Score:0

HTTP redirect not working

za flag

My website: https://www.louiswebsdale.co.uk/ keeps giving the "400 bad request invalid header" error when trying to visit it without the https. So www.louiswebsdale.co.uk or http://www.louiswebsdale.co.uk give the "400 bad request invalid header" error.

Is there some code I need to change in the .htaccess file?

It currently is the following:

RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

Thank you very much.

vidarlo avatar
ar flag
It does *not* give 400 error. It gives a 301 moved redirecting to https. In addition your certificate is revoked.
Louis Websdale avatar
za flag
When I go to the url http://www.louiswebsdale.co.uk/ I get the following: 400 Bad Request Invalid Header.
vidarlo avatar
ar flag
Not reproducible. Firefox complains about a revoked cert; ignoring that the site works from chromium, firefox, google chrome and curl.
Louis Websdale avatar
za flag
How can I fix this "400 bad request invalid header" error?Iis it something to do with the code in .htaccess?
vidarlo avatar
ar flag
It works from here. With what you've given us to work with it seems there's no error, and nothing to fix! Repeating the question doesn't change anything. If the problem persists on your end, please test in incognito mode in your browser, and bring up the dev tools (press F12) and include full headers in your question.
Louis Websdale avatar
za flag
That is very strange! The normal https works but not if someone types the url without the https so if they just type www.louiswebsdale.co.uk, the error comes up.
vidarlo avatar
ar flag
Don't post multiple questions about the same issue. Do what I suggested; bring up dev tools and tell us what headers your browser is sending. Also, test in ingocnito mode and with a different browser.
Louis Websdale avatar
za flag
I have tested in incognito mode and different browser and still the same 400 error. This happens when I remove the s in the url after going on the correct website. So, I go onto https://www.louiswebsdale.co.uk/, it works fine, then I remove the s and it gives the error. The dev tools say: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD> <BODY><H4>400 Bad Request</H4> Invalid Header. </BODY></HTML> Failed to load resource: the server responded with a status of 400 (Bad Request)
vidarlo avatar
ar flag
That's not the header, it's the body. I'm asking for the request headers. Please see https://imgur.com/a/l3tnzUd for an illustration. You can also select to disable caching while dev tools is open.
Louis Websdale avatar
za flag
Is this it? :authority: www.louiswebsdale.co.uk :method: GET :path: / :scheme: https accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 accept-encoding: gzip, deflate, br accept-language: en-GB,en;q=0.9 if-modified-since: Sun, 04 Jul 2021 11:33:23 GMT sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91" sec-ch-ua-mobile: ?0 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: none sec-fetch-user: ?1 upgrade-insecure-requests: 1
Louis Websdale avatar
za flag
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
vidarlo avatar
ar flag
Yes - and the response. It's probably easier to post a screenshot of it.
Louis Websdale avatar
za flag
I apologise, I do not know how to attach a screenshot onto a comment. cache-control: no-cache cache-control: max-age=0 content-encoding: gzip content-type: text/html; charset=UTF-8 date: Sun, 04 Jul 2021 12:33:19 GMT expires: Sun, 04 Jul 2021 12:33:19 GMT last-modified: Sun, 04 Jul 2021 11:33:23 GMT server: Apache vary: User-Agent wpo-cache-status: cached x-powered-by: PHP/7.3.27
djdomi avatar
za flag
Don't post screenshots edit the question and paste the plane texts
kz flag
As vidarlo has already commented... I don't see a 400 response either. There is a 301 redirect from HTTP to HTTPS+www. The `.htaccess` code you posted is just a standard "front-controller" pattern that rewrites requests to `index.php`. There is no redirect in the code you posted (and nothing that would cause this error), so this must be performed by your server-side code. Have you tested this on a different network, outside of your LAN? (eg. phone on mobile network?)
Michael Hampton avatar
cz flag
Your response headers show that the request was passed on to your PHP code. This suggests that you have done something in your Apache configuration (to cause it to behave differently for you than for everyone else) that you have not shared with us despite it being relevant to the issue. Please post your Apache configuration.
Louis Websdale avatar
za flag
Hi Michael, thanks for the help. I think it is working now thanks to tsohost support.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.