I have two URLs pointing to one app and I would like them all to be redirected to the SSL address with www (i.e https://www.example1.com)
I currently have the following in my .htaccess file:
RewriteCond %{HTTP_HOST} ^example1.com [nc,or]
RewriteCond %{HTTP_HOST} ^www.example1.com [nc,or] # Causes problems
RewriteCond %{HTTP_HOST} ^example2.com [nc,or]
RewriteCond %{HTTP_HOST} ^www.example2.com [nc] # Causes problems
RewriteRule ^(.*) https://www.example1.com$1 [R=301,nc]
The conditions for www URLs don't seem to redirect properly and the browsers complain as much.
Any help is greatly appreciated.
In most Apache SSL setups, your best bet is redirecting Apache traffic on a port other than 443 (SSL) to the SSL URL:
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*) https://www.example1.com$1 [R=301,NC]
or, you can check for HTTPS this way:
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://www.example1.com$1 [R=301,NC]
Related
I'm having trouble coming up with the proper syntax to accomplish both forcing the SSL and no WWW.
EDIT
I've been able to accomplish each task separately but when combining the two i find myself stuck in a redirection loop.
working syntax to force no WWW:
RewriteCond %{HTTP_HOST} !^domain\.com$
RewriteRule (.*) http://domain.com/$1 [R=301,L]
My attempt to force no WWW and SSL
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP_HOST} !^domain\.com$
RewriteRule (.*) https://domain.com/$1 [R=301,L]
Thanks for any suggestions!
For SSL you could use something like:
Redirect / https://domain.com/
Place this only in the section of your virtual host you configure for HTTP, not HTTPS, to not run clients into endless loops.
Here's what I'm using on one of my sites - it seems to work a little better than most of the other methods I've seen:
# The code below tells apache to always require secure (ssl/tls) connections
# to the website. If a client tries connecting over port 80 (http://),
# then the client will be redirected to https:// (over port 443).
RewriteCond %{REMOTE_ADDR} !127\.0\.0\.0
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
For the no-www rule, check out the .htaccess files on any open-source CMS, like Drupal or Wordpress, to see some of the best practices.
By 'no WWW' I assume you mean you want to remove any 'WWW.' prefix of the hostname? Try this:
RewriteCond "%{HTTP_HOST}" "^(?:www\.)?(.*)" [NC]
RewriteCond "%{HTTPS}" "=on"
RewriteRule "(.*)" "https://%1$1" [R=301,L]
If you're doing this in a .htaccess file, change that last line to
RewriteRule "(.*)" "https://%1/$1" [R=301,L]
If you want to be able to remove the 'WWW.' prefix regardless of SSL-ness or not, try this:
RewriteCond "%{HTTP_HOST}" "^(?:www\.)?(.*)" [NC]
RewriteCond "%{HTTPS}" "=on"
RewriteRule "(.*)" "https://%1/$1" [R=301,L]
RewriteCond "%{HTTP_HOST}" "^(?:www\.)?(.*)" [NC]
RewriteRule "(.*)" "http://%1/$1" [R=301,L]
I found this to work for a couple of my client sites:
# Force SSL
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule (.*) https://%1%{REQUEST_URI} [L,R=301]
# Rewrite all http to https
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
I'm just going crazy with my issue and hope for your help.
I have one webstore with two domains linking to one same path. And webstore is choosing itself which content should be shown depends on domain.
www.yogabox.de - German content
www.yogabox.co.uk - English content
I'm trying to rewrite all kinds of yogabox.de to https://www.yogabox.de und the same for yogabox.co.uk to https://www.yogabox.co.uk
Here is the result:
I'm using those rules:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\.yogabox\.co\.uk$
RewriteCond %{HTTP_HOST} !^yogabox\.co\.uk$
#RewriteCond %{HTTP_HOST} !^www\.yogabox\.de$
RewriteRule ^(.*)$ https://www.yogabox.de/$1 [R=301,L]
RewriteCond %{HTTPS} off
#RewriteCond %{HTTP_HOST} ^yogabox\.co\.uk$
RewriteCond %{HTTP_HOST} !^www\.yogabox\.de$
RewriteCond %{HTTP_HOST} !^yogabox\.de$
RewriteRule ^(.*)$ https://www.yogabox.co.uk/$1 [R=301,L]
Only https://yogabox.de and https://yogabox.co.uk are wrong. Where is the problem?
I have already checked the problem with not valid certificate like here WWW to NON WWW Urls (Remove WWW) using Apache (.htaccess)
But the certificates are valid for www and without www.
The problem is that your rules don't match the ssl non-www urls, so the redirection from https://example.com to https://www.example.com isn't happening on your server. .
You can use the following generic rule to redirect your domains to https://www :
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$
RewriteRule ^.*$ https://www.%1%{REQUEST_URI} [NE,L,R=301]
Make sure to clear your browser cache before testing these rules.
I just installed the Origin CA certificate in CentOS 7.3 with the help of this link
Then I redirected all the http requests to https and www to non-www with the following .htaccess commands
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
here are the following issues,
1) When I set RewriteCond %{HTTPS} off it gives Too Many Redirects error
2) When I access the site with follwing URL http://website.com, It doesn't redirect to https
3) but, http://www.website.com works fine (with WWW)
Not sure if I'm doing anything wrong in the SSL configuration, any help would be appreciated.
You can replace both http->https and www->non-www redirect rules with this single rule:
RewriteEngine On
# remove www and turn on https rule
RewriteCond %{HTTP_HOST} ^www\. [NC,OR]
RewriteCond %{HTTP:X-Forwarded-SSL} =off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L,NE]
I'm attempting to setup an SSL redirect in Apache using RewriteEngine that will do the following:
Redirect traffic to either http://mydomain.com or http://www.mydomain.com to use HTTPS
Redirect traffic to any other subdomain https://*.mydomain.com to use HTTP instead of HTTPS
My reasoning for this is that I'm developing a project that's using a free SSL certificate until launch. This certificate covers the base domain, but none of the wildcard subdomains, and it's a pain to need to bypass the warning every time I visit one of the subdomains.
Edit:
I believe I'm close here, but I still can't get the HTTPS to HTTP redirect to work properly.
RewriteEngine on
# Redirect domain and www to HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} =mydomain.com [or]
RewriteCond %{HTTP_HOST} =www.mydomain.com
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Redirect wildcard subdomains to HTTP
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^(.+)\.mydomain\.com$ [NC]
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Figured it out. By moving these rules from the sites-available/default file to an .htaccess inside of the website root, I was able to get this working properly.
RewriteEngine on
# Redirect domain and www to HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} =mydomain.com [or]
RewriteCond %{HTTP_HOST} =www.mydomain.com
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Redirect wildcard subdomains to HTTP
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^(.+)\.mydomain\.com$ [NC]
RewriteCond %{HTTP_HOST} !=www.mydomain.com
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I'm having trouble coming up with the proper syntax to accomplish both forcing the SSL and no WWW.
EDIT
I've been able to accomplish each task separately but when combining the two i find myself stuck in a redirection loop.
working syntax to force no WWW:
RewriteCond %{HTTP_HOST} !^domain\.com$
RewriteRule (.*) http://domain.com/$1 [R=301,L]
My attempt to force no WWW and SSL
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP_HOST} !^domain\.com$
RewriteRule (.*) https://domain.com/$1 [R=301,L]
Thanks for any suggestions!
For SSL you could use something like:
Redirect / https://domain.com/
Place this only in the section of your virtual host you configure for HTTP, not HTTPS, to not run clients into endless loops.
Here's what I'm using on one of my sites - it seems to work a little better than most of the other methods I've seen:
# The code below tells apache to always require secure (ssl/tls) connections
# to the website. If a client tries connecting over port 80 (http://),
# then the client will be redirected to https:// (over port 443).
RewriteCond %{REMOTE_ADDR} !127\.0\.0\.0
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
For the no-www rule, check out the .htaccess files on any open-source CMS, like Drupal or Wordpress, to see some of the best practices.
By 'no WWW' I assume you mean you want to remove any 'WWW.' prefix of the hostname? Try this:
RewriteCond "%{HTTP_HOST}" "^(?:www\.)?(.*)" [NC]
RewriteCond "%{HTTPS}" "=on"
RewriteRule "(.*)" "https://%1$1" [R=301,L]
If you're doing this in a .htaccess file, change that last line to
RewriteRule "(.*)" "https://%1/$1" [R=301,L]
If you want to be able to remove the 'WWW.' prefix regardless of SSL-ness or not, try this:
RewriteCond "%{HTTP_HOST}" "^(?:www\.)?(.*)" [NC]
RewriteCond "%{HTTPS}" "=on"
RewriteRule "(.*)" "https://%1/$1" [R=301,L]
RewriteCond "%{HTTP_HOST}" "^(?:www\.)?(.*)" [NC]
RewriteRule "(.*)" "http://%1/$1" [R=301,L]
I found this to work for a couple of my client sites:
# Force SSL
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule (.*) https://%1%{REQUEST_URI} [L,R=301]
# Rewrite all http to https
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}