• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.4 Redirect to httpS with migration script / htaccess issue


My forums were migrated this weekend but I have a couple of issues that could turn out to be catastrophic for me:
1. The VB with VBSEO to Xenforo link redirects end in http but not httpS.
If I force httpS in .htaccess I end up with 5 permanent redirects. Needless to say that's a potential issue with search engines.

a. My original links are like this:

b. Then the first 301 does this:

c. The second 301 does this:

d. The third 301 finally gets the Xenforo URL:
But this last one goes to HTTP and I'd like it to go to HTTPS directly (or go the SSL directly from the first redirect is even better)

My question is: how can I minimize the number of 301 redirects while at the same time landing on my SSL URLs?



XenForo developer
Staff member
I'm unclear why there is a redirect from a to b. Why can't that go from a to c?

There's also no particular reason you can't go to https here, but it's not clear what redirection rules you are using. We need to see that.
Hi Mike,

Thanks for responding. I've always wondered why b. was there too.
Here are the .htaccess rules:
<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteRule [^/]+/.+-t([\d]+).html showthread.php?t=$1 [NC,L]
RewriteRule ^[^/]+/thread-t([0-9]+)-([0-9]+)\.html$ /forum/threads/$1/page-$2 [R=301,L]
RewriteRule ^[^/]+/[^/\.]+-t([0-9]+)-([0-9]+)\.html$ /forum/threads/$1/page-$2 [R=301,L]
RewriteRule ^members/([^\.]+)\.html$ /forum/member_redirect.php?username=$1 [R=301,L]
RewriteRule ^attachments/(.+)/([0-9]+)[d-](.+)$ attachment.php?attachmentid=$2 [L]

    #    If you are having problems with the rewrite rules, remove the "#" from the
    #    line that begins "RewriteBase" below. You will also have to change the path
    #    of the rewrite to reflect the path to your XenForo installation.
    #RewriteBase /xenforo

    #    This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]

If I add the following code to force SSL I end up with 5 redirects:
    RewriteCond %{HTTPS} !on
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Please let me know if you need anything else from me. Mod_revrite isn't my forte.

@Mike sorry for bumping this thread:)
I'm just freaking out as Google is indexing both SSL and insecure versions of my site right now because of this. Please let me know if you have an idea on how this can be done better.


XenForo developer
Staff member
I can't see why (b) is happening off hand, unless there's another rewrite rule being triggered somewhere. However, you can likely reduce the rewrites by changing the rewrites you've entered here to rewrite to full URLs that force HTTPS themselves (rather than just 301'ing to /forums/..., go to https://domain.com/forums/...) . You should also set the URL you want to use as the canonical one in the options as your "Board URL". Finally, add the HTTPS forcing redirect in after the URL redirects (but before the standard redirects).
Thanks Mike.

The company I hired for the migration is saying that there is no other way. Maybe so, but I find it strange and want to make sure, at least get my httpS without going through the insane 5 chained 301's.
There is a difference between the typical migration script from the resources section and the one used by the copany that migrated the forums:
..the one they use is on the left.
Could it be the reason for the extra 301?



XenForo developer
Staff member
I don't see an obvious reason for an extra 301 there, but if they're using modified scripts, I couldn't really speak to what the changes are attempting to do.

Regardless, you should at least be able to cut out the extra http -> https redirect by doing it as part of the other redirects (this is what my previous message was suggesting).