I've created a SSL certificate with letsencrypt for the domain example.com and www.example.com and uploaded that to my hosting package. The certificate seems to work just fine, if I open https://www.example.com the site is marked as secure.
Now I want to basically force the usage of https and www together via the .htaccess file.
example.com --> https://www.example.com
www.example.com --> https://www.example.com
https://example.com --> https://www.example.com
http://www.example.com --> https://www.example.com
So far I've tried a couple of different rewrite rules here from SO, but none seemed to work for https without www. It always said ERR_CONNECTION_REFUSED when opening https://example.com.
I double checked the certificate with https://www.sslshopper.com/certificate-decoder.html and it lists the right addresses (example.com and www.example.com). My hosting package says that the www subdomain is pre-configured and can't be changed.
Hope someone can explain me what I need to do or what's wrong.
I would also like to know if that what I want to do is fine or if I'm doing something bad here.
You can use this single rule as your first rule to enforce https and www:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L,NE]
# --- remaining rules go below this ---
Related
I have this Drupal project which inherited several domains, so I have:
www.domain1.com
www.domain1.co.uk
www.domain2.com
www.domain3.com
and I want to redirect all these domain to www.newdomain.com and also want to redirect all requests to https to http as well as redirect all the domains above without www to www.newdomain.com and have tried a few things but it didn't work.
Here's what I've tried:
RewriteCond %{HTTP_HOST} !^www\.newdomain\.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/?(.*) http://www.newdomain.com/$1 [L,R,NE]
But with the above, all old domains (domain1.com, domain2.com, etc) gets redirected to www.newdomain.com, however when I hit https://domain1.com for example (it happens with all domains above using http), it shows a blank page. When I hit https://www.domain1.com it shows a warning from using a self signed certificate - meaning it doesn't redirect to http.
I've read on a page somewhere that I should delete these lines from htaccess:
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
But when I did, even the basic redirect that happens now (for instance, from www.domain1.com to www.newdomain.com stops working.
What am I missing here?
Thanks in advance
If https protocol always shows blank page, maybe there is distinct folder for it on your FTP ("httpsdocs" or something like that).
Also you should check your hosting provider's help page for more information about the https protocol and SSL certificate configurations.
I have searched the site and thought I may have found code I could use for my issue, but it did not work.
I want to redirect my primary domain http to https (also including any form of url typed www. without www., http://www, http://, and even just the domain name without www or http before it), while Also not effecting my other domain that is sharing the same hosting within my primary directory (as the SSL I have only used for primary domain, but not used on other domains).
At current, I had code to make the redirect for my primary to https, but it would then make my other domain on same hosting account, also redirect to https.
Then I found code to not effect the other domain and not to redirect to https, but then it effected my primary domain to NOT redirect to https either, it would only redirect to https if with www. or http but would not redirect without the www.
This has been very frustrating because I am VERY new to attempting this type of code, so I don't have a clue what I am doing and could surely use the help. My Godaddy hosting would not help but give link to basic redirect code which does not help for other domains sharing hosting, nor did it work for typing domain without www etc. I hope this made sense.
Thank you in advance.
EDITED possible FIX:
Ok, my code might look a bit wonky and I'm sure it may need cleaning up and possible repetitive stuff removed, but this is what I just patched together from other code offerings I've found on this site, along with others I've found elsewhere and I think it might be working. I'm sure there is a cleaner way to format this, but at current it seems to be working.
# redirect http to https Domain
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} www.yoursite.com [OR,NC]
RewriteCond %{HTTP_HOST} yoursite.com
RewriteRule (.*) https://yoursite.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^www.yoursite.com [NC]
RewriteRule ^(.*)$ http://yoursite.com/$1 [L,R=301]
# redirect to http subdomain
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^((?!www).+\.yoursite\.com)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
I've got a site (example.com) and a blog (externalblog.com) which is hosted externally and reverse-proxied using ISAPI rewrite. So if you go to www.example.com/blog you're actually on externalblog.com, but the URL is masked.
I've got this working with a number of sites, but the issue is when the parent site uses HTTPS, whereas the blog is only HTTP. When visitors attempt to follow old links, the blog posts will show normally under the https version of the url, but the stylesheets are all broken and a "no certificate" warning is shown.
I need an htaccess rule that will do 2 things:
Forward anyone attempting to access an https version of a blog post only (ie anything within www.example.com/blog) to the http version instead.
Forward anyone attempting to visit example.com/blog (without the www) to http://www.example.com/blog instead of the https version, which it currently does.
However I've like the rules to only affect www.example.com/blog and nothing else on example.com. My current rule for ISAPI rewrite on example.com is as follows:
RewriteRule ^blog(.+)$ http://www.externalblog.com$1 [R=301,L]
This works correctly and is based on an article online called "using reverse proxying to pull a wordpress blog into your domain" – I can't add any more links here due to not having enough reputation.
Any help would be much appreciated.
EDIT: I tried the following
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} ^[A-Z]+\s/blog [NC]
RewriteRule ^blog(.+)$ http://www.externalblog.com$1 [R=301,L]
This works as far as rewriting https to http – but reverse proxy URL masking no longer kicks in.
Your explanation is rather unclear, so sorry if my answer will be unrelated. I suppose you are trying to force everything under www.example.com/blog to be HTTPS, instead of HTTP? Then try this rule:
RewriteEngine On
# HTTP to HTTPS redirect rule
RewriteCond %{HTTPS} off [NC]
RewriteCond %{HTTP:Host} ^www\.example\.com$ [NC]
RewriteRule ^(blog/.*)$ https://www.example.com/$1 [NC, R=301, L]
# No www. to www. redirect rule
RewriteCond %{HTTP:Host} ^example\.com$ [NC]
RewriteRule ^(blog/.*)$ https://www.example.com/$1 [NC, R=301, L]
# Your proxy rule goes here, I suppose it looks like:
RewriteRule ^blog(/.*)$ http://www.externalblog.com$1 [NC, P]
I have a WordPress site which works fine if I access it through the full name of the domain, example www.example.com. However if I try to access it without typing the www e.g example.com, I get the following error:
Origin http://example.com is not allowed by Access-Control-Allow-Origin.
The only solution I can think of is to append / rewrite any request to example.com to www.example.com. How can I achieve this with .htaccess?
Add this above any wordpress rules in your htaccess file:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www\.%{HTTP_HOST}/$1 [L,R=301]
For those who encountered this with WordPress. I got it fixed by installing this plugin https://github.com/jacopotarantino/WordPress-Cross-Domain-Plugin and add the site into "Allowed Domains".
I have looked around and I can't seem to find a definitive solution for this. We are having a small problem with a few or our visitors that are typing in our domain as such:
https://www.example.com - This is giving a security warning "There is a problem with this website's security certificate."
We have an SSL set up for example.com
So if someone types in http://www.example.com or www.example.com this gets redirected to https://example.com which works fine.
This is what I have currently have in my .htaccess file:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteCond %{SERVER_PORT} !^443$ [OR]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.*) [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,NC,L]
edit:
Most SSL certificates are issued for a specific hostname, e.g. www.example.com or just example.com (and there can be wildcard certificates for *.example.com too) so this might be the case.
Maybe making the www. subdomain an optional match in the last RewriteCond might help to get the user to the domain stated in the certificate:
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*) [NC]
I think the problem is not with the rewrite/redirect rules but simply with the way http servers handle ssl connection. Before even server has a chance to look into rewrite/redirect rules the SSL handshake take place and if we have a cert for example.com and we enter URL www.example.com connection will abort due to invalid certificate. Check for yourself, set up redirect condition to point URL www.example.com to example.com on SSL secured domain. At first you'll get invalid cert error, but when you add an exception to your browser you'll notice that it works.
Try this
RewriteCond %{HTTP_HOST} ^[a-z0-9-]+\.[a-z]+$
RewriteRule !"" https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NC]
instead of
RewriteCond %{HTTP_HOST} ^www\.(.*) [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,NC,L]
What you are trying to do is impossible. If a user accesses www.domain.cc over SSL, then you will get a certificate error if you do not have a valid SSL certificate - even if all you want to do is redirect them to the correct site.
You will either need a new certificate for www.domain.cc, or convince your registrar to give you a wildcard certificate for *.domain.cc, or one with multiple subjectAltName properties. See http://www.crsr.net/Notes/Apache-HTTPS-virtual-host.html
Or ask for SNA http://en.wikipedia.org/wiki/Server_Name_Indication
Firstly, you will need an SSL certificate that covers both www.xxxx.yyy and xxxx.yyy.
Your provider may cover both if you get the cert for www.xxxx.yyy, but only the xxxx.yyy if you get it for that. Read their conditions carefully.
I had read so many suggestions as to how to redirect, with all manner of ad-hoc opinions, with varying results, and mostly without any formal explanation.
Of course, that means going to the Apache .htaccess reference and working from first principles was in order.
Just to reiterate, the main requirement is to redirect all http(s) requests to https://xxxx.yyy.
As always, turn the rewrite engine on:
RewriteEngine On
For http, that is:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://xxx.yyy/$1 [L,R]
However, doing the same for https (port = 443), will force a loop, which bombs out with an error. We have to restrict the process to only working for the https and www. We do this by providing two RewriteCond statements in a row, which are treated as an implicit AND:
RewriteCond %{SERVER_PORT} 443
RewriteCond %{HTTP_HOST} ^www[.].+$
RewriteRule ^(.*)$ https://xxxx.yyy/$1 [L,R]
At the end of the RewriteRule, the [L,R] tells the rewrite engine to:
L = stop at that rule. That is, if a rule is executed because its conditions (RewriteCond) were satisfied, stop when done, else go to the next conditions/rule set.
R = issue a HTTP redirect (default code = 302) to the browser, so user or automatic action can be taken to update bookmarks, so they always use the https://xxxx.yyy in future.