I have a site that has some strict requirements for SEO purposes.
The main one is redirecting all http requests to https which I have done by adding this into the AppController:
public function forceSSL() {
return $this->redirect('https://' . env('SERVER_NAME') . $this->here);
}
public function beforeFilter() {
$this->Security->blackHoleCallback = 'forceSSL';
$this->Security->requireSecure();
}
The issue I have is with 404 pages, they do not redirect to https (eg. www.hublink.net/asdfg)
I have also added these 2 lines to the .htaccess file (from another post), and removed the above code but then get a "redirect loop" error
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
I have this in my .htaccess file and it works great. I have it ignoring local and staging URLs, like if I had http://local.example.com it will not force redirection for that url. Those lines can be removed. I like using the .htaccess approach over the one in the AppController. This is also the top level .htaccess file in a standard CakePHP install on a shared hosting environment. There are three .htaccess files in a normal Cakephp install.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
# FORCE SSL REDIRECTION
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteCond %{HTTP_HOST} !^local [NC]
RewriteCond %{HTTP_HOST} !^staging [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
RewriteRule ^$ app/webroot/ [L]
RewriteRule (.*) app/webroot/$1 [L]
</IfModule>
Check your hosting environment and make sure your allowed to have .htaccess files. Need to make sure ModRewrite is installed and working as well.