I've trawled many forums and tried many solutions. None work correctly. I am using ISAPI Rewrite 3 for IIS.
I need to change all requests to our website to WWW and HTTPS.
For example:
https://example.com/a-page-here/
http://example.com/a-page-here/
http://www.example.com/a-page-here/
www.example.com/a-page-here/
example.com/a-page-here/
to all change to:
https://www.example.com/a-page-here/
I've used http://htaccess.madewithlove.be, which may be buggy because I'm getting seemingly incorrect results for so-called working solutions. I don't want to be testing umpteen things on the live site.
This supposedly correct example (one of many) I found gives incorrect results:
RewriteEngine on
RewriteBase /
RewriteCond %{SERVER_PORT} !443
# Extract non-www portion of HTTP_HOST
RewriteCond %{HTTP_HOST} ^(www\.)?(.*) [NC]
# Redirect to HTTPS with www
RewriteRule (.*) https://www.%2/$1 [R=301]
Example tests:
example.com/a-page-here/ = https://www./example.com/a-page-here
www.example.com/a-page-here/ = https://www./www.example.com/a-page-here/
Can anyone give me a set of rules that will cleanly and reliably turn any non www request to our website to the correct https://www version, and not add invalid slashes etc?
Try this one:
RewriteEngine On
# non-www to www
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule (.*) https\://www.example.com/$1 [R=301]
# HTTP to HTTPS
RewriteCond %{HTTPS} off [NC]
RewriteRule (.*) https\://www.example.com/$1 [R=301]
Related
First of all, I know there are lots of answers on this, but I don't actually find one that works. This is what I have in the .htaccess file right now, and I want to mention that it worked previously, but it does not anymore.
Redirect 301 /unt-de-cacao-de-plaja/filtre/producator/crisnatur/ /ingrijire-corporala/unt-cacao/unt-de-cacao-pentru-plaja-100g
Options +FollowSymlinks
# Prevent Directoy listing
Options -Indexes
# Prevent Direct Access to files
<FilesMatch "(?i)((\.tpl|\.ini|\.log|(?<!robots)\.txt))">
Require all denied
## For apache 2.2 and older, replace "Require all denied" with these two lines :
# Order deny,allow
# Deny from all
</FilesMatch>
# SEO URL Settings
RewriteEngine On
# If your opencart installation does not run on the main web folder make sure you folder it does run in ie. / becomes /shop/
RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=extension/feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=extension/feed/google_base [L]
RewriteRule ^system/download/(.*) index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
# FORCE HTTPS AND NON WWW
RewriteEngine on
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
As a mention, I will have a lot of Redirect 301 from old pages to the new ones since the entire structure has been changed.
And the links that I am redirecting inside my website come with "www" like:
https://www.example.com/unt-de-cacao-de-plaja/filtre/producator/crisnatur/
and needs to be redirected to:
https://example.com/ingrijire-corporala/unt-cacao/unt-de-cacao-pentru-plaja-100g
Redirect to https and non-www
To instead redirect all requests to https and non-www, use the following code instead of the previous:
Canonical HTTPS/non-WWW
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule (.*) https://example.com/$1 [L,R=301]
</IfModule>
As before, place this code in the root .htaccess of your site. Here is what it's doing:
Checks if mod_rewrite is available
Checks if HTTPS is off, or if the request includes www
If either condition matches, the request qualifies and is redirected
to the https/non-www address
OR
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
A few issues, in order of importance:
You have your canonical HTTP to HTTPS and www to non-www redirects at the end of the file. By placing it at the end of the file, after your front-controller, it's simply never going to be processed for most requests. This needs to be near the start of the .htaccess file, before your front-controller.
You should avoid mixing redirects from both mod_alias (Redirect) and mod_rewrite (RewriteRule) in the same scope. Different modules execute at different times throughout the request, despite their apparent order in the config file. Since mod_rewrite is required for other redirects, you should convert the mod_alias Redirect directives to use RewriteRule instead.
For example:
RewriteRule ^unt-de-cacao-de-plaja/filtre/producator/crisnatur/$ /ingrijire-corporala/unt-cacao/unt-de-cacao-pentru-plaja-100g [R=301,L]
You should include the canonical scheme and hostname in your URL redirects in order to avoid multiple redirects when requesting an "old" URL at a non-canonical scheme ot hostname.
For example:
RewriteRule ^unt-de-cacao-de-plaja/filtre/producator/crisnatur/$ https://example.com/ingrijire-corporala/unt-cacao/unt-de-cacao-pentru-plaja-100g [R=301,L]
Depending on what you mean exactly by "a lot of Redirect 301" - you should not be doing this at all in .htaccess and instead redirecting in your server-side script, once you have determined that the request will 404. This is to prioritise normal site visiters and not your redirects (that get executed on every single request).
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
Since you stated that these directives worked previously then I assume the use of the HTTPS environment variable is OK on your system. But note that, whilst this is relatively common, it's non-standard. (It implies the server is using some kind of SSL front-end/proxy.)
Note that the order of these rules will result in a double redirect when requesting http://www.example.com/<anything> (HTTP + www). Which is necessary if you are implementing HSTS, but otherwise, you should reverse these two rules to avoid this unnecessary double redirect.
I know it has been asked many times here, but can't find the right configuration for my setup.
Requirements:
http://www.example.com & https://www.example.com (& example.com) have to redirect to https://test.example.com . (Notice it is a subdomain)
https://sub_1.example.com is to be EXCLUDED and not redirected. (Notice the subdomain has an 'underscore')
What I Have:
RewriteEngine On
RewriteBase /
# EXCLUDE following sub-domains.
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^sub_1\.example\.com$ [NC]
RewriteCond %{HTTP_HOST} !^test\.example\.com$ [NC]
# REDIRECT to
RewriteRule (.*) https://test.example.com/$1 [R=301,L]
>> ISSUE:
My https://sub_1.example.com is in fact an API that feeds a mobile app. When I use the above code, the mobile fails. So it seems that the sub-domain is not properly excluded and protected from the re-direct.
Would appreciate some help in cleaning it up.
FIXED !!
Needed to add an exception before the existing rules, since I needed to exclude https://sub_1.example.com/api
RewriteCond %{HTTP_HOST} ^sub_1\.example\.com [NC]
RewriteRule ^api - [L]
A website I'm working on needs to be redirected from http to https, we installed a certificate, and from www. to non-www. Since I'm not a star in .htaccess I looked up the right code on the internet and I found this:
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ http://website.nl [L,NE,R=301]
RewriteCond %{HTTPS} off
RewriteRule ^ https://website.nl [L,NE,R=301]
also tried
RewriteCond %{HTTP_HOST} ^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://website.nl%{REQUEST_URI} [R=301,L,NE]
It should work, the www. to non-www https works, the second statement gives me an error when I create an error, but doesn't give me the result I want. I ran it through an online tester which says it should be fine this way. I've been looking for other versions of it, I used looking at the port, added the ssl check, nothing seems to work. What am I doing wrong?
To forward traffic from HTTP to HTTPS use:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?website\.com
RewriteRule ^(.*)$ https://www.website.com/$1 [R,L]
We check to see if the request is accessing port 80 and then checks the domain to forward. If the domain is of x then we forward it to https://x/. The domain check also has a conditional grouping under the domain prefix to include the www. if it exists, this is done by using the ? regex expression. So both domain requests will result in the same protocol.
https://www.regular-expressions.info/conditional.html
I know this has been asked and answered several times and I have gone through a lot of them but still have not solved my issue.
I have the following code in my .htaccess file.
RewriteEngine On
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
I want to redirect all of the following:
http://www.example.com
http://example.com
https://example.com
to redirect to https://www.example.com.
Currently it comes up to an error page stating too many redirects, I have tried clearing cookies to no avail.
What am I doing wrong and how can I make it work?
Try the following:
RewriteEngine On
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)
RewriteRule ^ https://www.%1%{REQUEST_URI} [R,L]
This canonicalises both the HTTPS and www subdomain in a single rewrite. Basically, this says... For all requests that are not HTTPS OR where the hostname does not start www then redirect to https://www.example.com/<whatever>.
The %1 backreference holds the hostname, less the optional www subdomain, from the preceding CondPattern that is always matched.
You need to use the server variable HTTPS (ie. %{HTTPS}), not the environment variable HTTPS (ie. %{ENV:HTTPS}).
I have a problem with my .htaccess and https redirection.
First of all, I have consulted these links to find a solution but none could help me.
List of links :
.htaccess redirect http to https
ModRewrite with HTTPS
https://www.ndchost.com/wiki/apache/redirect-http-to-https
htaccess redirect to https://www
https://serverfault.com/questions/116206/how-do-i-use-htaccess-to-always-redirect-from-http-to-https
When I load the page with http, the .htaccess redirect me to https but when I load the page with https, I have an infinite loop.
Here is my .htaccess code :
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTP_HOST} ^(api|www|dev|stefano|sav)\.
RewriteCond %{REQUEST_URI} !^/(api|www|dev|stefano|sav)/
RewriteCond %{DOCUMENT_ROOT}/%1 -d
RewriteRule ^(.*)$ %1/$1 [L]
Is anybody can help me create a redirect condition (http to https) ?
You are leaving off the Rewrite Flags You need to tell it force the redirection with R flag and optional provide status code which is recommended 301, 302 etc.
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
By the way, every example you linked to shows the answer using the R flag, not sure why you didn't use exact examples :)
Solution if behind devices like load balancer.
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I have been fighting with this same problem for hours. It seems that I needed the solution for systems behind a load balancer. Perhaps this is because I am using Cloudflare with my site.
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
After adding the above lines to my .htaccess file, I deleted the cache on Cloudflare and the site loads as it should.