This guide builds a set of .htaccess rules that are appropriate for common ACSF use cases and RCAB requirements.
1 - Default .htaccess
2 - ACSF requirement
3 — Force HTTP to HTTPS
4 — Force sites.bostoncatholic.org domain
5 - Block robots
6 - Customer overrides
7 - Force www
The default .htaccess, provided by Drupal, is at https://git.drupalcode.org/project/drupal/blob/8.8.x/.htaccess
This actually, works out-of-the-box, except for one ACSF requirement...
On the Site Factory platform, the acsf shall be included and the acsf-init-verify must pass all checks before the code is deployed.
Review Acquia Docs, or simply run this command within the project directory:
$ drush --include=docroot/modules/contrib/acsf/acsf_init acsf-init-verify
The expected result is
acsf-init required files ok [success]
On new projects, the acsf-init command will insert 2 lines to the .htaccess file at around line 153:
# ACSF requirement: allow access to apc_rebuild.php.
RewriteCond %{REQUEST_URI} !/sites/g/apc_rebuild.php$
On existing projects, nothing should change.
Inserted as the first mod_rewrite rule, this will force HTTP to HTTPS. However, we will ignore the Acquia-internal domains, and localhost, as SSL may not be available there.
# Force https for non-Acquia domains
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP_HOST} !^localhost [NC] # exclude localhost
RewriteCond %{HTTP_HOST} !\.acsitefactory\.com [NC] # exclude Acquia domains
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
The Acquia-internal domains will be redirected to the customer's Standard Domain for the Factory. This enables all sites on the Factory to utilize a wildcard certificate provided by the customer. This one matches *.sites.bostoncatholic.org.
# Make sure that Dev environment sites are using the *.sites.bostoncatholic.org URL
RewriteCond %{HTTP_HOST} (.+)\.dev-archbos\.acsitefactory.com [NC]
RewriteRule ^(.*)$ https://%1-dev.sites.bostoncatholic.org%{REQUEST_URI} [NE,L,R=302]
# Make sure that Test environment sites are using the *.sites.bostoncatholic.org URL
RewriteCond %{HTTP_HOST} (.+)\.test-archbos\.acsitefactory.com [NC]
RewriteRule ^(.*)$ https://%1-test.sites.bostoncatholic.org%{REQUEST_URI} [NE,L,R=302]
# Make sure that Prod environment sites are using the *.sites.bostoncatholic.org URL
RewriteCond %{HTTP_HOST} (.+)\.archbos\.acsitefactory.com [NC]
RewriteRule ^(.*)$ https://%1.sites.bostoncatholic.org%{REQUEST_URI} [NE,L,R=302]
The purpose of this rule is to block robots.txt for anyone accessing the customer's Standard Domain for the Factory.
# Ensure non-live sites prevent robots from crawling. This is similar to what
# Acquia Cloud does for the *.acquia-sites.com and *.acsitefactory.com domains.
RewriteCond %{HTTP_HOST} \.sites\.bostoncatholic\.org$ [NC]
RewriteCond %{REQUEST_URI} /robots.txt [NC]
RewriteRule ^ robots_noindex.txt [L]
If there are site-specific rules, this is a good place to add them:
# Begin redirects for specific vanity URLs for production sites
RewriteCond %{HTTP_HOST} ^cso\.sites\.bostoncatholic\.org$ [NC]
RewriteRule ^(.*)$ https://www.csoboston.org/%{REQUEST_URI} [NE,L,R=302]
RewriteCond %{HTTP_HOST} ^haverhillallsaints\.sites\.bostoncatholic\.org$ [NC]
RewriteRule ^(.*)$ https://www.allsaintshaverhill.org%{REQUEST_URI} [NE,L,R=302]
RewriteCond %{HTTP_HOST} ^lynndemo\.sites\.bostoncatholic\.org$ [NC]
RewriteRule ^(.*)$ https://www.lynncatholic.org%{REQUEST_URI} [NE,L,R=302]
RewriteCond %{HTTP_HOST} ^lynnfielddemosite\.sites\.bostoncatholic\.org$ [NC]
RewriteRule ^(.*)$ https://www.lynnfieldcatholic.org%{REQUEST_URI} [NE,L,R=302]
RewriteCond %{HTTP_HOST} ^maldensacredhearts\.sites\.bostoncatholic\.org$ [NC]
RewriteRule ^(.*)$ https://www.sacredheartsparish.org%{REQUEST_URI} [NE,L,R=302]
RewriteCond %{HTTP_HOST} ^reveresaintanthony\.sites\.bostoncatholic\.org$ [NC]
RewriteRule ^(.*)$ https://www.stanthonysrevere.org%{REQUEST_URI} [NE,L,R=302]
RewriteCond %{HTTP_HOST} ^riverdivinemercydemo\.sites\.bostoncatholic\.org$ [NC]
RewriteRule ^(.*)$ https://www.rodmc.org%{REQUEST_URI} [NE,L,R=302]
RewriteCond %{HTTP_HOST} ^rocklandholyfamilydemo\.sites\.bostoncatholic\.org$ [NC]
RewriteRule ^(.*)$ https://www.holyfamilyrockland.org%{REQUEST_URI} [NE,L,R=302]
RewriteCond %{HTTP_HOST} ^sacredheartstthomasmore\.sites\.bostoncatholic\.org$ [NC]
RewriteRule ^(.*)$ https://www.shstm.org%{REQUEST_URI} [NE,L,R=302]
RewriteCond %{HTTP_HOST} ^salemshrinedemo\.sites\.bostoncatholic\.org$ [NC]
RewriteRule ^(.*)$ https://www.jpiidivinemercyshrine.org%{REQUEST_URI} [NE,L,R=302]
RewriteCond %{HTTP_HOST} ^seaportshrinedemo\.sites\.bostoncatholic\.org$ [NC]
RewriteRule ^(.*)$ https://www.seaportshrine.org%{REQUEST_URI} [NE,L,R=302]
RewriteCond %{HTTP_HOST} ^somervillestsmartin\.sites\.bostoncatholic\.org$ [NC]
RewriteRule ^(.*)$ https://www.stsmartinparish.org%{REQUEST_URI} [NE,L,R=302]
RewriteCond %{HTTP_HOST} ^brooklinestmaryassumption\.sites\.bostoncatholic\.org$ [NC]
RewriteRule ^(.*)$ https://www.stmarybrookline.com%{REQUEST_URI} [NE,L,R=302]
RewriteCond %{HTTP_HOST} ^dorchesterstchristopher\.sites\.bostoncatholic\.org$ [NC]
RewriteRule ^(.*)$ https://www.stchristopherchurch.org%{REQUEST_URI} [NE,L,R=302]
By now, most of the desired rules have executed. If the incoming request makes it this far, we can force www and avoid using bare domains. This is a convention favored by some websites. Adding the www can also avoid issues where the bare domain may not match the SAN cert on the ELB. As before, we will ignore Acquia domains and localhost.
# Redirect non-www to www on Acquia hosted sites. Be sure to exclude the edit
# domains and localhost
RewriteCond %{HTTP_HOST} !\.acsitefactory\.com$ [NC]
RewriteCond %{HTTP_HOST} !\.sites\.bostoncatholic\.org$ [NC]
RewriteCond %{HTTP_HOST} !^localhost [NC] # exclude localhost
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=301,E=cache:1]