Apache SSL Rewrite with Wildcard Subdomains - apache

I'm attempting to setup an SSL redirect in Apache using RewriteEngine that will do the following:
Redirect traffic to either http://mydomain.com or http://www.mydomain.com to use HTTPS
Redirect traffic to any other subdomain https://*.mydomain.com to use HTTP instead of HTTPS
My reasoning for this is that I'm developing a project that's using a free SSL certificate until launch. This certificate covers the base domain, but none of the wildcard subdomains, and it's a pain to need to bypass the warning every time I visit one of the subdomains.
Edit:
I believe I'm close here, but I still can't get the HTTPS to HTTP redirect to work properly.
RewriteEngine on
# Redirect domain and www to HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} =mydomain.com [or]
RewriteCond %{HTTP_HOST} =www.mydomain.com
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Redirect wildcard subdomains to HTTP
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^(.+)\.mydomain\.com$ [NC]
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Figured it out. By moving these rules from the sites-available/default file to an .htaccess inside of the website root, I was able to get this working properly.
RewriteEngine on
# Redirect domain and www to HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} =mydomain.com [or]
RewriteCond %{HTTP_HOST} =www.mydomain.com
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Redirect wildcard subdomains to HTTP
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^(.+)\.mydomain\.com$ [NC]
RewriteCond %{HTTP_HOST} !=www.mydomain.com
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Related

htaccess force https & www to non-www, but subdomain only https

I have a two websites
yourdomain.com
reseller.yourdomain.com
Now I want to forcing both domains to use https via apache htaccess redirect. In addition to that, the main domain should use always www instead of non-www. But the subdomain reseller.yourdomain.com shouldn't use www of course.
How should the redirect look like? I have tried so many things like
RewriteEngine on
RewriteCond %{HTTPS} !^on
RewriteCond %{HTTP_HOST} !^reseller\.yourdomain\.com [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
This works not 100%, the main domain redirects correctly to www and ssl, the ssl-redirect for the subomdain works only on reseller.yourdomain.com, not on sub-sites like reseller.yourdomain.com/single-page.
thanks!
Try it like this,
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^yourdomain.com
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301]
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^(.+)\.yourdomain.com$
RewriteRule ^ https://%1.yourdomain.com [R=301,L]

Apache2 redirect to another domain with ssl

I have a no clue why this fails. I just want to redirect all domain to www.maindomain.com and also http to https, what am i missing?
# redirect http to https
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# redirect without www to www
RewriteCond %{http_host} ^maindomain.com [nc]
RewriteRule ^(.*)$ https://www.maindomain.com [r=301,nc]
# redirect another domain to www.maindomain.com
RewriteCond %{HTTPS} off # this i was missing
RewriteCond %{HTTP_HOST} ^(www\.)?anotherdomain.com [NC]
RewriteRule ^(.*)$ https://www.maindomain.com [R=301,L]
http://maindomain.com to https:/www.maindomain.com/ works
http://anotherdomain.com to https:/www.maindomain.com/ works
https://anotherdomain.com to https:/www.maindomain.com/ fails
The Http to Https redirection for Another domain failed because Your Rule is missing the following line :
RewriteCond %{HTTPS} off
Try :
# redirect another domain to www.maindomain.com
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?anotherdomain.com [NC]
RewriteRule ^(.*)$ https://www.maindomain.com [R=301,L]
You can try this:
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Just copy and paste the above code in .htaccess file then the whole website will be redirected to “https” when the browser is opened in “http” mode. The browser just get redirected using url rewriting in .htaccess.

HTTPS for www and non-www only - HTTP for all subdomains

I have certificate for single domain only, including www.
With my current .htaccess setup, I am redirecting all HTTP requests to HTTPS.
But I want to make it following:
Force HTTPS domain.com (www and non-www)
Allow HTTP only for ALL subdomains *.domain.com
Is this possible?
My current .htaccess setup forces everything to use HTTPS
# Force SSL
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I have found 1 solution:
# Force HTTPS www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)(domain\.com)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L]
# Force HTTP subdomains
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^((?!www).+\.domain\.com)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]

Redirect multiple URLs to one SSL URL

I have two URLs pointing to one app and I would like them all to be redirected to the SSL address with www (i.e https://www.example1.com)
I currently have the following in my .htaccess file:
RewriteCond %{HTTP_HOST} ^example1.com [nc,or]
RewriteCond %{HTTP_HOST} ^www.example1.com [nc,or] # Causes problems
RewriteCond %{HTTP_HOST} ^example2.com [nc,or]
RewriteCond %{HTTP_HOST} ^www.example2.com [nc] # Causes problems
RewriteRule ^(.*) https://www.example1.com$1 [R=301,nc]
The conditions for www URLs don't seem to redirect properly and the browsers complain as much.
Any help is greatly appreciated.
In most Apache SSL setups, your best bet is redirecting Apache traffic on a port other than 443 (SSL) to the SSL URL:
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*) https://www.example1.com$1 [R=301,NC]
or, you can check for HTTPS this way:
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://www.example1.com$1 [R=301,NC]

apache redirect http to https and www to non www

basically what i want is redirect al request to use HTTPS instead of http
I have this in my htaccess so far and it worked great:
Code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</ifModule>
today someone noticed that when going to:
http://www.example.com it redirects to and shows an unsecure connection thingie.
My ssl is setup for non www domain: mydomain.com
So i need to make sure all site requests are sent to non www and https:
It works fine if i put example.com it redirects to https://example.com
but with www.example.com it goes to htts://www.example.com and shows the error
what do i need to add to my code to redirect www to non www and then to ssl
?
You will have to re-issue your certificate for both www and without www.
If someone connects to your site via a domain name that is not included in your common name, they will receive a warning.
The ssl negociation process happens before any response from the server (in your case, a redirection), so in all cases, your visitors will receive a warning when using a domain that is not in your common name.
You can get what you need from the HTTP_HOST
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC]
RewriteRule (.*) https://%1%{REQUEST_URI} [L,R=301]
This way it will get the host always without the subdomain.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://domain.com%{REQUEST_URI} [L,R=301,NC]
RewriteCond %{HTTP_HOST} ^www.domain.com [NC]
RewriteRule (.*) https://domain.com%{REQUEST_URI} [L,R=301,NC]
If you are using CloudFlare's free account then that's the problem. CloudFlare's free account does NOT support SSL Certificates. To continue using CloudFlare's free account with an SSL Certificate just go to the DNS settings in CloudFlare and take the orange cloud off of your domain and off of the cname WWW. That will fix your problem and cause both www and non-www to be redirected to https.
Also be sure to add this code to your .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Then, everything should work!
This will redirect all of your www websites to non-www and secure them if you have completed the CERTBOT for each domain conf file. Put this in /etc/apache2/apache2.conf inside the Directory /www section:
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
There is no need to CERTBOT a www domain after this code is inserted. Just do the domain.com choice. You do not need htaccess files. They can be restricted by the AllowOverride None selection.
Remember to restart apache.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC]
RewriteRule (.*) https://www.%1%{REQUEST_URI} [L,R=301]
Check out this:
RewriteEngine On
RewriteCond %{HTTP_HOST}#%{HTTPS}s ^www\.([^#]+)#(?:off|on(s)) [NC]
RewriteRule ^ http%2://%1%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]