I've been struggleing to get this redirect to work.
The main website is host.net
And I want www.host.com and host.com to redirect to host.net (site located external on antother server)
I have valid certificates for host.com and host.net but not for www.host.com
I've tried with this setup but the client gives a cert. error.
I've tried many combinations and sometimes I get one or the other to work, but not both redirects.
FROM .conf file example:
<VirtualHost *:443>
..
LogLevel alert rewrite:trace8
RewriteEngine On
RewriteCond %{HTTP_HOST} www.host.com [NC]
RewriteRule ^/$ https://host.com [R=301]
RewriteCond %{HTTP_HOST} host.com [NC]
RewriteRule ^/$ https://host.net [R=301,L]
LOG:
init rewrite engine with requested uri /
applying pattern '^/$' to uri '/'
RewriteCond: input='host.com' pattern='www.host.com' [NC] => not-matched
applying pattern '^/$' to uri '/'
RewriteCond: input='host.com' pattern='host.com' [NC] => matched
rewrite '/' -> 'https://host.net'
explicitly forcing redirect with https://host.net
escaping https://host.net for redirect
redirect to https://host.net [REDIRECT/302]
Assumptions
you have a valid certificate for host.com and host.net
not for www.host.com (like you said)
Scenarios
you ask for https://host.com: you have a valid certificate, so it negotiates ok, and enters your VH. This answers with a redirect to https://host.net. This has a valid certificate, so you are ok.
you ask for https://www.host.com: you do not have a valid certificate, so it complains on negotiation. The negotiation happens before apache considers VH. Once you accept the warning, it enters your VH, which sends you to https://host.net, which is again ok.
Solutions
add a certificate for https://www.host.com
get a certificate to cover both https://host.com and httpd://www.host.com.
only accept connections for www.host.com on port 80, which redirects to https://www.host.net.
Notes
your logs show that your configuration is good, it does what you expect.
Related
My site has a certificate but it's not a wildcard certificate. So it's for example.com, not for *.example.com.
Not a problem I thought, I'll just redirect any visitor to the proper URL through mod_rewrite:
RewriteEngine On
RewriteBase /
# Following two lines to strip machine name
RewriteCond %{HTTP_HOST} !^example.com [NC]
RewriteRule ^(.*)$ https://example.com%{REQUEST_URI} [L,R=301]
# Following two lines make sure the https version is always served
RewriteCond %{HTTPS} off
RewriteRule (.*) https://example.com%{REQUEST_URI} [L,R=301]
Now, the redirect actually works. When someone types in https://www.example.com/page, he will eventually be redirected to https://example.com/page.
But...
The browser first displays a warning that https://www.example.com is insecure. Only when I add an exception, will it be redirected to https://example.com/page which does not give a certificate error...
What am I doing wrong here?
Nothing. SSL negotiation occurs at the transport (TCP) level, not HTTP (even when using SNI) but the point is that the certificate is not valid for the requested domain. When the connection is initiated to www. the browser will request the certificate and compare the url with the CN in the cert and since it isn't there, it'll raise the alert.
To resolve this issue you will need a certificate that includes both ServerName and ServerAlias names. You could maybe try some DNS provider that offers DNS HTTP redirection, but getting a certificate is quite easy this days.
I'm trying to do which might be not possible at all.
Let's say I own mydomain.com and have standard (no wildcard) RapidSSL certificate which works for www.mydomain.com and mydomain.com.
I'd like to redirect (.htaccess) subdomain.mydomain.com to mydomain.com/?param=subdomain.
I already managed to redirect it to subdomain.mydomain.com/?param=subdomain but the problem is that on every redirection I get browser warning concerning my certificate which doesn't cover any subdomain.
Is it possible to redirect it without the warning? I need subdomain only for pretty passing the parameter and I don't need it after redirection.
I think you want to capture the subdomain in the URL as shown in the 2nd RewriteCond and then use it as the parameter value:
<IfModule mod_rewrite.c>
Options +FollowSymLinks
Options +Indexes
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !www.mydomain.com$ [NC]
RewriteCond %{HTTP_HOST} ^(www.)?([a-z0-9-]+).mydomain.com [NC]
RewriteRule (.*)?param=%2/$1 [L]
</IfModule>
This is a link to the above solution... http://www.mediacollege.com/internet/server/apache/mod-rewrite/subdomains.html
Hope this helps!
... (no wildcard) RapidSSL certificate which works for www.example.com and example.com .... like to redirect (.htaccess) subdomain.example.com to example.com/?param=subdomain
This is not possible, at least not without warnings about invalid certificates.
The redirection is done within HTTP. But with HTTPS the HTTP layer is embedded inside a SSL layer so that you first have to successfully establish the SSL connection before you can redirect. But to successfully establish the SSL connection you have to have a valid certificate for subdomain.example.com, which you don't have.
I want to be able to redirect all visitors to a website & its subdomains to HTTPS like the following:
http://example.com -> https://www.example.com
http://www.example.com -> https://www.example.com
http://sub.example.com -> https://sub.example.com
http://www.sub.example.com -> https://sub.example.com
https://www.sub.example.com -> https://sub.example.com
Other redirects:
w (or ww, wwww, etc).example.com -> https://www.example.com
w (or ww, wwww, etc).sub.example.com -> https://sub.example.com
The redirects should be a cacheable HTTP 301 redirect. The configuration used is Apache 2.4.10 + mod-spdy, with Strict-Transport-Security (Plus a wildcard SSL cert).
Currently use the following in .htaccess:
RewriteCond %{SERVER_PORT} !^443
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^ "https://www.example.com%{REQUEST_URI}" [R=301,L]
RewriteCond %{SERVER_PORT} !^443
RewriteCond %{HTTP_HOST} ^sub\.example\.com$
RewriteRule ^ "https://sub.example.com%{REQUEST_URI}" [R=301,L]
I've been using spdycheck.org to test this, it works fine for the main domain, with the subdomains I get the following message:
HTTP Traffic Allowed
This website can still be access via HTTP. HTTP
does not provide any widely implemented mechanism for using other
protocols like SPDY. Only traffic over SSL/TLS using the NPN Extension
can be optimized with SPDY. By allowing HTTP traffic, this website is
not even offering SPDY capable browsers the choice of using SPDY. If
possible, this website should redirect all http:// to https://,
ideally with a cachable HTTP 301 redirect.
What's a good way to accomplish this? I could modify httpd.conf if required also.
If you're doing it in your httpd.conf, put in something like:
<VirtualHost _default_:80>
RewriteEngine On
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NE,L,R=301]
</VirtualHost>
After all of your virtual hosts, and ensure that your other virtual hosts are port 443 only. This will make this redirect the global http vhost that will redirect each page individually to HTTPS and give a 301 redirect.
I recently installed my SSL certificate, and I'm attempting to enforce a https connection to all my pages. However, previously I also redirected all requests to the www version of the request page. When combining an http redirect to https and concurrently redirecting traffic to www, I get a looping redirect warning on browsers. Hence, how can I make .htcaccess rule (I actually just use the directory config file) that will achieve what i want: always https://'www'
Here's the current combination that I have:
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}$1 [NC,R=301,L]
RewriteCond %{HTTP_HOST} ^mydomain.com
RewriteRule (.*) https://www.mydomain.com$1 [R=301,L]
Your question is a duplicate of htaccess redirect to https://www
Also, you can solve the WWW problem with DNS by simply pointing your naked domain to WWWizer's free naked domain redirect service's IP 174.129.25.170
Client site uses several domains leading to the same content, which is bad for SEO ("duplicated content").
example.com, www.example.com, foo.com, foo.example.com, www.foo.com and www.foo.example.com
Also, the site must now use https on all requests.
So the task now is to enforce the sole use of https://foo.example.com as the SSL certificate is for *.example.com. All other domains should be redirected to https://foo.example.com
I'm trying to implement these requirements via url rewriting in the website's root folder .htaccess file.
Rewritecond %{HTTP_HOST} !^example\.com
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
It works, except for one use case: http://example.com
Requests pointing to http://example.com/hello do not get rewritten to the https://example.com.
So I tried
RewriteCond %{HTTPS} !^on [OR]
Rewritecond %{HTTP_HOST} !^example\.com
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
But i get a "redirection loop" error. It means the conditions are always true, but why?
server details
Server: LAMP (Apache 2) on Red Hat Enterprise Linux Server release 6.5
UPDATE
I think my rewriting rules are correct, the issue occurs upstream. System administrator informed me that their network redirects 443 requests to the local machine's :80 port. Also, phpinfo() on a https url shows no presence of SSL flags ( HTTPS= on does not appear in phpinfo()).