I have certificate for single domain only, including www.
With my current .htaccess setup, I am redirecting all HTTP requests to HTTPS.
But I want to make it following:
Force HTTPS domain.com (www and non-www)
Allow HTTP only for ALL subdomains *.domain.com
Is this possible?
My current .htaccess setup forces everything to use HTTPS
# Force SSL
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I have found 1 solution:
# Force HTTPS www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)(domain\.com)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L]
# Force HTTP subdomains
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^((?!www).+\.domain\.com)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
Related
I created a way to redirect www to non-www and to redirect any http to https. However, I'm wondering if there's a more elegant and efficient way to do this. Here's my code:
# Force SSL
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule (.*) https://%1%{REQUEST_URI} [L,R=301]
# Rewrite all http to https
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://{HTTP_HOST}.com/$1 [R=301,L]
You can enforce non-www and https using a single RewriteRule :
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$
RewriteRule ^ https://%1%{REQUEST_URI} [NE,L,R]
The combination of OR and AND conditions above allows us to manipulate 2 types of requests at one time 1) http www, 2) https www and The rule always redirects them to the ssl non-www version. You can Replace R with R=301 to make the Redirect Permanent.
How to achieve the following:
redirect all http:// domain .com to https:// www.domain .com
redirect all http:// www.domain .com to https:// www.domain .com
redirect all https:// domain .com to https:// www.domain .com
So basically, all my traffic be it non-www or www will be redirected to SSL www domain.
Edit:
Additionally, I have 2 subdomain that works on http, so I want to achieve the above and also keep the 2 subdomain free from the above redirect rule.
You can use the following code in Root/.htaccess :
RewriteEngine on
#Http to https
#Exclude subdomains
RewriteCond %{HTTP_HOST} !^(sub1|sub2)
RewriteCond %{HTTP_HOST} ^(www\.)?example.com$ [NC]
RewriteCond %{HTTPS} off
RewriteRule ^ https://www.example.com%{REQUEST_URI} [NC,L,R]
#add www on ssl
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [NC,L,R]
This will redirect :
http://example.com
or
http://www.example.com
to ssl
https://www.example.com
And the second rule will add www to non www requests on ssl, redirect :
https://example.com
to
https://www.example.com
First, you can edit your httpd.conf file, and add this to the :80 servers
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain.com$ [NC]
RewriteRule ^(.*)$ https://www.domain.com$1 [L,R=301]
</IfModule>
Anyway , this on .htaccess will do the same
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.domain\.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/?(.*) https://www.domain.com/$1 [L,R,NE]
Also, you can add in your vhost file also something like
Redirect permanent / https://www.domain.com/
And in your vhost_ssl:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain.com$ [NC]
RewriteRule ^(.*)$ https://www.domain.com$1 [L,R=301]
</IfModule>
I'm attempting to setup an SSL redirect in Apache using RewriteEngine that will do the following:
Redirect traffic to either http://mydomain.com or http://www.mydomain.com to use HTTPS
Redirect traffic to any other subdomain https://*.mydomain.com to use HTTP instead of HTTPS
My reasoning for this is that I'm developing a project that's using a free SSL certificate until launch. This certificate covers the base domain, but none of the wildcard subdomains, and it's a pain to need to bypass the warning every time I visit one of the subdomains.
Edit:
I believe I'm close here, but I still can't get the HTTPS to HTTP redirect to work properly.
RewriteEngine on
# Redirect domain and www to HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} =mydomain.com [or]
RewriteCond %{HTTP_HOST} =www.mydomain.com
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Redirect wildcard subdomains to HTTP
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^(.+)\.mydomain\.com$ [NC]
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Figured it out. By moving these rules from the sites-available/default file to an .htaccess inside of the website root, I was able to get this working properly.
RewriteEngine on
# Redirect domain and www to HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} =mydomain.com [or]
RewriteCond %{HTTP_HOST} =www.mydomain.com
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Redirect wildcard subdomains to HTTP
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^(.+)\.mydomain\.com$ [NC]
RewriteCond %{HTTP_HOST} !=www.mydomain.com
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
basically what i want is redirect al request to use HTTPS instead of http
I have this in my htaccess so far and it worked great:
Code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</ifModule>
today someone noticed that when going to:
http://www.example.com it redirects to and shows an unsecure connection thingie.
My ssl is setup for non www domain: mydomain.com
So i need to make sure all site requests are sent to non www and https:
It works fine if i put example.com it redirects to https://example.com
but with www.example.com it goes to htts://www.example.com and shows the error
what do i need to add to my code to redirect www to non www and then to ssl
?
You will have to re-issue your certificate for both www and without www.
If someone connects to your site via a domain name that is not included in your common name, they will receive a warning.
The ssl negociation process happens before any response from the server (in your case, a redirection), so in all cases, your visitors will receive a warning when using a domain that is not in your common name.
You can get what you need from the HTTP_HOST
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC]
RewriteRule (.*) https://%1%{REQUEST_URI} [L,R=301]
This way it will get the host always without the subdomain.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://domain.com%{REQUEST_URI} [L,R=301,NC]
RewriteCond %{HTTP_HOST} ^www.domain.com [NC]
RewriteRule (.*) https://domain.com%{REQUEST_URI} [L,R=301,NC]
If you are using CloudFlare's free account then that's the problem. CloudFlare's free account does NOT support SSL Certificates. To continue using CloudFlare's free account with an SSL Certificate just go to the DNS settings in CloudFlare and take the orange cloud off of your domain and off of the cname WWW. That will fix your problem and cause both www and non-www to be redirected to https.
Also be sure to add this code to your .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Then, everything should work!
This will redirect all of your www websites to non-www and secure them if you have completed the CERTBOT for each domain conf file. Put this in /etc/apache2/apache2.conf inside the Directory /www section:
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
There is no need to CERTBOT a www domain after this code is inserted. Just do the domain.com choice. You do not need htaccess files. They can be restricted by the AllowOverride None selection.
Remember to restart apache.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC]
RewriteRule (.*) https://www.%1%{REQUEST_URI} [L,R=301]
Check out this:
RewriteEngine On
RewriteCond %{HTTP_HOST}#%{HTTPS}s ^www\.([^#]+)#(?:off|on(s)) [NC]
RewriteRule ^ http%2://%1%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Not sure how to best write the following rules:
All secure (HTTPS) traffic should redirect to https://secure.domain.com
Non-secure requests to secure.domain.com should redirect to https://secure.domain.com
All other non-secure requests should go to http://www.domain.com
Lastly, all non-www requests should redirect to www, except the "secure" subdomain.
Try adding the following to your htaccess file in the root folder of your domain.
RewriteEngine on
RewriteBase /
#Non-secure requests to secure.domain.com should redirect to https://secure.domain.com
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^secure\.domain\.com$ [NC]
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#All secure (HTTPS) traffic should redirect to https://secure.domain.com
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^secure\.domain\.com$ [NC]
RewriteRule .* https://secure.domain.com%{REQUEST_URI} [L,R=301]
#All other non-secure requests should go to http://www.domain.com
#Lastly, all non-www requests should redirect to www, except the "secure" subdomain.
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\.domain\.com$ [NC]
RewriteRule .* http://www.domain.com%{REQUEST_URI} [L,R=301]