Issue with linking directly to my URL (https://) - .htaccess

I've just gotten an SSL cerificate and have redirected my site to display https:// rather than http:// using HTaccess:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://www.example.co.uk/%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Before I used to link to my index like this:
Home
And you would be taken to http://www.example.co.uk.
Now with the SSL I've changed it to this:
Home
And it is taking me to https://www.example.co.uk/www.example.co.uk/.
Any idea why this is?

Your http -> https rules should be this:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Make sure to clear your browser cache or use a new browser for testing.

This is what you need
<IfModule mod_rewrite.c>
RewriteEngine On
# Redirect HTTP to HTTPS automatically (only if not in localhost)
RewriteCond %{HTTP_HOST} !=localhost
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

Related

https and www not working properly

As I tried so many things to redirect www to non-www of subdomain via htaccess but not going well
I want to like this
https://test.example.com
but while I write like this
https://www.test.example.com
then the webpage gives me error like this
"Your connection is not private"
i tried this code in htaccess but not working properly
RewriteCond %{HTTP_HOST} ^www\.([^.]+\.example\.com)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
this code only redirects if i didnot mention https in www.test.example.com
To redirect everything to htpps I use the following. It is at the top of the .htaccess.
I have added your two lines for redirecting from www to the domain after the forwarding to https, and changed the HOST_HTTP to HOST_HTTPS.
Please note I haven't tried it.
Perhaps you can remove this if it doesn't apply: RewriteRule ^index\.php$ - [L]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://test.example.com/$1 [R,L]
RewriteCond %{HTTPS_HOST} ^www\.([^.]+\.example\.com)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
RewriteRule ^index\.php$ - [L]
</IfModule>

redirect permenant https://site.org.in to https://www.site.org.in on apache [duplicate]

I have this in my .htaccess file:
RewriteCond %{HTTP_HOST} ^example.com$
RewriteRule (.*) http://www.example.com$1 [R=301,L]
but whenever I access a file on my root like http://example.com/robots.txt it will redirect to http://www.example.comrobots.txt/.
How can I correct this so that it will redirect correctly to http://www.example.com/robots.txt?
Change your configuration to this (add a slash):
RewriteCond %{HTTP_HOST} ^example.com$ [NC]
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
Or the solution outlined below (proposed by #absiddiqueLive) will work for any domain:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
If you need to support http and https and preserve the protocol choice try the following:
RewriteRule ^login\$ https://www.%{HTTP_HOST}/login [R=301,L]
Where you replace login with checkout.php or whatever URL you need to support HTTPS on.
I'd argue this is a bad idea though. For the reasoning please read this answer.
Here's the correct solution which supports https and http:
# Redirect to www
RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
UPD.: for domains like .co.uk, replace
RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
with
RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+\.[^.]+$
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
For Https
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^(.*)$ http%1://www.%{HTTP_HOST}/$1 [R=301,L]
The following example works on both ssl and non-ssl and is much faster as you use just one rule to manage http and https
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.
RewriteCond %{HTTPS}s on(s)|offs()
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [NE,L,R]
[Tested]
This will redirect
http
http://example.com
to
http://www.example.com
https
https://example.com
to
https://www.example.com
Try this, I used it in many websites, it works perfectly
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^bewebdeveloper.com$
RewriteRule ^(.*) http://www.bewebdeveloper.com/$1 [QSA,L,R=301]
I have tested all the above solutions but not working for me, i have tried to remove the http:// and won't redirect also removed the www it redirect well, so i get confused, specially i am running all my sites under https://
So i have combined some codes together and came up with perfect solution for both http:// and https:// and www and non-www.
# HTTPS forced
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
# Redirect to www
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
Hope this can help someone :)
Add the following code in .htaccess file.
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
URLs redirect tutorial can be found from here - Redirect non-www to www & HTTP to HTTPS using .htaccess file
This configuration worked for me in bitnami wordpress with SSL configured :
Added the below under "RewriteEngine On" in file /opt/bitnami/apps/wordpress/conf/httpd-app.conf
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteBase /
RewriteCond %{HTTPS} !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.domain\.com [NC]
RewriteRule (.*) http://www.domain.com/$1 [L,R=301]
This will redirect your domain which is not started with WWW
It is not redirect your all sub domain.
It is useful.
I believe the top answer successfully redirects non-www to www (ex: mysite.com -> www.mysite.com), but doesn't take into account wildcard subdomains, which results in:
random.mysite.com -> www.random.mysite.com
Here's a solution with/without HTTPS
HTTP
RewriteEngine On
RewriteCond %{HTTP_HOST} !www.mysite.com$ [NC]
RewriteRule ^(.*)$ http%{ENV:protossl}://www.mysite.com/$1 [L,R=301]
HTTP/HTTPS
RewriteEngine On
RewriteCond %{HTTPS} =on
RewriteRule ^(.*)$ - [env=protocol:https]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ - [env=protocol:http]
RewriteCond %{HTTP_HOST} !www.mysite.com$ [NC]
RewriteRule ^(.*)$ %{ENV:protocol}://www.mysite.com/$1 [L,R=301]
*note: I haven't tested https because I don't currently have a cert to test, but if someone can verify or optimize what I have that would be awesome.
Two warnings
Avoid 301 and prefer modern 303 or 307 response status codes.
Avoid 301
Think carefully if you really need the permanent redirect indicated as [R=301] because if you decide to change it later, then the previous visitors of the page will continue to see the page of the original redirection.
The permanent redirection information is frequently stored in the browser's cache and, in general, it is difficult to eliminate (reload the page do not solve the problem). Your website visitors will be stuck in the previous redirect "forever".
Avoid 302 too
The new version of the HTTP protocol (v1.1) added two new response status codes that can be used instead of 302.
303 URL redirection but demanding to change the type of request to
GET.
307 URL Redirection but demanding to keep the type of request as initially sent.
You can still use the code 302 (non-permanent redirection) although it is considered ambiguous. In any case, most browsers implement 302 in the same way the new 303 code instructs.
If possible, add this to the main Apache configuration file. It is a lighter-weight solution, less processing required.
<VirtualHost 64.65.66.67>
ServerName example.com
Redirect permanent / http://www.example.com/
</VirtualHost>
<VirtualHost 64.65.66.67>
ServerAdmin me#example.com
ServerName www.example.com
DocumentRoot /var/www/example
.
.
. etc
So, the separate VirtualHost for "example.com" captures those requests and then permanently redirects them to your main VirtualHost. So there's no REGEX parsing with every request, and your client browsers will cache the redirect so they'll never (or rarely) request the "wrong" url again, saving you on server load.
Note, the trailing slash in Redirect permanent / http://www.example.com/.
Without it, a redirect from example.com/asdf would redirect to http://www.example.comasdf instead of http://www.example.com/asdf.
Write in .htaccess :)
## Redirect from non-www to www (remove the two lines below to enable)
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

How to resolve the conflict between www and https redirect on .htaccess? [duplicate]

I have the following htaccess code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond !{HTTPS} off
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
I want my site to be redirected to https://www. with HTTPS, and enforcing the www. subdomain,
but when I access http://www. (without HTTPS), it does not redirect me to https://www with HTTPS.
To first force HTTPS, you must check the correct environment variable %{HTTPS} off, but your rule above then prepends the www. Since you have a second rule to enforce www., don't use it in the first rule.
RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
About proxying
When behind some forms of proxying, whereby the client is connecting via HTTPS to a proxy, load balancer, Passenger application, etc., the %{HTTPS} variable may never be on and cause a rewrite loop. This is because your application is actually receiving plain HTTP traffic even though the client and the proxy/load balancer are using HTTPS. In these cases, check the X-Forwarded-Proto header instead of the %{HTTPS} variable. This answer shows the appropriate process
Michals answer worked for me, albeit with one small modification:
Problem:
when you have a single site security certificate, a browser that tries to access your page without https:// www. (or whichever domain your certificate covers) will display an ugly red warning screen before it even gets to receive the redirect to the safe and correct https page.
Solution
First use the redirect to the www (or whichever domain is covered by your certificate) and only then do the https redirect. This will ensure that your users are not confronted with any error because your browser sees a certificate that doesn't cover the current url.
#First rewrite any request to the wrong domain to use the correct one (here www.)
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#Now, rewrite to HTTPS:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
If you are using CloudFlare or a similar CDN you will get an infinite loop error with the %{HTTPS} solutions provided here. If you're a CloudFlare user you'll need to use this:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
BAD SOLUTION AND WHY!
Don't ever use the solution below because when you are using their code that is something like:
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.example.com%{REQUEST_URI} [L,R=301]
The browser goes to:
http://example.com
Then redirects to:
https://example.com
Then redirects to:
https://www.example.com
This is too much request to the server.
Most of the answers even accepted one has this problem.
BEST SOLUTION AND THE ANSWER
This code has an [OR] condition to prevent dual changes at url!
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.example.com%{REQUEST_URI} [R=301,L]
This is the best way I found for Proxy and not proxy users
RewriteEngine On
### START WWW & HTTPS
# ensure www.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
### END WWW & HTTPS
There are a lot of solutions out there. Here is a link to the apache wiki which deals with this issue directly.
http://wiki.apache.org/httpd/RewriteHTTPToHTTPS
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e. http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context
To redirect http:// or https:// to https://www you can use the following rule on all versions of apache :
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,L,R]
Apache 2.4
RewriteEngine on
RewriteCond %{REQUEST_SCHEME} http [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,L,R]
Note that The %{REQUEST_SCHEME} variable is available for use since apache 2.4 .
If you are on CloudFlare, make sure you use something like this.
# BEGIN SSL Redirect
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
# END SSL Redirect
This will save you from the redirect loop and will redirect your site to SSL safely.
P.S. It is a good idea to if check the mod_rewrite.c!
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
Notes: Make sure you have done the following steps
sudo a2enmod rewrite
sudo service apache2 restart
Add Following in your vhost file, located at /etc/apache2/sites-available/000-default.conf
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
Now your .htaccess will
work and your site will redirect to http:// to https://www
Similar to Amir Forsati's solution htaccess redirect to https://www but for variable domain name, I suggest:
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%2%{REQUEST_URI} [R=301,L]
Set in your .htaccess file
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I used the below code from this website, it works great https://www.freecodecamp.org/news/how-to-redirect-http-to-https-using-htaccess/
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
Hope it helps
I try first answer and it doesnt work...
This work:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

https redirection not working for home directory

I'm currently trying to force https for may domain name. Its working for mydomain/wildcard but not for the home url that is mydomain/
I'm using this line for redirection in my .htaccess file:
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
You're almost there, use this in your .htaccess:
RewriteEngine On
#Force HTTPS on everything
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
That will force HTTPs on everything

Redirect rule for only home page from http to https

Can we make https for only home page i.e., for
example.com or http://example.com or www.example.com or http://www.example.com
remaining all pages should start with http.
I have tried like this but it isn't worked
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} "^/$"
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} ^(.*)$
RewriteRule ^(.*) http://%{HTTP_HOST}%{REQUEST_URI}
Not really tested but should do the magic
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/?$ https://%{HTTP_HOST}/ [R,L]
RewriteCond %{SERVER_PORT} ^443$
RewriteRule !^/?$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
You can also redirect like this in a .htaccess at root level:
DirectoryIndex index.html
Redirect 301 /index.html https://www.website.com/
This is not secure. Read OWASP a9 and set the HSTS flag to make your entire website HTTPS only.
HTTP is a mistake and if you are doing this for "performance" you are a fool. HTTPS is extremely light weight.

Resources