WE have a whole bunch of subdomains from another domain that are pointing to our server. So I am trying to do a 301 redirect from any subdomain at that domain to point to ours
eg.
sub1.domain.com 301 redirect to ourdomain.com
sub2.domain.com 301 redirect to ourdomain.com
There could be any number of subdomains pointing to it.
What should the 301 redirect look like for this?
I have this:
RewriteCond %{HTTP_HOST} *\.domain\.net\.au$ [NC]
RewriteRule ^ https://ourdomain.com%{REQUEST_URI} [R=301,L,NE]
but this returns a internal error, if I replace the * with an actual domain it sort of works.
PArt two of this question is about https, our site is always https, when you click on a link in google that goes to one of these domains, its tries to take them to https://sub1.domain.com
Even when I put in the redirect , it still tries to go to https://sub1.domain.com, which causes the browser to give a "this is not safe" error, is there any way via the 301, to make it so it goes directly to our domain without it giving the https error on the other domain first?
Here is part one:
RewriteCond %{HTTP_HOST} [^.]+\.domain\.net\.au$
RewriteRule ^ https://ourdomain.com%{REQUEST_URI} [R=301,L]
As for part two, no, that can't be done. HTTPS certificate negotiation has to happen before the connection is established to issue the redirect. All you can do is get a wildcard SSL certificate or provide a valid certificate for the subdomains in some other way. It can't be done without a valid certificate unless you accept the "not safe" errors, which most visitors won't. But once the redirects are in place for a while, the listings will be dropped by Google anyway.
Related
My site has a certificate but it's not a wildcard certificate. So it's for example.com, not for *.example.com.
Not a problem I thought, I'll just redirect any visitor to the proper URL through mod_rewrite:
RewriteEngine On
RewriteBase /
# Following two lines to strip machine name
RewriteCond %{HTTP_HOST} !^example.com [NC]
RewriteRule ^(.*)$ https://example.com%{REQUEST_URI} [L,R=301]
# Following two lines make sure the https version is always served
RewriteCond %{HTTPS} off
RewriteRule (.*) https://example.com%{REQUEST_URI} [L,R=301]
Now, the redirect actually works. When someone types in https://www.example.com/page, he will eventually be redirected to https://example.com/page.
But...
The browser first displays a warning that https://www.example.com is insecure. Only when I add an exception, will it be redirected to https://example.com/page which does not give a certificate error...
What am I doing wrong here?
Nothing. SSL negotiation occurs at the transport (TCP) level, not HTTP (even when using SNI) but the point is that the certificate is not valid for the requested domain. When the connection is initiated to www. the browser will request the certificate and compare the url with the CN in the cert and since it isn't there, it'll raise the alert.
To resolve this issue you will need a certificate that includes both ServerName and ServerAlias names. You could maybe try some DNS provider that offers DNS HTTP redirection, but getting a certificate is quite easy this days.
checked the Forum but could not find an ideal answer. I have recently installed a SSL Certificate on my site and in the process of creating 301 redirects via the .htaccess file for nearly 400 page urls (to keep Google happy). I thought of using;
redirect 301 /contact.php https://www.mydomainname.co.uk/contact.php
but it breaks the site. The only solution I have seen is;
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^contact\.php$ https://www.mydomainname.co.uk/contact.php [L,R=301]
The above seems a lot of code to use for each of the 400 pages! is there a quicker way with less code I can use in the .htaccess file?
Many thanks. Hope someone can advise.
There are two basic ways of redirecting pages with Apache: Redirect (of mod_alias) and RewriteRule etc. (of mod_rewrite).
Redirect is very simple: it will just redirect a single URL to another. It can be useful sometimes, but it's usefulness is limited to its simplicity: in the case of HTTP-to-HTTPS redirection, it can't differentiate between HTTP and HTTPS connections, so it will just try to redirect to HTTPS even if you're already on HTTPS (and thus you end up in an infinite redirect loop).
RewriteRule, on the other hand, is more advanced and flexible. You can use RewriteCond to conditionally redirect requests; in your case, you'd want to redirect requests only if they're on a HTTP connection.
As you mentioned, you want to redirect to HTTPS for many (I presume all) requests; you can easily do this with only a single rule:
# Enable rewrites
RewriteEngine on
# Only run next RewriteRule on HTTP connections (not HTTPS)
RewriteCond ${HTTPS} off
# Redirect any page to the same URL with https:// schema
RewriteRule (.*) https://${SERVER_NAME}/$1 [L,R=301]
(The ${SERVER_NAME} variable will automatically be equal to your domain name, so you can even use this on web servers with multiple domain names.)
I am using a single domain certificate (only on the www. subdomain) and want to have all users using this.
Currently i have the following in my htaccess file:
## force HTTPS and www. if any of them are not already present
RewriteCond %{HTTP_HOST} (?!^www\.)^(.+)$ [OR]
RewriteCond %{HTTPS} off
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L]
But the problem is, that this seems to lead to two separate redirects:
http://domain.com -> https://domain.com -> https://www.domain.com
This means 3 RTTs for the user until he reaches the correct page. In addition only the second redirect seems to be permanent, the first one (http to https) seems to be temporary,
Is there any solution which directly sends requests of from http to https+www?
Many thanks in advance!
There's only one redirect. The target is https://www.%1. There is no redirect to http://www.%1 and no redirect to https://%1. Only https://www.%1.
No idea how you arrived at the conclusion that this rule caused 2 different redirects. Is this what your access logs are saying? Or the browser's network console?
I am trying to redirect incoming requests to https://www.domain.com/ and all https://www.domain.com/{all pages} and having little trouble. Methods I tried:
Adding this line: Redirect permanent / https://www.domain.com/ to my httpd.conf is causing too many redirect
Using .htaccess to redirect with mod_rewrite is ending in 302 Moved page with a broken link.
What I want is:
Redirect all requests to https://www.domain.com/, including http://www.domain.com/signup and pages like that to https version
I've searched many threads on this but they don't seem to apply to my setup. How should I approach this?
There's a distinct problem with this approach - if you do a automatic non-SSL redirect to an SSL webpage, you lose the security that SSL should provide. i.e. If someone can MITM your non-SSL web server, they can redirect to their own valid SSL server (with a real certificate), and the browser won't know the difference.
i.e. http://www.example.com redirects to https://www.example.com, can be subverted by a man in the middle attack where fake http://www.example.com redirects to https://i-will-steal-your-credit-card.com, and as long as i-will-steal-your-creditcard.com has a valid certificate, the browser won't alert the user that anything is awry, the user will see the little lock icon and think everything's cool and start putting in credit card numbers.
It's a better practice to have a page that explains that what they really want is the SSL version of the URL and a clickable link. Of course, bad-guy could do the same exact thing, but paranoid people always verify the link they're clicking actually links to what it says.
Granted, most people aren't paranoid and will be grumpy about the extra step - so if you have any marketing people making decisions about this upstream from you - odds are you'll end up doing it http->https automatic redirect. This is because Marketing and customers usually don't understand SSL.
It goes like:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Source: http://systembash.com/content/force-https-ssl-access-url-apache/
RewriteEngine On
RewriteCond %{HTTPS} Off
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]
Notice the $1 which appends the path information
I have a bunch of domains on on of my servers. I'd like to be able to redirect some domains to a different domain without the user knowing, so not a 301 redirect.
An example, redirect domain.com to masterdomain.com/sites/domain.com. So when visiting domain.com, the user would be displayed with the data on masterdomain.com/sites/domain.com.
Also masterdomain.com and domain.com are on the same server.
How could I do this using Apache? mod_rewritem mod_alias?
If both host names use the same document root, you can do this:
RewriteCond %{HTTP_HOST} =example.com
RewriteRule !^sites/example\.com(/|$) sites/example.com%{REQUEST_URI} [L]
This rule will prepend /sites/example.com if the requested URI path does not already starts with that.
GoDaddy calls this a domain Alais.
Here is a link where it is explained
http://webwizardworks.com/web-design/domain-alias.html