.htaccess hiccup

I am hoping someone can double check this for me, but appreciate its a difficult one to check.

I have some rules in my .htaccess that strips www, and forces https. It works fine, no broken pages, i figured it was all good… until I tried logging into the panel. When I enter username and password, hit the button, the page just reloads with no error message. If i take these rules out, i can login.

RewriteCond %{HTTP_HOST} ^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L,NE]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteCond %{REQUEST_FILENAME} !\.(gif|jpg|png|svg|jpeg|pdf|zip|css|js)$ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1/ [L,R=301]

can anyone see anything wrong with the above and why it wont work with the panel?

Seems the first 4 lines are fine, these came from @jenstornell secrets. The second half breaks the panel. It’s there rewrite non-https image and file urls created in the panel. How can i make it panel friendly?

I use this:

Set c::set('ssl',true); in your config.php.

Start rewrite rules in .htaccess with:

RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]

This works for me. It might for you too :slight_smile: