A web account has different domains connected but only domain1.com is reachable with https. So I'd like to send all domains to https://www.domain1.com.
My idea was to have a rule which checks for port 443 first.
If not used it leads to https://www.domain1.com.
But if https is already used and domain name is different, then rewrite to https://www.domain1.com, too.
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule .* https://www.domain1.com [L]
RewriteCond %{HTTP_HOST} !^www\.domain1\.com$ [NC]
RewriteRule .* https://www.domain1.com [R=301,L]
First Rule (443) works, but the other does not. If one of the additional domains is called with https://, then browser shows message about unsafe domain, as SSL certificate is for wrong domain.
What's wrong?
Related
In the context of Wordpress Multisite installation I need to enforce https connection for the main domain (let's call it https://site.lt) while at the same time enforcing insecure connection for subdomains (http://en.site.lt, http://ru.site.lt). I need to do that on the shared hosting, by configuring .htaccess file. The problem is, the hosting provider installs Let's Encrypt sertificate only for the domain and for the configured subdomains, but without wildcard support, but Wordpress Multisite uses virtual subdomains (no en/ or ru/ directories to correspond to the subdomain name). So I need to use the ssl where I can but avoid insecure connection warnings on the subdomains.
Here is what I have now ("MY CODE HERE" marks where I am deviating from WP defaults):
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
## MY CODE HERE:
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^ru.site.lt$ [NC,OR]
RewriteCond %{HTTP_HOST} ^en.site.lt$ [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} =off
RewriteCond %{HTTP_HOST} !^en.site.lt$ [NC]
RewriteCond %{HTTP_HOST} !^ru.site.lt$ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
## END MY CODE
# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
It does enforce https on the main domain, but it works in only limited way for the subdomains. If I try to open https://en.site.lt, first of all I get a warning screen that the connection is not safe, and only once I accept the unsafe connection (make an exception) does the rewrite rule kick in and I get redirected to http site... Which is quite pointless by the time the user has accepted the unsafe connection.
For an SSL/TSL certificate to cover both domain and subdomains, it must be a Wildcard certificate. A Wildcard certificate is a digital certificate that is applied to a domain and all its subdomains.
*...A conventional SSL certificate works on a single domain, for example
domain.com. A wildcard certificate for .domain.com will also
protect mail.domain.com, vpn.domain.com, payment.domain.com, etc...
Learn more about Wildcards certificates # https://en.wikipedia.org/wiki/Wildcard_certificate.
Source # https://searchsecurity.techtarget.com/definition/wildcard-certificate
...It does enforce https on the main domain, but it works in only limited way for the subdomains...
Upon subscribing to a certificate, the certificate is delivered for any currently living domain and subdomains. If your subdomains were create AFTER you subscribed to a certificate, you need to ask for a new one. Usually the process is free and can be done from your hosting provider website.
Most of the time you don't need to even touch your .htaccess regarding SSL/TSL certificate.
The only thing you want to ensure is that any http request is redirected to the https one: RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Getting my wildcard SSL certificate to run was already a challenge but it turns out that redirecting the http traffic to https is even more difficult.
I need to redirect http://example.com, http://www.example.com, www.example.com to https://example.com.
Additionally, http://subdomain1.example.com should redirect to https://subdomain1.example.com (I have a list of 7 subdomains).
My current .htaccess doesn't do the trick:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
I'm also confused as to whether I need to leave port 80 open to enable the redirect.
I would be immensely grateful for any help.
I have recently set up a site "saskatoonwashworld.com" with SSL. I have two issues that I need to resolve...
1) Route all http requests to https (I was able to do this easy enough with code found online)
2) I also have a subdomain "portal.saskatoonwashworld.com" which I want redirected to "https://secure3.washcard.com/AP?CID=65e53149-59e9-4d67-a746-e475aa4bc7be" which is hosted by another site. I want the requests to go here whether or not the user types in http://portal.###, https://portal.###, or just the url without the http(s).
I cannot figure out how to do it as I don't know how to properly code the conditions and rewrites.
I was originally using this code found online for the http to https redirect...but if I'm understanding it correctly, it is using a wildcard to catch "www." and so would ignore/override my "portal." subdomain anyways. But I could be wrong.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://saskatoonwashworld.com/$1 [R=301,L]
Try this rewrites in .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?portal\.saskatoonwashworld\.com [NC]
RewriteRule (.*) https://secure3.washcard.com/AP?CID=65e53149-59e9-4d67-a746-e475aa4bc7be [R=301,L]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://saskatoonwashworld.com/$1 [L,R=301]
I've used different codes provided here on other questions' solutions and on the internet. I'm really not savvy with htaccess. Bought and confirmed working SSL Certificate, but I'm new to applying these redirects.
Goal:
I need to rewrite http to https on the following directories.
http://mydomain.com/products-page/checkout
http://mydomain.com/products-page/your-account
http://mydomain.com/wp-login
I'm on shared hosting via Dreamhost. I have a dedicated IP, if that helps.
Initial code I was using recommended to me by a Dreamhost representative:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} wp-login
RewriteRule ^(.*)$ https://mydomain.com/wp-login/$1 [R,L]
Try these rules in the htaccess file in your document root.
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} ^(/wp-login|/products-page/checkout|/products-page/your-account)
RewriteRule ^(.*)$ https://mydomain.com/$1 [R,L]
The first condition checks if the request isn't HTTPS, the second checks if the request starts with either /wp-login, /products-page/checkout, or /products-page/your-account, and if both apply, then the rewrite simply takes the entire URI and redirects to https://.
I am using .htaccess to redirect all requests (except to subdomains) from HTTP to HTTPS. This code works for me just fine:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !=m.example.com
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
However, it does not prevent the user from manually attempting to access the subdomain using the HTTPS (The SSL that I have does not cover subdomains and shows trust error when used for sub-domains).
Now, I am wondering:
1-How can I redirect all HTTPS requests to subdomain back to HTTP?
2-How can I modify this code to dynamically apply the subdomain restrictions to other subdomains (not only m.example.com)
1) If the certificate doesn't include m.example.com, you can never send the redirect, since the browser will refuse to make a connection. So there is no way of doing this.
2) So all you want the htaccess to do is redirect the naked domain to https. To do this use:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^example.com$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
I case the certificate also includes www.example.com use
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}