http to https redirect - apache

I try to achieve the following behavior with .htaccess:
Redirect http://www.mydomain.tld -> https://mydomain.tld
Also redirect my old links like:
http://www.mydomain.tld/news/mynews should be redirected to https://mydomain.tld/news/mynews
The page should now only be available over https without the leading "www".
I have this rule to redirect from http://www.mydomain.tld to http://mydomain.tld:
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
</IfModule>
Force https
<IfModule mod_headers.c>
Header set Strict-Transport-Security max-age=16070400;
</IfModule>
But I have problems to figure out how to correctly write the conditions so that I'm not losing my build up link power (Redirect 301 is important).
Hopefully anyone can help me!
Thank you!


I redirect everything to https://example.com without www.
This is what I use:
#Redirect www and http
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
Never had a problem with it like this.

Related

Redirects aren't working, is there a conflict with the rules or order of them?

I need to redirect any incoming traffic that is not www or https, to www and https.
The one issue is trying to add one more rule that would handle all traffic that used to be at rootdomain.com/blog/rest-of-url-title and send that to the subdomain https://blog.rootdomain.com/rest-of-url-title
This is what I have in my root domain htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^/blog/(.*)$ https://blog.rootdomain.com/$1 [R=302,L]
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=302]
</IfModule>
Then within the blog subdomain directory htaccess I have this (to redirect any non https to https and the rest is Wordpress based)
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
When trying to hit any url that is rootdomain.com/blog/rest-of-url-title it redirects to
https://www.rootdomain.com/index.php
Instead of redirecting to the blog subdomain, it just goes to www and since that url title doesn't exist for www i just get 404.

I had to go with mod_alias redirectmatch to get it working how i wanted
RedirectMatch 302 ^/blog/(.*)$ https://blog.rootdomain.com/$1
It's odd because the mod_rewrite line in my original htaccess in root had this:
RewriteRule ^blog/(.*) https://blog.rootdomain.com/$1 [R=302,L]
Which did not work on this particular server, but worked fine on any other servers I tested on. Maybe because of a subdomain/directory mapping issue?
Regardless, I know it's not good practice to mix mod_rewrite and mod_alias, this final worked for me:
RedirectMatch 302 ^/blog/(.*)$ https://blog.skodaminotti.com/$1
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=302]
</IfModule>
Would still love to hear if anyone knows why the rewriterule wouldn't work.

Redirect apache www, https://www to https non-www URLS

I know it's duplicated many times but I promise I tried many different way but still didn't work for me.
I have a https://example.com and it redirect from http and www but it's not covering all URLs.
I want to redirect
www.example.com to https://example.com covered
https://www.example.com to https://example.com covered
https://www.example.com/about to https://example.com/about
https://www.example.com/#blah to https://example.com/#blah
This is my last time tried .htaccess code
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} =off [OR]
RewriteCond %{HTTP_HOST} ^www.example\.com$
RewriteRule ^(.*)$ "https://example.com/$1" [R=301,L]
</IfModule>
----------------------Updated------------------
I have no idea how it's worked. I replaced many different rules but this one is only one working.
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} ^www. [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [L,R=301]

Change yours rules to these:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule (.*) https://example.com/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://example.com/$1 [R=301,L]
</IfModule>

Mod rewrite, redirect all to https except specific URI and redirect that URI from https to http

So I've been hitting a wall have have tried many different options, and configurations. I'm trying to redirect my site to https with the exception of one specific URI which I want to be redirected from https to http and then remain http. I would greatly appreciate any help. This is being done from the virtualhost configuration. Below are the settings I have tried in pairs with ssl.conf and mysite.conf. However I keep either getting a redirect loop or a page that doesn't load.
mysite.conf
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !/example
RewriteRule ^(.*)$ https://my.site.com$1 [R,L]
or
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} ^(/|page1|page2)
RewriteRule ^(.*)$ https://my.site.com$1 [R,L]
or
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !=/example
RewriteRule ^(.*)$ https://my.site.com$1 [R,L]
or
RewriteCond %{REQUEST_URI} =/example
RewriteRule ^(.*)$ http://my.site.com$1 [R,L]
Plus one of the above.
Then in ssl.conf
RewriteEngine on
RewriteCond %{REQUEST_URI} =/example
RewriteRule ^(.*)$ http://my.site.com$1 [R,L]

This should do it for you. Place the most specific rule (that for /example) first.
RewriteEngine on
RewriteCond %{HTTPS} =on
RewriteRule ^/?example$ http://my.site.com/example [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/?example$
RewriteRule ^/?(.*)$ https://my.site.com/$1 [R=301,L]
This should work in either server (.conf) or directory (.htaccess) context.

htaccess redirect to https://www

I have the following htaccess code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond !{HTTPS} off
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
I want my site to be redirected to https://www. with HTTPS, and enforcing the www. subdomain,
but when I access http://www. (without HTTPS), it does not redirect me to https://www with HTTPS.

To first force HTTPS, you must check the correct environment variable %{HTTPS} off, but your rule above then prepends the www. Since you have a second rule to enforce www., don't use it in the first rule.
RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
About proxying
When behind some forms of proxying, whereby the client is connecting via HTTPS to a proxy, load balancer, Passenger application, etc., the %{HTTPS} variable may never be on and cause a rewrite loop. This is because your application is actually receiving plain HTTP traffic even though the client and the proxy/load balancer are using HTTPS. In these cases, check the X-Forwarded-Proto header instead of the %{HTTPS} variable. This answer shows the appropriate process

Michals answer worked for me, albeit with one small modification:
Problem:
when you have a single site security certificate, a browser that tries to access your page without https:// www. (or whichever domain your certificate covers) will display an ugly red warning screen before it even gets to receive the redirect to the safe and correct https page.
Solution
First use the redirect to the www (or whichever domain is covered by your certificate) and only then do the https redirect. This will ensure that your users are not confronted with any error because your browser sees a certificate that doesn't cover the current url.
#First rewrite any request to the wrong domain to use the correct one (here www.)
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#Now, rewrite to HTTPS:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If you are using CloudFlare or a similar CDN you will get an infinite loop error with the %{HTTPS} solutions provided here. If you're a CloudFlare user you'll need to use this:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

BAD SOLUTION AND WHY!
Don't ever use the solution below because when you are using their code that is something like:
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.example.com%{REQUEST_URI} [L,R=301]
The browser goes to:
http://example.com
Then redirects to:
https://example.com
Then redirects to:
https://www.example.com
This is too much request to the server.
Most of the answers even accepted one has this problem.
BEST SOLUTION AND THE ANSWER
This code has an [OR] condition to prevent dual changes at url!
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.example.com%{REQUEST_URI} [R=301,L]

This is the best way I found for Proxy and not proxy users
RewriteEngine On
### START WWW & HTTPS
# ensure www.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
### END WWW & HTTPS

There are a lot of solutions out there. Here is a link to the apache wiki which deals with this issue directly.
http://wiki.apache.org/httpd/RewriteHTTPToHTTPS
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e. http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context

To redirect http:// or https:// to https://www you can use the following rule on all versions of apache :
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,L,R]
Apache 2.4
RewriteEngine on
RewriteCond %{REQUEST_SCHEME} http [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,L,R]
Note that The %{REQUEST_SCHEME} variable is available for use since apache 2.4 .

If you are on CloudFlare, make sure you use something like this.
# BEGIN SSL Redirect
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
# END SSL Redirect
This will save you from the redirect loop and will redirect your site to SSL safely.
P.S. It is a good idea to if check the mod_rewrite.c!

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
Notes: Make sure you have done the following steps
sudo a2enmod rewrite
sudo service apache2 restart
Add Following in your vhost file, located at /etc/apache2/sites-available/000-default.conf
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
Now your .htaccess will
work and your site will redirect to http:// to https://www

Similar to Amir Forsati's solution htaccess redirect to https://www but for variable domain name, I suggest:
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%2%{REQUEST_URI} [R=301,L]

Set in your .htaccess file
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

I used the below code from this website, it works great https://www.freecodecamp.org/news/how-to-redirect-http-to-https-using-htaccess/
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
Hope it helps

I try first answer and it doesnt work...
This work:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

mod_rewrite - add www

I'm trying to force www for my site address with .htaccess:
RewriteCond %{HTTP_HOST} ^mysite\.com$ [NC]
RewriteRule ^(.*)$ http://www.mysite.coml/$1 [R=301,L]
If I open mysite.com this working ok - it adds www. It becomes http://www.mysite.com/index.php.
But if I open mysite.com/subpage I redirected to http://www.mysite.com/index.php again, instead of http://www.mysite.com/subpage.
But if I open http://www.mysite.com/subpage I don't get redirect (which is the expected behaviour).
How can I fix this? I would like the redirect all requests to my site to the www subdomain.

From the superb HTML5 Boilerplate .htaccess:
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

The problem is right here:
RewriteCond %{HTTP_HOST} ^mysite\.com$ [NC]
^ specifies the beginning of the string while $ specifies the end.
In order to make it work you need to have a wildcard select after the .com or .+.
to reiterate what Alex said:
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

Actually, I have to disagree with Mr. Szanto.
It would appear the problem was not with the:
RewriteCond %{HTTP_HOST} ^mysite\.com$ [NC]
Through some additional research (via Google) I found that this worked great for me:
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^mysite\.com$ [NC]
RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
Mr. Szanto's answer, while well formatted, seems to redirect all requests missing the 'www' to be redirected with the 'www' attached. This was not a desirable outcome with most subdomains. The above code only redirects if there is no 'www' AND no subdomain before the TL domain name.
Hope this helps others.