I want to be able to redirect all visitors to a website & its subdomains to HTTPS like the following:
http://example.com -> https://www.example.com
http://www.example.com -> https://www.example.com
http://sub.example.com -> https://sub.example.com
http://www.sub.example.com -> https://sub.example.com
https://www.sub.example.com -> https://sub.example.com
Other redirects:
w (or ww, wwww, etc).example.com -> https://www.example.com
w (or ww, wwww, etc).sub.example.com -> https://sub.example.com
The redirects should be a cacheable HTTP 301 redirect. The configuration used is Apache 2.4.10 + mod-spdy, with Strict-Transport-Security (Plus a wildcard SSL cert).
Currently use the following in .htaccess:
RewriteCond %{SERVER_PORT} !^443
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^ "https://www.example.com%{REQUEST_URI}" [R=301,L]
RewriteCond %{SERVER_PORT} !^443
RewriteCond %{HTTP_HOST} ^sub\.example\.com$
RewriteRule ^ "https://sub.example.com%{REQUEST_URI}" [R=301,L]
I've been using spdycheck.org to test this, it works fine for the main domain, with the subdomains I get the following message:
HTTP Traffic Allowed
This website can still be access via HTTP. HTTP
does not provide any widely implemented mechanism for using other
protocols like SPDY. Only traffic over SSL/TLS using the NPN Extension
can be optimized with SPDY. By allowing HTTP traffic, this website is
not even offering SPDY capable browsers the choice of using SPDY. If
possible, this website should redirect all http:// to https://,
ideally with a cachable HTTP 301 redirect.
What's a good way to accomplish this? I could modify httpd.conf if required also.
If you're doing it in your httpd.conf, put in something like:
<VirtualHost _default_:80>
RewriteEngine On
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NE,L,R=301]
</VirtualHost>
After all of your virtual hosts, and ensure that your other virtual hosts are port 443 only. This will make this redirect the global http vhost that will redirect each page individually to HTTPS and give a 301 redirect.
Related
I've created a wordpress blog with Amazon Lightsail and bought several domain names on route 53. My main domain is example.com, I've also bought:
example.eu
example.be
etc.
I'm using s3 buckets to redirect every possible combination (with non www and with www) to www.example.com (in my hosted zone in route 53 it is www.example.com that is redirected to my lightsail static IP).
I've installed a Lets Encrypt SSL certificate for www.example.com
Now I would like to force HTTPS so that all requests redirect to https://www.example.com (usin 301 redirect) which I'm able to do using my s3 buckets but I'm not able to redirect www.example.com to https://www.example.com as it's associated to my static IP address.
What should I do to allow access to my blog only through HTTPS? I've searched for quite some time on the net and found some tutorials saying that I should use cloudfront to handle redirection to HTTPS but they never really apply to my situation.
So I've finally figured it out thanks to this post. I've modified the httpd-app.conf file to add an SSL redirection rule:
RewriteEngine On
RewriteBase /
#SSL redirection
RewriteCond %{HTTPS} !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Rewrite index.php
RewriteRule ^index\.php$ - [S=1]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
This rule allows to redirect all HTTP calls to HTTPS using the SSL certificate I installed on my server (for the domain www.example.com).
I have this line in my mycooldomain.com.conf (apache2)
Redirect permanent / https://mycooldomain.com
it redirects to https.
What I am trying to do is redirect subdomains to http while all domain requests go through https
for example:
mycooldomain.com/help will redirect to https://mycooldomain.com
while user.mycooldomain.com/blah will redirect to http://user.mycooldomain.com
right now subdomains are being sent to https as well
Add a rewrite rule:
RewriteEngine on
RewriteCond %{HTTP_HOST} user.mycooldomain.com
RewriteRule ^(.*)$ http://user.mycooldomain.com/$1 [QSA, R=301, L]
Redirect permanent / https://mycooldomain.com
I'm having a weird problem with an htaccess (Apache version 2.4). I am using the folliwing code:
RewriteEngine On
RewriteBase /
RewriteCond %{SERVER_PORT} !^443$ [OR]
RewriteCond %{HTTP_HOST} !^example\.com$ [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L]
to force the following redirects:
http should become https in general
any www. should be removed
As it's a TYPO3 installation, I'm having a domain record inserted at the entry page, but it does not have any redirects whatsoever. So any redirecting is/should be done by the .htaccess file.
However, here is the problem:
http + example.com gets forwarded to https + example.com
https + example.com stays the same
http + www + example.com gets forwarded to https + example.com
https + www + example.com stays the same, instead of forwarding to http + example.com
Does anybody have any idea what could be wrong with the code in the .htaccess file?
The problem is that if a user uses https://www.example.com/, he gets an annoying certificate issue warning. But as I understand the code, it should forward if either there is no https or if the domain is not "example.com", e.g. "www.example.com", so basically, it should work, no?
Thanks in advance,
Thomas
I recently installed my SSL certificate, and I'm attempting to enforce a https connection to all my pages. However, previously I also redirected all requests to the www version of the request page. When combining an http redirect to https and concurrently redirecting traffic to www, I get a looping redirect warning on browsers. Hence, how can I make .htcaccess rule (I actually just use the directory config file) that will achieve what i want: always https://'www'
Here's the current combination that I have:
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}$1 [NC,R=301,L]
RewriteCond %{HTTP_HOST} ^mydomain.com
RewriteRule (.*) https://www.mydomain.com$1 [R=301,L]
Your question is a duplicate of htaccess redirect to https://www
Also, you can solve the WWW problem with DNS by simply pointing your naked domain to WWWizer's free naked domain redirect service's IP 174.129.25.170
Client site uses several domains leading to the same content, which is bad for SEO ("duplicated content").
example.com, www.example.com, foo.com, foo.example.com, www.foo.com and www.foo.example.com
Also, the site must now use https on all requests.
So the task now is to enforce the sole use of https://foo.example.com as the SSL certificate is for *.example.com. All other domains should be redirected to https://foo.example.com
I'm trying to implement these requirements via url rewriting in the website's root folder .htaccess file.
Rewritecond %{HTTP_HOST} !^example\.com
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
It works, except for one use case: http://example.com
Requests pointing to http://example.com/hello do not get rewritten to the https://example.com.
So I tried
RewriteCond %{HTTPS} !^on [OR]
Rewritecond %{HTTP_HOST} !^example\.com
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
But i get a "redirection loop" error. It means the conditions are always true, but why?
server details
Server: LAMP (Apache 2) on Red Hat Enterprise Linux Server release 6.5
UPDATE
I think my rewriting rules are correct, the issue occurs upstream. System administrator informed me that their network redirects 443 requests to the local machine's :80 port. Also, phpinfo() on a https url shows no presence of SSL flags ( HTTPS= on does not appear in phpinfo()).