I have a SSL certificate that is registered to my www domain, but all my urls point to my domain without www.
i tried this sentence:
RewriteRule ^[https://mydomain.org](.*)$ https://www.mydomain.org$1 [R=301,nc]
but for some unknown reason, it also redirects all the calls made to http://mydomain.org as well. i realy cant think of a reason for this
Try this rule:
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^ https://www.example.com%{REQUEST_URI} [R=301,L]
But the invalid certificate message won’t go away since the SSL connection is accomplished before HTTP is taking part (since HTTPS is HTTP over SSL/TSL).
Someone should correct me if i'm wrong but i don't think the RewriteRule directive has access to the protocol part of the requested uri. Try this instead:
RewriteCond %{HTTP_HOST} ^https://domain\.com$ [NC]
RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L]
How about detecting the server port?
RewriteEngine On
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ https://www.domain.com/$1 [L,R]
so litterally, if you are connecting to https (since you are using port 443) the url will have WWW.
Related
I'm having trouble coming up with the proper syntax to accomplish both forcing the SSL and no WWW.
EDIT
I've been able to accomplish each task separately but when combining the two i find myself stuck in a redirection loop.
working syntax to force no WWW:
RewriteCond %{HTTP_HOST} !^domain\.com$
RewriteRule (.*) http://domain.com/$1 [R=301,L]
My attempt to force no WWW and SSL
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP_HOST} !^domain\.com$
RewriteRule (.*) https://domain.com/$1 [R=301,L]
Thanks for any suggestions!
For SSL you could use something like:
Redirect / https://domain.com/
Place this only in the section of your virtual host you configure for HTTP, not HTTPS, to not run clients into endless loops.
Here's what I'm using on one of my sites - it seems to work a little better than most of the other methods I've seen:
# The code below tells apache to always require secure (ssl/tls) connections
# to the website. If a client tries connecting over port 80 (http://),
# then the client will be redirected to https:// (over port 443).
RewriteCond %{REMOTE_ADDR} !127\.0\.0\.0
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
For the no-www rule, check out the .htaccess files on any open-source CMS, like Drupal or Wordpress, to see some of the best practices.
By 'no WWW' I assume you mean you want to remove any 'WWW.' prefix of the hostname? Try this:
RewriteCond "%{HTTP_HOST}" "^(?:www\.)?(.*)" [NC]
RewriteCond "%{HTTPS}" "=on"
RewriteRule "(.*)" "https://%1$1" [R=301,L]
If you're doing this in a .htaccess file, change that last line to
RewriteRule "(.*)" "https://%1/$1" [R=301,L]
If you want to be able to remove the 'WWW.' prefix regardless of SSL-ness or not, try this:
RewriteCond "%{HTTP_HOST}" "^(?:www\.)?(.*)" [NC]
RewriteCond "%{HTTPS}" "=on"
RewriteRule "(.*)" "https://%1/$1" [R=301,L]
RewriteCond "%{HTTP_HOST}" "^(?:www\.)?(.*)" [NC]
RewriteRule "(.*)" "http://%1/$1" [R=301,L]
I found this to work for a couple of my client sites:
# Force SSL
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule (.*) https://%1%{REQUEST_URI} [L,R=301]
# Rewrite all http to https
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
I have an account with a webhost that uses Apache servers. The webhost's file structure uses subfolders for secondary domains of the primary account domain.
What do I need to add to this .htaccess file to redirect if someone types https:mysubdomain in the browser URL. I want to redirect from https to http, ie. http:mysubdomain.
RewriteEngine on
# Use PHP5.4 as default
AddHandler application/x-httpd-php54 .php
RewriteCond %{HTTP_HOST} ^myseconddomain\.myprimarydomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.myseconddomain\.myprimarydomain\.com$
RewriteRule ^/?$ "http\:\/\/mysedonddomain\.com" [R=301,L]
Edit Update:
Thank you for suggestions. The approach of modifying the .htaccess file for the subdomain in the subfolder didn't work, even after clearing browser cache. What about modifying the .htaccess for the maindomain. I tried this but it didn't work either. Maybe my syntax?
RewriteEngine on
RewriteCond %{HTTP_HOST} ^https:\/\/myseconddomain.com$
RewriteRule ^www.myseonddomain.com/ [R=301,L]
I have spoken at length with the webhost, Hostmonster, and all they could tell me was that the SSL certificate was working "correctly" - even thought it is associating with unrelated domain names that are not supposed to have any certificate. I guess that is what User82217 was saying, there is no other way than to purchase a wildcard SSL?
Edit Update: I tried putting this in the .htaccess of the maindomain and the seconddomain and nothing works to redirect from https to http when the user types https:// in front of mysecondubdomain.com in the URL
RewriteEngine on
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^https
RewriteRule ^.*$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Anybody got any more ideas? Thank you.
To force HTTPs to HTTP then you can use the following in your .htaccess file:
#Force HTTP on everything
RewriteCond %{HTTPS} =on
RewriteRule ^.*$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
You didn't specifiy if you wanted to remove www or not, but on the assumption that you do, you can also remove that by including the following rule:
RewriteCond %{HTTP_HOST} ^www\. [OR]
Therefore checking if www is in the URL or not, so altogether using:
RewriteCond %{HTTP_HOST} ^www\. [OR]
RewriteCond %{HTTPS} =on
RewriteRule ^.*$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Make sure you clear your cache before testing this.
I've tried with multiple conditions to redirect all my https pages to http as my SSL certificate has expired. As it is taking time to reflect the changes, I want to redirect all those requests made by https to be called over http.
Tried with these rules:
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} ^on$
RewriteRule ^(.*)$ http://my_site.com/$1 [NC,L,R]
RewriteCond %{HTTP:X-Forwarded-Proto} =https
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Nothing seems to be working. Is there a better way to handle this?
It's solved by placing the rules at the end of the file instead of placing them at the starting of the file
I am working on a site that only owns an SSL cert for domain.com. I am trying to remove the www. and redirect to domain.com. This I have working fine.
I also want to force HTTPS on all pages, this works fine if www. is not typed.
There error occurs when https://www.domain.com us the URL.
I can see it rewrite to https://domain.com but I get a cert error that I have to accept or reject.
Is there a way around this without buying another certificate?
Here are two of the many combinations of rules I have tried (many of them were from other SO answers).
1.
RewriteCond %{HTTP_HOST} ^(www\.)(.+) [OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)
RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]
2.
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
RewriteCond %{SERVER_PORT} !^443
RewriteRule ^ https://domain.com%{REQUEST_URI} [R=301,L]
I don't think there's a way around this. The cert error is coming from the SSL (TLS) connection, which happens before any HTTP requests are made.
If the user went to http://www.domain.com/ or just http://domain.com/ you could redirect to https://domain.com/ just fine.
If the user went to https://www.domain.com/, they would get a cert error before receiving a redirect.
I think your options are:
Point www.domain.com to a server that has HTTPS disabled. Users would get a connection error when hitting https://www.domain.com/, which may be preferrable to a cert error
Buy a cert for www.domain.com or *.domain.com
Here is the rewrite rule I am using:
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{HTTP_HOST} !^(www.)secure.\ [NC]
RewriteRule (.*) https://secure.%{HTTP_HOST}%{REQUEST_URI} [R,L]
This rule is supposed to be applied if the port is 443 (SSL port) and if the requested domain does not start with secure or www.secure .
Instead, it redirects to secure.secure and then returns a 404 error. Alternatively, if I remove the secure from rewrite rule creating
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{HTTP_HOST} !^(www.)secure.\ [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
I get a too many redirects error.
I admit, I am not a mod_rewrite expert, but I consider myself able to function with referring to the documentation. On this however, I am stumped. Thanks!
The grouping (www.) is not conditional. This should be something like (www.)?.
http://httpd.apache.org/docs/current/rewrite/intro.html for more extensive documentation.