteCond %{HTTP_HOST} !^www.(.*)$ [NC]
RewriteRule ^(.*)$ %{HTTP_HOST}/$1 [L,R=301,NC]

    Using %{HTTP_HOST} has the same effect, because it doesn’t include the scheme, i.e. http or https. Furthermore, you rewrite from %{HTTP_HOST} to %{HTTP_HOST}, which doesn’t change a bit.

    To fix this, you must prefix the substitution with www. and also a scheme, either http or https. The flag NC isn’t needed here, because you look for any character .* anyway. So the rule should look like 

    RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [L,R]

    Finally, never test with R=301! See this answer Tips for debugging .htaccess rewrite rules for details.

  2. Redirects in the .htaccess File

    The .htaccess file is a configuration file used to modify Apache server behavior per directory on a website/server. This is a user-level configuration file, and only some Apache configurations can be edited here, though redirects are common use.

    You can have multiple .htaccess files that cascade over a series of directories. If you have a .htaccess in a parent directory, and another in a sub-directory they will both affect the sub-directory. In these instances, it is important to remember where you do and do not have .htaccess files, to prevent conflicts between .htaccess files at different levels.

    Below are a series of redirect examples and will aid in identifying redirects in your .htaccess file. These are not the only ways to do these kinds of redirects, but these should show you what the most common redirects look like so that you can recognize them if they are in a .htaccess file you are working with.

    Force HTTPS
    The .htaccess code below first checks if the request came into the server using HTTP or HTTPS. If the request did not use HTTPS, then the configuration will tell the browser to redirect over to the HTTPS version of the same website and URL that was requested before.

    RewriteEngine On
 RewriteCond %{HTTPS} off
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    Force HTTPS: When Behind a Load Balancer or Proxy (CloudFlare/Incapsula/Sucuri/etc.)
    Sometimes you may be using a proxy, like a load balancer or a web firewall, like CloudFlare, Incapsula, or Sucuri. These can be configured to use SSL on the front end, but not use SSL on the back end. To allow this to work correctly, you need to check not just for HTTPS in the request, but also if the proxy passed the original HTTPS request to the server using just HTTP. This following rule checks if the request was forwarded from HTTPS, and if so does not try to redirect an additional time.

    RewriteEngine On
 RewriteCond %{HTTPS} off
 RewriteCond %{HTTP:X-Forwarded-Proto} =http
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    Force non-www
    This redirect only checks if the website name was requested with www at the start of the domain name. If the www is included, it rewrites the request and tells the browser to redirect over to the non-www version of the domain name.

    RewriteEngine On
 RewriteCond %{HTTP_HOST} ^www. [NC]
 RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    Force www
    This last redirect checks if the website name was not requested with www at the start of the domain name. If the www is not included, it rewrites the request and tells the browser to redirect over to the www version of the domain.

    RewriteEngine On
 RewriteCond %{HTTP_HOST} !^www. [NC]
 RewriteRule (.*) http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    WordPress
    The WordPress CMS uses a .htaccess file for rewriting URLs to the index.php file, but it defines the URL of the website as a value in the database. If you do not already know the name of the database that is being used on the site, you can look it up in the main configuration for WordPress (wp-config.php).

    You can also open the file in a text editor and look for these values, but from an SSH connection, you can use the program grep. This gives you more than just the database name, but the database name is the most important for what we need to do next.

    grep DB wp-config.php

define('DB_NAME', 'wordpress_database');
 define('DB_USER', 'wordpress_username');
 define('DB_PASSWORD', 'Password');
 define('DB_HOST', 'localhost');
 define('DB_CHARSET', 'utf8');
 define('DB_COLLATE', '');

    The wp_options Table
    Once you know the name of the database, you can then look at the options table of the WordPress database to see what the URL is set to in the database. The options table can have any prefix at the beginning of the table name, but it is often “wp_” by default, so the full name of the options table is usually wp_options. The two lines that are important are the home and siteurl lines in the options table. You can find these using phpMyAdmin, or another database management utility, but from the command line, you can also just run the following mysql command.

    mysql -e 'show tables' wordpress_database | grep options

prefix_options

    Checking the Configured URL
    From the command line, you can check what the current values of the home and siteurl lines in the options table. The command should send you and output like the example below. The important part is that these match each other under most circumstances and that they are what you expect. If they are not what you expect then you will want to update them accordingly.

    mysql -e 'select * from wp_options where option_name rlike "home|siteurl"' wordpress_database
 +-----------+-------------+----------------------------------+----------+
 | option_id | option_name | option_value                     | autoload |
 +-----------+-------------+----------------------------------+----------+
 |        36 | home        | http://www.example.com           | yes |
 |         1 | siteurl     | http://www.example.com           | yes |
 +-----------+-------------+----------------------------------+----------+

    Updating the Configured URL
    The following command will update the two rows of the wp_options table for a given database to a new URL. This command should suit most situations where you need to update or correct the URL configured for a WordPress site. Updating the base_urls configured in a WordPress Multisite is beyond the scope of this article, but would involve updating multiple wp_option type tables.

    mysql -e 'update wp_options set option_value="https://www.example.com" where option_name rlike "home|siteurl"' wordpress_database

  3. I had the same problem. The problem was not the rule. The rule was correct but the order of the rules in the .htaccess was not. This is what I had before. Note I am rewriting to non-www.

    #https
  RewriteCond %{HTTPS} off
  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  #remove home
  RewriteCond %{THE_REQUEST} ^.*/home
  RewriteRule ^(.*)home$ https://example.com/$1 [R=301,L] 


 # !IMPORTANT! Set your RewriteBase here and don't forget trailing and leading
 #  slashes.
 # If your page resides at
 #  http://www.example.com/mypage/test1
 # then use
 # RewriteBase /mypage/test1/
 #RewriteBase /
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule ^(.*)$ index.php?/$1 [L]

   #301 redirect
 RewriteCond %{HTTP_HOST} ^www.example.com$ [NC]
 RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]

    I changed to 

     #301 redirect
 RewriteCond %{HTTP_HOST} ^www.example.com$ [NC]
 RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]

 #https
  RewriteCond %{HTTPS} off
  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  #remove home
  RewriteCond %{THE_REQUEST} ^.*/home
  RewriteRule ^(.*)home$ https://example.com/$1 [R=301,L] 


 # !IMPORTANT! Set your RewriteBase here and don't forget trailing and leading
 #  slashes.
 # If your page resides at
 #  http://www.example.com/mypage/test1
 # then use
 # RewriteBase /mypage/test1/
 #RewriteBase /
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule ^(.*)$ index.php?/$1 [L]