I'm having a problem with the ssl when I write www.example.com in the address bar. The browser show this error: Your connection is not secure.
When I write example.com everything is ok.
I want to do a redirect through htaccess, this is my file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This works without www but not with www.
Solution: finally it was a problem of SSL provider. After hour and a half on the phone they told me that all I had to do was add an alternate name (SAN) to the certificate including www.example.com
EDIT: I can't down vote my own answer (pity) but Panama Jack is correct, your SSL cert apparently does not cover www and non-www domains, if it did, the following might be helpful.
I've always done that like this...
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
However if your site uses full URLS for things like images, js or css files..
<img scr="http://www.example.com/pic.gif" >
You will see the same warnings. Best to use relative links, like
<img scr="./pic.gif" >
or, if you must, use full URLs with https
<img scr="https://www.example.com/pic.gig" >
Related
I have this Drupal project which inherited several domains, so I have:
www.domain1.com
www.domain1.co.uk
www.domain2.com
www.domain3.com
and I want to redirect all these domain to www.newdomain.com and also want to redirect all requests to https to http as well as redirect all the domains above without www to www.newdomain.com and have tried a few things but it didn't work.
Here's what I've tried:
RewriteCond %{HTTP_HOST} !^www\.newdomain\.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/?(.*) http://www.newdomain.com/$1 [L,R,NE]
But with the above, all old domains (domain1.com, domain2.com, etc) gets redirected to www.newdomain.com, however when I hit https://domain1.com for example (it happens with all domains above using http), it shows a blank page. When I hit https://www.domain1.com it shows a warning from using a self signed certificate - meaning it doesn't redirect to http.
I've read on a page somewhere that I should delete these lines from htaccess:
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
But when I did, even the basic redirect that happens now (for instance, from www.domain1.com to www.newdomain.com stops working.
What am I missing here?
Thanks in advance
If https protocol always shows blank page, maybe there is distinct folder for it on your FTP ("httpsdocs" or something like that).
Also you should check your hosting provider's help page for more information about the https protocol and SSL certificate configurations.
For reasons of SEO, I would like to redirect all but one of the pages of my website from https to http. Currently, if you visit the https:// version you are presented with my website and the aforementioned prefix is in the address bar. If you visit the http:// version the https:// prefix is absent. Apparently, as a result, Google treats my site as if it were two identical sites. Not good for SEO.
St.Woland's answer here was very helpful in redirecting almost all the pages of my website from https to http. In fact, it worked like a dream until I tried visiting the one page that needed to have the secure connection.
Before trying his fix, were you to visit the secure basket page the whole page was marked as secure. However, with the recommended .htaccess fix in place, all images and css were flagged as insecure and Chrome refused to load them; the page looked a mess.
It seemed like an article on Best Host Ratings had the solution: add further .htaccess files to the images and css folders and all would be well.
Sadly, this then meant that those pages without the https:// prefix did not load the css or the images.
Please see below the code I put in. Firstly, the .htaccess to redirect all but the basket page from https to http:
RewriteEngine On
RewriteBase /
# Turn SSL on for basket
RewriteCond %{HTTPS} off
RewriteCond %{SCRIPT_FILENAME} \/basket\.php [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
# Turn SSL off everything but basket
RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !\/basket\.php [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
Secondly, the .htaccess I placed in the images directory:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} images
RewriteRule ^(.*)$ https://www.domain.com/images/$1 [R,L]
An obvious solution to this situation might be to just redirect the whole site across to the https version. But, placed at the base of all pages except the basket page is script from Google AdWords that places relevant ads across the internet after users have visited my site. This script is flagged as insecure.
Any help with this issue would be most appreciated.
With kind regards,
Mark
I have looked around and I can't seem to find a definitive solution for this. We are having a small problem with a few or our visitors that are typing in our domain as such:
https://www.example.com - This is giving a security warning "There is a problem with this website's security certificate."
We have an SSL set up for example.com
So if someone types in http://www.example.com or www.example.com this gets redirected to https://example.com which works fine.
This is what I have currently have in my .htaccess file:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteCond %{SERVER_PORT} !^443$ [OR]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.*) [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,NC,L]
edit:
Most SSL certificates are issued for a specific hostname, e.g. www.example.com or just example.com (and there can be wildcard certificates for *.example.com too) so this might be the case.
Maybe making the www. subdomain an optional match in the last RewriteCond might help to get the user to the domain stated in the certificate:
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*) [NC]
I think the problem is not with the rewrite/redirect rules but simply with the way http servers handle ssl connection. Before even server has a chance to look into rewrite/redirect rules the SSL handshake take place and if we have a cert for example.com and we enter URL www.example.com connection will abort due to invalid certificate. Check for yourself, set up redirect condition to point URL www.example.com to example.com on SSL secured domain. At first you'll get invalid cert error, but when you add an exception to your browser you'll notice that it works.
Try this
RewriteCond %{HTTP_HOST} ^[a-z0-9-]+\.[a-z]+$
RewriteRule !"" https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NC]
instead of
RewriteCond %{HTTP_HOST} ^www\.(.*) [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,NC,L]
What you are trying to do is impossible. If a user accesses www.domain.cc over SSL, then you will get a certificate error if you do not have a valid SSL certificate - even if all you want to do is redirect them to the correct site.
You will either need a new certificate for www.domain.cc, or convince your registrar to give you a wildcard certificate for *.domain.cc, or one with multiple subjectAltName properties. See http://www.crsr.net/Notes/Apache-HTTPS-virtual-host.html
Or ask for SNA http://en.wikipedia.org/wiki/Server_Name_Indication
Firstly, you will need an SSL certificate that covers both www.xxxx.yyy and xxxx.yyy.
Your provider may cover both if you get the cert for www.xxxx.yyy, but only the xxxx.yyy if you get it for that. Read their conditions carefully.
I had read so many suggestions as to how to redirect, with all manner of ad-hoc opinions, with varying results, and mostly without any formal explanation.
Of course, that means going to the Apache .htaccess reference and working from first principles was in order.
Just to reiterate, the main requirement is to redirect all http(s) requests to https://xxxx.yyy.
As always, turn the rewrite engine on:
RewriteEngine On
For http, that is:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://xxx.yyy/$1 [L,R]
However, doing the same for https (port = 443), will force a loop, which bombs out with an error. We have to restrict the process to only working for the https and www. We do this by providing two RewriteCond statements in a row, which are treated as an implicit AND:
RewriteCond %{SERVER_PORT} 443
RewriteCond %{HTTP_HOST} ^www[.].+$
RewriteRule ^(.*)$ https://xxxx.yyy/$1 [L,R]
At the end of the RewriteRule, the [L,R] tells the rewrite engine to:
L = stop at that rule. That is, if a rule is executed because its conditions (RewriteCond) were satisfied, stop when done, else go to the next conditions/rule set.
R = issue a HTTP redirect (default code = 302) to the browser, so user or automatic action can be taken to update bookmarks, so they always use the https://xxxx.yyy in future.
During development, I used subdomain.domain.com and everything worked.
Moving to live, the files are under www, but I wanted to use domain.com, and that's making certain functionalities not work as follows.
I got a dedicated SSL certificate for domain.com, so I have this in my htaccess, and my SSL works fine:
# Redirect www.domain.com to domain.com
RewriteCond %{HTTP_HOST} ^www.domain.com [NC]
RewriteRule ^(.*)$ http://domain.com/$1 [L,R=301]
However for some reason that breaks some other functionality where a form gets reposted and I can't figure out why. But if I change htaccess to this:
# Redirect domain.com to www.domain.com
RewriteCond %{HTTP_HOST} ^domain.com [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]
then the broken functionality works, but the SSL doesn't.
Before I go invest in an SSL for www.domain.com, I wanted to check with the experts here to see if there is something simple I can do to my htaccess file to make both scenarios work.
Many thanks in advance!
A visible 301 redirect is losing its POST data. From RFC 2616:
If the 301 status code is received in
response to a request other than GET
or HEAD, the user agent MUST NOT
automatically redirect the request
unless it can be confirmed by the
user, since this might change the
conditions under which the request was
issued.
So, you have to fix the forms, not the .htaccess.
Is there a way to use .htaccess to redirect example.net to example.com, so that the URI example.net stays the same in the client's browser?
I found these examples from this link:
Options +FollowSymlinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} domain2.com
RewriteCond %{REQUEST_URI} !subdirectory/
RewriteRule ^(.*)$ subdirectory/$1 [L]
or
RewriteEngine On
Options +FollowSymlinks
RewriteBase /
RewriteCond %{HTTP_HOST} domain2.com
RewriteCond %{REQUEST_URI} !mychatfolder/
RewriteRule ^(.*)$ http://www.domain1.com/subfolder/$1 [L]
I haven't tested these out though.
If I'm understanding your question correctly, what you want is two sites which appear exactly the same, but neither one redirects to the other. You want the person who visits example.net to see the same stuff as is on example.com, but they should still see example.net in their browser address bar.
There are a few ways of doing this. The simplest, of course, is to simply upload the same content to both sites, but this might make updating tricky. Another is to set one domain as an alias of the other; exactly how to do this will depend on your server configuration. It would be simpler, and would perhaps be better for SEO purposes, to redirect one domain to the other.
RewriteEngine On
RewriteRule ^(.*)$ http://www.example.com/$1 [R=302,L]
# 302 is a temporary redirect. Use it for testing purposes. Once you're sure it works, change it to 301.
If you want the domain example.net to point to example.com then the best way isn't rewriting it, but to park that domain to example.com and the app. for that is basically titled as Parked Domains that's in Domains section if your control panel is cPanel or if your web hosting account features an app. that can park a domain.