How to force HTTPs just if the domain contains -facebook?
I mean for example force HTTPs if domain is demo-facebook.domainname.com
Rewrite rule is this
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [NC,L,R]
but I have problem with the RewriteCond
All rule conditions that I found are related to words inside the URL not in the domain.
You will need a RewriteCond using HTTP_HOST variable to compare a substring in domain name like this:
RewriteEngine On
RewriteCond %{HTTP_HOST} -facebook\.domainname\.com$ [NC]
RewriteCond %{HTTPS} !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
Related
I currently have two rewrite rules in my .htaccess file, and now need to add another. However, GTMetrix is already giving me an F rating here stating: Avoid landing page redirects
The first redirect adds the www. to the URL.
The second redirect adds a subdirectory to the URL.
The third (proposed) redirect adds the https to the beginning of the URL.
RewriteEngine on
#First rewrite any request to the wrong domain to use the correct one (here www.)
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#Then, rewrite to /catalog
RewriteCond %{REQUEST_URI} !^/catalog [NC]
RewriteRule ^(.*)$ /catalog/$1 [L]
#Now, rewrite to HTTPS:
#RewriteCond %{HTTPS} off
#RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Is there any way to combine these into a single redirect? Or, is the landing page redirect not all that bad?
Your 1st and 3rd redirect rules can be combined into one and should be kept before rewrite rule:
RewriteEngine On
# add www and turn on https in same rule
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L,NE]
#Then, rewrite to /catalog
RewriteCond %{REQUEST_URI} !^/catalog/ [NC]
RewriteRule ^(.*)$ /catalog/$1 [L]
Make sure to clear your browser cache before testing this change.
I have been searching for the perfect 301 redirect. But I am finding so many solutions and do not know what’s best.
Here is what I want to do
http://domain.tld/ → https://domain.tld/
http://www.domain.tld/ → https://domain.tld/
https://www.domain.tld/ → https://domain.tld/
Best practice .htacess?
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
</IfModule>
This is my preferred code. At least unil now.
Alternative ways
I also found a lot of other ways to redirect from HTTP to HTTPS. For example:
1.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Missing one step? And no [R=301,L] here?
2.
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Is a different order generally better?
Should I use
RewriteRule ^(.*)$
instead of
RewriteRule (.*)
?
3.
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} example\.com$ [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L,NE]
Does using the full domain name have any performance advantages? Do I really need NE? ([R=301,L,NE] vs. [L,R=301])
So, my question to all experts: What's the best (performing) way to redirect both from HTTP to HTTPS and from to HTTPS:// ?
To start with your favorite solution:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
</IfModule>
In the part handling non-https URLs you are redirecting to %{HTTP_HOST}. Then, in case your host name started with "www", a second redirect has to take place to send you from https://www.domain.tld to https://domain.tld which is supposed to be your final destination.
You can shorten this by using
RewriteRule ^(.*)$ https://domain.tld/%{REQUEST_URI} [L,R=301]
directly in the first rule. The second rule would then only apply to clients, who try to access https://www.domain.tld.
Alternative 1. does not work for the same reason (missing the case that HTTP_HOST could be www.domain.tld) and additionally because of the missing [L,R=301]. This is necessary because you do not just rewrite an URL here, like you could do in other types of rewrite rules. You are requesting the client to change the type of it's request - this is why you are sending him a HTTP code of 301.
Concerning the match part of the RewriteRule itself, you should be consistent: if you want to capture parts of the URI you will use a regular expression with parentheses. As you are in fact using it as a whole here it is fine to just use one of the alternatives for "anything", like ^ and use %{REQUEST_URI} later. If you use some capturing (i.e. (some_regex) you should reference it in the target by using $1 (or whatever you are going to reference) here.
In your 3rd alternative, again www + https is missing.
You can check if https is off or if the domain name contains a leading "www" in one rule, however rewrite conditions are implicitly connected with "and".
So it should read:
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://domain.tld%{REQUEST_URI} [R=301,L,NE]
The NE is necessary for passing on things like GET-parameters and the like on to the new URI unchanged, see:
http://httpd.apache.org/docs/2.4/rewrite/flags.html
So, condensing, this becomes;
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L,NE]
Let me know if you see any bugs
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Nothing to change just copy and paste.
I have a multiple addon domains on my hosting account. I would like to redirect non-https to https for the main domain AND ONLY ONE of the addon domains.
The problem I am experiencing is www.firstaddondomain.com is not redirecting to https://www.firstaddondomain.com. Instead it does not appear to be redirecting at all. It stays at www.firstaddondomain.com.
Note: I do not want to redirect all http to https. I have another addon domain that I do not want redirected to https.
Here is what my .htaccess file looks like:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?maindomain\.com$ [NC]
RewriteRule ^$ https://www.maindomain.com/$1 [R,L]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?firstaddondomain\.com$ [NC]
RewriteRule ^$ https://www.firstaddondomain.com/$1 [R,L]
UPDATE:
Thanks for your answer, anubhava. My first addon domain is actually a .org domain, so my updated .htaccess file is slightly different from your answer.
Here is my updated .htaccess file
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?firstaddondomain\.org$ [NC]
RewriteRule ^ https://www.firstaddondomain.org%{REQUEST_URI} [R=302,L,NE]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?maindomain\.com$ [NC]
RewriteRule ^ https://www.maindomain.com%{REQUEST_URI} [R=302,L,NE]
Your regex isn't capturing $1
Both rules can be combined into one
You can use:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(maindomain|firstaddondomain)\.com$ [NC]
RewriteRule ^ https://www.%1.com%{REQUEST_URI} [R=302,L,NE]
Make sure this rule is your very first rule and placed in DocumentRoot/.htaccess of both domains.
May vary depending on your hosting conditions, however in Godaddy shared hosting environments & withOUT a Wildcard SSL, ie- a single domain SSL cert., This is the only config that managed to exclude an add-on domain from a force HTTPS redirect:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?ADDON_DOMAIN\.com$ [NC]
RewriteRule .* - [L]# This is essential in order to ensure no further conditions are applied after navigating to the add-on domain #
RewriteCond %{HTTPS} off# Now that you've defined your exclusion AND made certain its logic is independent from all other URI Requests, Must re-establish this condition once more #
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I extracted the following code from a question here at stackoverflow (Enforce www and trailing slash with mod_rewrite htaccess on a multi-domain site) and directly from apache.org.
The scenario consists of three requirements:
ensure, that the production domain starts always with www.
don't append www. to beta.domain.tld, dev.domain.tld, mobile.domain.tld
finally ensure, that every url gets rewritten to https.
I came up with the following conditions:
# Enforce www, if no subdomain is given
RewriteCond %{HTTP_HOST} !^(beta|dev|mobile|www)\.
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI}/ [R]
# Enfore SSL for all Domains
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
The mentioned rules works as expected, although one single case doesn't work:
https://domain.tld/ is not correctly redirected to https://www.domain.tld/
Can someone help me with this one?
Try replacing your 2 code with this one:
RewriteCond %{HTTP_HOST} !^(?:beta|dev|mobile|www)\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
RewriteCond %{HTTPS} =off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
I'm trying to write rules in my .htaccess file to default to HTTPS:// with my www.mainsite.com in my Wordpress MU network. For all other subdomains, is it possible to add a wildcard *.mainsite.com rule to treat newly created sites as HTTP only?
Here is my current .htaccess file.
RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteCond %{HTTP_HOST} ^mainsite\.com
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
Alternatively, is it just as easy to declare specific subdomains to be treated as HTTPS and/or HTTP?
Thanks for the help.
To force SSL on only mainsite.com and www.mainsite.com
RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteCond %{HTTP_HOST} ^(www\.)?mainsite\.com
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
To add a new subdomain to your "force SSL" list
RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteCond %{HTTP_HOST} ^((www|subdomain)\.)?mainsite\.com
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
All other sub domains would use http by default.