I am doing a redirect from all domains to a single domain and then forcing it to HTTPS. All works for domains not entered with https: but when someone enters in the full url like https://www. the browser gives a certificate error. Below is my htaccess.
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Why is this not working for https requests? I am also using Parallels could there be a setting in that I am missing?
Related
Guys i have litle problem with migrating site from HTTP to HTTPS.
I want to force all to www https
http://example.com -> https://www.example.com (wrok)
http://www.example.com -> https.www.example.com (not work)
Above example return url with two www.www
https.www.www.example.com
My code
RewriteCond %{HTTP_HOST} !=""
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
What i do wrong?
You can use this redirect to combine http -> https and www redirects into one rule:
# add www and turn on https in a single redirect rule
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTPS} !on
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=302,L,NE]
Once you verify it is working fine, replace R=302 to R=301. Avoid using R=301 (Permanent Redirect) while testing your mod_rewrite rules.
Your rule on the other hand is attempting to maintain same scheme (http or https) after redirect. Your rule is also working for the case when www is missing. You need to use OR between 2 conditions as I have shown in my answer.
I just installed the Origin CA certificate in CentOS 7.3 with the help of this link
Then I redirected all the http requests to https and www to non-www with the following .htaccess commands
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
here are the following issues,
1) When I set RewriteCond %{HTTPS} off it gives Too Many Redirects error
2) When I access the site with follwing URL http://website.com, It doesn't redirect to https
3) but, http://www.website.com works fine (with WWW)
Not sure if I'm doing anything wrong in the SSL configuration, any help would be appreciated.
You can replace both http->https and www->non-www redirect rules with this single rule:
RewriteEngine On
# remove www and turn on https rule
RewriteCond %{HTTP_HOST} ^www\. [NC,OR]
RewriteCond %{HTTP:X-Forwarded-SSL} =off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L,NE]
I'm attempting to setup an SSL redirect in Apache using RewriteEngine that will do the following:
Redirect traffic to either http://mydomain.com or http://www.mydomain.com to use HTTPS
Redirect traffic to any other subdomain https://*.mydomain.com to use HTTP instead of HTTPS
My reasoning for this is that I'm developing a project that's using a free SSL certificate until launch. This certificate covers the base domain, but none of the wildcard subdomains, and it's a pain to need to bypass the warning every time I visit one of the subdomains.
Edit:
I believe I'm close here, but I still can't get the HTTPS to HTTP redirect to work properly.
RewriteEngine on
# Redirect domain and www to HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} =mydomain.com [or]
RewriteCond %{HTTP_HOST} =www.mydomain.com
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Redirect wildcard subdomains to HTTP
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^(.+)\.mydomain\.com$ [NC]
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Figured it out. By moving these rules from the sites-available/default file to an .htaccess inside of the website root, I was able to get this working properly.
RewriteEngine on
# Redirect domain and www to HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} =mydomain.com [or]
RewriteCond %{HTTP_HOST} =www.mydomain.com
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Redirect wildcard subdomains to HTTP
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^(.+)\.mydomain\.com$ [NC]
RewriteCond %{HTTP_HOST} !=www.mydomain.com
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I am trying to rewrite all following urls in Apache (v2.2.22 - Debian):
http://mydomain.com/something
http://www.mydomain.com/something
https://www.mydomain.com/something
to
https://mydomain.com/something
Rewriting http to https is no problem - this works fine. But I don't seem to be able to get rid of the www prefix. My domain does run with the www, however my SSL certificate happens to be only valid for mydomain.com and mail.mydomain.com and not for www.mydomain.com - so the www gives me SSL warnings in my browser.
I have tried many suggestions on the Web, which all didn't seem to work. Currently in my /etc/apache2/sites-available/default (picked up by apache2.conf) is the following:
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://mydomain.com/$1 [L]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^(.*)$ https://mydomain.com/$1 [L]
As I said, this works for http => https, not for losing the www prefix. Any ideas?
You forgot to do an external redirect. Add the [R=301] flag.
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://mydomain.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^(.*)$ https://mydomain.com/$1 [R=301,L]
basically what i want is redirect al request to use HTTPS instead of http
I have this in my htaccess so far and it worked great:
Code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</ifModule>
today someone noticed that when going to:
http://www.example.com it redirects to and shows an unsecure connection thingie.
My ssl is setup for non www domain: mydomain.com
So i need to make sure all site requests are sent to non www and https:
It works fine if i put example.com it redirects to https://example.com
but with www.example.com it goes to htts://www.example.com and shows the error
what do i need to add to my code to redirect www to non www and then to ssl
?
You will have to re-issue your certificate for both www and without www.
If someone connects to your site via a domain name that is not included in your common name, they will receive a warning.
The ssl negociation process happens before any response from the server (in your case, a redirection), so in all cases, your visitors will receive a warning when using a domain that is not in your common name.
You can get what you need from the HTTP_HOST
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC]
RewriteRule (.*) https://%1%{REQUEST_URI} [L,R=301]
This way it will get the host always without the subdomain.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://domain.com%{REQUEST_URI} [L,R=301,NC]
RewriteCond %{HTTP_HOST} ^www.domain.com [NC]
RewriteRule (.*) https://domain.com%{REQUEST_URI} [L,R=301,NC]
If you are using CloudFlare's free account then that's the problem. CloudFlare's free account does NOT support SSL Certificates. To continue using CloudFlare's free account with an SSL Certificate just go to the DNS settings in CloudFlare and take the orange cloud off of your domain and off of the cname WWW. That will fix your problem and cause both www and non-www to be redirected to https.
Also be sure to add this code to your .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Then, everything should work!
This will redirect all of your www websites to non-www and secure them if you have completed the CERTBOT for each domain conf file. Put this in /etc/apache2/apache2.conf inside the Directory /www section:
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
There is no need to CERTBOT a www domain after this code is inserted. Just do the domain.com choice. You do not need htaccess files. They can be restricted by the AllowOverride None selection.
Remember to restart apache.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC]
RewriteRule (.*) https://www.%1%{REQUEST_URI} [L,R=301]
Check out this:
RewriteEngine On
RewriteCond %{HTTP_HOST}#%{HTTPS}s ^www\.([^#]+)#(?:off|on(s)) [NC]
RewriteRule ^ http%2://%1%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]