force a user to https:// and non www address format - apache

I have a website that has an SSL setup for domain.com, but not www.domain.com.
I have the following running in my .htaccess,
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]
RewriteCond %{HTTP_HOST} ^www.%{HTTP_HOST}$ [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
This does not seem to work at all, basically I have a couple of scenarios
http://www.domain.com -> https://domain.com
https://www.domain.com -> https://domain.com
http://domain.com -> https://domain.com
Basically I want anything that is not https://domain.com to be forwarded to https://domain.com, so that my SSL works without warnings.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain\.com$
RewriteCond %{HTTPS} ^off$
RewriteRule ^(.*)$ https://domain.com/$1 [NC,R,L]

Related

Redirection using htaccess file?

I have a website and I need the following redirections :
www.example.com > example.com
http requests redirected to https
I wrote the following rules :
#Redirect http://example.com to https://example.com
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com
RewriteRule ^(.*)$ https://example.com$1 [R=permanent,L]
#Redirect www to non-www
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.example\.com
RewriteRule ^(.*)$ https://example.com$1 [R=permanent,L]
The rules are not working and I'm getting the error : domain.com redirected you too many times.
Does anyone know how to solve that please ?
Thanks
Your first rule seems to be the culprit which is not checking for http / https and redirecting to https.
You may use:
RewriteEngine On
#Redirect www to non www
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L,NE]
# http to https
RewriteCond %{HTTP:X-Forwarded-SSL} =off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,NE,L]
Thanks to the help of Anubhava, I could get a working solution :
#Redirect http://example.com to https://example.com
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-SSL} =off
RewriteCond %{HTTP_HOST} ^example\.com
RewriteRule ^(.*)$ https://example.com$1 [R=permanent,L]
#Redirect www to non www
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.example\.com
RewriteRule ^(.*)$ https://example.com$1 [R=permanent,L]

How to prevent subdomains from redirecting to https - htaccess?

I am trying to work out how to redirect all http instances to https:// though excluding the subdomain.
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^(www\.)?example.co [NC]
RewriteRule (.*) https://example.co/$1 [L,R=301,QSA]
For example, domain.example.co should be left as it is and not redirected to https://.
example.co or example.co/sub/sub should be redirected to https://
I have tried changing the RewriteRule:
RewriteRule ^$ https://example.co/$1 [R,L]
This leaves subdomains as they are but has no effect on subdirectories under example.co - i.e. example.co/sub/sub.
How could I redirect from http to https but exclude all subdomains?
Note
I also have a rewrite rule which points subdomains to their directories without changing the URL:
RewriteCond %{HTTP_HOST} ^(.*)\.example\.co [NC]
RewriteRule ^(.*)/?$ http://example.co/%1/$1 [P]
sub.example.co will displays example.co/sub but the URL will not change
You can try this :
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(.+\.)?domain\.com$
RewriteRule ^(.*)$ https://%1domain.com/$1 [R,L]
Or This :
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?sub\.domain\.com$
RewriteRule ^(.*)$ https://sub.domain.com/$1 [R,L]
Note: Replace sub with subdomain and domain with domain name
Enjoy it ;-)
Try below I am assuming you are not using www appended to host.
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^example.co [NC]
RewriteRule ^(.*)$ https://example.co/$1 [L,R=301,QSA]
RewriteCond %{HTTP_HOST} ^(.*)\.example\.co [NC]
RewriteRule ^(.*)/?$ http://example.co/%1/$1 [P]
ProxyPassReverse / http://example.co/

Merging a HTTPS redirect with WWW redirect

I currently have this in my .htaccess file
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
This ensures all http://www.example.com is redirected to http://example.com
I would like to implement an SSL certificate and I found this is the rewrite rule I must use for http to redirect to https.
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
How could I merge the HTTPS condition with my current condition so that
http://www.example.com redirects to https://example.com
http://example.com redirects to https://example.com
If it is not possible to merge this, can I just have those two code snippets one after another?
Thanks in advance.
Yes, you can use them one after another. I'd also save your users a redirect by having your first set of rules send them straight to HTTPS.
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

All http traffic to domain.com and all https to sub.domain.com with htaccess

I have two domain names www.domain.com and sub.domain.com, and I want to redirect all the http traffic to www.domain.com and all the https traffic to sub.domain.com. For example, if the url called is http:// sub.domain.com/index.php, the server have to rewrite the url to http:// www.domain.com/index.php, and if the url called is https:// www.domain.com/index.php, the server have to rewrite the url to https:// sub.domain.com.
I have this code in htaccess but it does not work correctly:
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www.domain.com$ [OR]
RewriteCond %{HTTP_HOST} ^domain.com$
RewriteRule ^/?$ "http\:\/\/sub\.domain\.com\/" [R=301,L]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^sub.domain.com$
RewriteRule ^/?$ "http\:\/\/domain\.com\/" [R=301,L]
It redirects correctly the https to sub.domain.com but only when there is no page indicated (https:// domain.com/index.php/some-page not work and https:// domain.com yes). For the http not work at all.
Thanks in advance!
You can put this code in your root htaccess
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(?:www\.)?domain\.com$ [NC]
RewriteCond %{HTTPS} =on
RewriteRule ^(.*)$ https://sub.domain.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^sub\.domain\.com$ [NC]
RewriteCond %{HTTPS} =off
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]
Make sure both domain.com and sub.domain.com share the same document root folder. Otherwise, you will have to split htaccess code in two htaccess (one per root domain folder)
/domain/root/folder/.htaccess
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(?:www\.)?domain\.com$ [NC]
RewriteCond %{HTTPS} =on
RewriteRule ^(.*)$ https://sub.domain.com/$1 [R=301,L]
/subdomain/root/folder/.htaccess
RewriteEngine On
RewriteCond %{HTTP_HOST} ^sub\.domain\.com$ [NC]
RewriteCond %{HTTPS} =off
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

.htaccess allow https non www, force www on http only

Having troubles with Paypal subscriptions have held the old https://example.com domain in the paypal subscription profile and cannot be changed without cancel and re-subscribing.
what I have in place at the moment is forcing everything to http://www.example.com so http(s)://example.com 301 -> http://www.example.com
This is what I currently have.
paypal is trying to submit some subscriptions to https://example.com/payments/ipn.php it was doing a 301 redirect on https to http://www.example.com but you loose the POST data on a 301 redirect...
With the code below, https://www.example.com works, but since i need https://example.com for Paypal to work, i'm not sure how to allow the none www on the HTTPS domain without it redirecting to the HTTP host (http://www.example.com)
I added the robots.txt redirection to disallow / on https, this works as I don't want duplicate site on google.
I hope this has all made sense.
RewriteCond %{HTTP_HOST} ^domain\.com
RewriteCond %{REQUEST_URI} !^(/payments)
RewriteRule ^ http://www.domain.com%{REQUEST_URI} [L,R=301]
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^robots\.txt$ robots_ssl.txt [L]
HERE IS THE FIXED .htaccess for anyone that's interested!
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^domain\.com
RewriteRule ^ http://www.domain.com%{REQUEST_URI} [L,R=301]
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^robots\.txt$ robots_ssl.txt [L]
RewriteRule %{HTTPS_HOST} ^domain\.com%{REQUEST_URI}
To filter HTTPS you could use following RewriteCond:
RewriteCond %{HTTPS} !=on # if it's not HTTPS
RewriteCond %{HTTP_HOST} ^domain\.com
RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]
Or you could avoid a redirect, when it's a POST request, so the POST data wont be lost:
RewriteCond %{REQUEST_METHOD} !=POST # if it's not POST
RewriteCond %{HTTP_HOST} ^domain\.com
RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]