Search code examples
apache.htaccesssslhttpsplesk

Is there an Apache/Plesk server setting that governs https:// behavior?

Context:

I've recently moved a site to a new host, and moved the SSL certificate from the old host to the new one. The code, written in PHP, is a big mess made by someone no longer available many years ago. Because of this, I'm hoping to figure out something related to the configuration of the server that can fix the issue so I don't have to reverse-engineer the rather messy code.

Problem:

When users navigate to an area of the site that uses https://, all goes according to plan. The problem, however, arises when they click a link in the navigation that is normally to an http:// part of the site. On hover, you can see that the target URL incorrectly includes "https://". When the user tries to go to a non-secure area with https:// in front, either by clicking one of those altered links or by typing it into the location bar of the browser, they are redirected to the directory without any domain. For example, if you try to go to "https://domain.org/site/", the browser is redirected to only "/site", which of course cannot be found.

Theoretical solutions:

  1. Is there a setting in Plesk which governs the "stickiness" of https? One way to fix the problem is to stop the non-secure links from acquiring https://.

  2. Is there an obvious reason why whatever script or file the site is using to redirect would break when an un-secure area is accessed via https://? Is there a server setting that would have made this function differently on the new server via the old server?

  3. I don't have access to see what exactly the configuration of the old server was. Is it likely that this could be caused by a difference in PHP version? If so, any suspicions about what the problem would be?

  4. Is there some workaround with .htaccess that can manually redirect all but certain secure areas of the site to http:// when they are accessed via https://, presumably before the site's redirect script is activated?

Thank you for any help!!

Solution

    1. Yes, since Plesk 17 (Onyx): plesk-seo-https-redirect

    2. For older versions you can create .htaccess files which will rewrite request from https pages to http, based on referrer:

      RewriteEngine on

      RewriteCond %{HTTP_REFERER} ^https://domain.org [NC]

      RewriteRule ^(.*)$ http://domain.org/$1 [L,R=301]