Support

Admin Tools

#31706 https htaccess

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by DaveOzric on Wednesday, 04 September 2019 09:56 CDT

DaveOzric
Hello, the second level support guy at my hosting company said using PHP to redirect the site to https is slower than using .htaccess.

Is there a reason that setting is not in the .htaccess maker for me to use this instead?

Thoughts?

Thank you

nicholas
Akeeba Staff
Manager
I am afraid you are wrong. The feature you say doesn't exist has actually been around for almost six years.

Admin Tools' .htaccess Maker has offered the HSTS feature since version 2.6.0, released on December 27th, 2013. This feature uses .htaccess to send an HTTP header which informs the visitor's site to always use HTTPS to access your site. Furthermore, if your first-time visitor tries to access your site through HTTP it will perform a redirection to HTTPS. This all happens at the .htaccess level long before PHP, let alone Joomla, had the chance to load.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

DaveOzric
Hi Nicholas, I am not wrong, the support guy is. I was not telling you that. :)

So do I need to use the Joomla Global Configuration setting > Force HTTPS along with this .htaccess setting?

Thank you for helping me understand. I always like to learn. ;)

nicholas
Akeeba Staff
Manager
The support guy is not wrong, he's right and I actually agree with him. When you use PHP to perform a redirection the request has to go through Apache parsing the .htaccess file, launching the PHP interpreter, PHP parsing the file, executing it and passing data back to Apache which will then send it to the browser. Depending on how many system plugins run on your site and how long it takes to run them this can take anywhere from 0.3 to 5 seconds. A .htaccess based redirection happens very fast, at the beginning of handling the request. It typically takes less than 0.02 seconds. So, yeah, there's a massive difference.

I would, however, argue that on the average site this happens infrequently enough that it makes no practical difference.

That said, HSTS is more than just a redirection. The redirection only happens the first time someone visits your site. Every next access of that browser to your site will always happen using HTTPS even if the user enters a URL or follows a link with an "http://" protocol prefix to your site. HSTS is basically your site telling the user's browser "no matter what they tell you, always use HTTPS to talk to me".

If you enable HSTS Joomla's setting is irrelevant for redirections. You will never reach a point where Joomla needs to perform a redirection to HTTPS. However, that setting also controls how Joomla outputs URLs so, yes, you must set this option to "Entire site" to make sure your site is not just always accessible over HTTPS but also only outputs HTTPS internal links.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

DaveOzric
Hi, I believe I understand you. I will continue to use both.

Thanks again!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!