Client site uses several domains leading to the same content, which is bad for SEO ("duplicated content").
example.com, www.example.com, foo.com, foo.example.com, www.foo.com and www.foo.example.com
Also, the site must now use https on all requests.
So the task now is to enforce the sole use of https://foo.example.com as the SSL certificate is for *.example.com. All other domains should be redirected to https://foo.example.com
I'm trying to implement these requirements via url rewriting in the website's root folder .htaccess file.
Rewritecond %{HTTP_HOST} !^example\.com
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
It works, except for one use case: http://example.com
Requests pointing to http://example.com/hello do not get rewritten to the https://example.com.
So I tried
RewriteCond %{HTTPS} !^on [OR]
Rewritecond %{HTTP_HOST} !^example\.com
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
But i get a "redirection loop" error. It means the conditions are always true, but why?
server details
Server: LAMP (Apache 2) on Red Hat Enterprise Linux Server release 6.5
UPDATE
I think my rewriting rules are correct, the issue occurs upstream. System administrator informed me that their network redirects 443 requests to the local machine's :80 port. Also, phpinfo() on a https url shows no presence of SSL flags ( HTTPS= on does not appear in phpinfo()).
Related
few days ago I have asked my host to install an SSL certificate, to be able to load my website through https protocol. The website is now running via https properly, but I noticed that Google started indexing my website by using the IP Address instead of the domain name and this is caused some pages not being indexed properly.
After the certificate was installed, I created an .htaccess with the following code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^11\.11\.11\.111$ [NC,OR]
RewriteCond %{HTTP_HOST} ^([a-z.]+)?example\.com$ [NC]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]
</IfModule>
(IP and DOMAIN are masked, if you need actual IP and domain, I can provide them)
I was expecting all requests via IP address and via "www.example.com" to be redirected properly to "https://example.com" with https protocol and without www.
Unfortunately, if I try to type "http://11.11.11.111/" I'm being redirected properly to "https://example.com/" but if I try "https://11.11.11.111/" I am not and I get a warning (of course the certificate is not for IP address, but for domain name).
How can I force redirecting also for https + IP Address by using an htaccess declaration?
Can you please tell me what I'm doing wrong?
Thank you very much in advance for any help.
Let me explain my setup here, I have two domains, for the sake of naming them lets call them domain1.com and domain2.com. I have shared hosting that runs cPanel.
Domain1.com is my main domain, and is what I have my hosting account setup using. I have a website hosted at that domain. Domain2.com is set as an add-on domain, and directs to a folder inside of the main domains root. That has it's own website (a Ghost blog).
That all works fine. However the websites hosted at the two domains are quite different and I did not want the subdomain to work, but as far as I can tell add-on domains in cPanel have to have a subdomain in order to be added to the account. The redirect options for the subdomains in cPanel aren't good enough for me, as I wanted anyone accessing say domain1.com/domain2 to get a 404 error as if it didn't exist. So I set up the .htaccess file for domain1.com to look like this:
RewriteEngine On
#301 (permenant) redirects all HTTP requests to HTTPS (SSL)
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#404 redirects all domain.com/subdomain requests
RewriteCond %{HTTP_HOST} ^(www.)?domain1.com$ [NC]
RewriteCond %{REQUEST_URI} ^/domain2/(.*)$
RewriteRule ^(.*)$ - [L,R=404]
#404 redirects all subdomain.domain.com & www.subdomain.domain.com requests
RewriteCond %{HTTP_HOST} ^domain2.domain1.co.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www.domain2.domain1.co.uk$ [OR]
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^(.*)$ - [L,R=404]
This worked perfectly, anyone tryting to access domain2 via domain1 would get a 404 error. But that was before I installed Ghost on domain2 After getting Ghost installed I created an .htaccess file in the domain2 folder inside of domain1's root.I had to put this in it in order for Ghost for to run, as it uses NodeJS:
RewriteEngine on
RewriteRule ^(.*)$ http://127.0.0.1:55555555/$1 [P,L]
This also works perfectly except for one aspect. Now all requests to the domain using domain1.com have started working again. For example if I type domain2.domain1.com it will now show me the Ghost blog where as before it was correctly displaying a 404 Not Found error. Why is this and how do I go about rectifying this issue?
As a side note, I also started trying to have all http requests redirect to https. I added the following to the domain1.com htaccess file as I wanted all requests on both domains to redirect to https and I assumed this was necessary:
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Now this kind of works. All requests, whatever they are (with or without www for instance), redirect to https, and when I visit it in my browser I get a green the icon indicating it's secured with SSL. Again even with this the previous issue of the domain redirect still doesn't work. But I have another odd issue here.
If I type in my browser simply "domain1.com" (ie without https:// or www. or a combination of the two), it will show just "domain1.com" in the address bar but with the green icon and say it is secured. If however I type in "domain2.com" (again with no https:// or www etc.) it does the same thing except it states it is not secure, suggesting it requested http.
And yet if I type in www.domain2.com or http://domain2.com, that works and I get the secured icon. It is highly puzzling. It seems that the https redirect works on every request except for just "domain2.com" while any other variation (www.domain2.com, http://domain2.com etc) works fine. Any clues? I mean clearly I've done something wrong with the htaccess files but I don't know what, I got most of what I'd put in them from searching sites like Stackexchange, but personally I don't really know anything about them or how they work.
I think I have fixed my own problem here.
I corrected the main htaccess so the https redirect acts like this;
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
From what I can tell it's better to do it this way than the way I had it previously. This in itself didn't fix the problems. What fixed it for me is editing the domain2.com htaccess to look like this:
RewriteEngine on
#Force WWW if it isn't in the request
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
#Or include WWW even if it is in the request
RewriteCond %{HTTP_HOST} ^www\. [NC]
#Then Force it to use https
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#Defines this domain so main htaccess rules for subdomains work
RewriteCond %{HTTP_HOST} ^(.*)?domain2.com$ [NC]
#Proxy for Ghost
RewriteRule ^(.*)$ http://127.0.0.1:55555555/$1 [P,L]
Now everything works. All requests are redirected to https. All requests to the subdomain from the main domain fail with a 404. domain2.com now redirects to https://www.domain2.com or https://domain2.com so it is now always secured by SSL. I'm a novice at htaccess as is probably evident and I've no doubt some or all of this could have unnecessary elements removed or simplified so if anyone wants to correct my syntax so it's less messy I'd appreciate it.
I have tried a zillion variations of .htaccess rewrites and cannot get this to work.
I have a previous HTTPS old-domain.com that I need to forward to new-domain.io. Both are HTTPS but only the new domain has SSL certs on the server. This makes the browser trying to load old-domain.com just spin in the browser.
I already have a DNS forward that works fine ONLY with http, not https. I am thinking that I need to use something like %{HTTP:X-Forwarded-Proto} but not exactly sure how. Nothing has worked so far.
https://old-domain.com
AND https://www.old-domain.com
both need to redirect to https://new-domain.io (along with any URI like/something/this.html)
Something like this looks like it should work, but redirects infinitely.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^old-domain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.old-domain\.com$
RewriteRule (.*)$ https://new-domain.io/$1 [R=301,L]
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*)$ https://new-domain.io/$1 [R=301,L]
SOLUTION --------
The new domain .htaccess file cannot fix a HTTPS redirected link by itself.
There are two ways to correctly fix it.
Remove DNS forwarding at the old domain DNS. Then make sure there are still valid SSL certs AND put a redirect on its .htaccess file to handle the redirects with something like this:
RewriteEngine On
RewriteCond %{HTTP_HOST} (w*)domain.com$ [NC]
RewriteRule ^ http://newdomain.com%{REQUEST_URI} [L,R=301]
Leave the DNS forwarding of the old domain and add a new multi-domain SSL cert at the new domain which includes BOTH domains. This is tricky because you will have to manually authenticate the old domain because the cert won't be living at the old domain host.
I choose and implemented #1 successfully.
I'm experiencing an unusual issue where Google is indexing subdomains of my site that don't exist. It looks like these 'subdomains' are created from misspellings such as w. ww.. There's even some instances of http://abc.www.example.com being indexed.
My main concern here is with content duplication in the SERPS as there are several of these non existent / zombie subdomains indexed by Google. I want these subdomains to either drop out of the SERPS or be redirected to the secure www. version of the website.
I'm experienced in web development, but server configuration and .htaccess / mod Rewrite rules are not my biggest strength.
There's currently a rewrite rule to force https across the site - could this be amended to force the zombie subdomains to redirect to https://www.? If it is possible, can I ensure it doesn't effect real subdomains of the site?
Current .htaccess redirect :
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [NC,R=301,L]
To address the comments... You can't block hostnames (subdomains) in robots.txt if all subdomains are pointing to the same place (the same site), unless you internally rewrite those requests to a different robots-block.txt file. However, robots.txt doesn't necessarily prevent indexing, it prevents crawling, and if these subdomains are already indexed, then they are going to remain indexed for while if you simply block crawling.
Are you on a shared server? Or do you have your own? This will only be a "default host" issue if this is your own server and your site is the first (or only) host defined on it. (This is rare to be a shared server issue.) Otherwise, this sounds like you have a "wildcard" subdomain defined in DNS (and corresponding ServerAlias in the server config).
Remove the wildcard subdomain and it will resolve your issue.
Otherwise you can redirect (or block) any non-canonical hosts in .htaccess. For example:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^(www\.)?example\.com
RewriteRule ^ - [F]
The above would send a 403 Forbidden for any request that is not for example.com or www.example.com.
Aside:
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [NC,R=301,L]
This is not correct. It only canonicalises http://example.com. It won't canonicalise/redirect http://www.example.com or https://example.com since the two conditions are implicitly AND'd. You need to OR the two conditions:
RewriteCond %{HTTP_HOST} ^example\.com [NC,OR]
RewriteCond %{SERVER_PORT} 80
In order to match example.com or http.
I recently installed my SSL certificate, and I'm attempting to enforce a https connection to all my pages. However, previously I also redirected all requests to the www version of the request page. When combining an http redirect to https and concurrently redirecting traffic to www, I get a looping redirect warning on browsers. Hence, how can I make .htcaccess rule (I actually just use the directory config file) that will achieve what i want: always https://'www'
Here's the current combination that I have:
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}$1 [NC,R=301,L]
RewriteCond %{HTTP_HOST} ^mydomain.com
RewriteRule (.*) https://www.mydomain.com$1 [R=301,L]
Your question is a duplicate of htaccess redirect to https://www
Also, you can solve the WWW problem with DNS by simply pointing your naked domain to WWWizer's free naked domain redirect service's IP 174.129.25.170