I'm trying to exclude one site from using SSL, but I can't seem to get the directive right. I want all my AddOn domains to use SSL except example.com. (because StartSSL is difficult to get along with)
# Enable https
RewriteCond %{HTTPS} off
#RewriteRule (.*) https://%{HTTP_HOST}:443%{REQUEST_URI}
RewriteRule !^example.com(/|$) https://%{HTTP_HOST}:443%{REQUEST_URI}
What you're trying to do will not work. The SSL handshake is initialized before any request data is sent to the server, therefore, you're going to get a certificate exception if someone goes to https://example.com no matter what you do.
If the certificate exception isn't your concern, then you need to match against the %{HTTP_HOST} variable:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^(www\.)?example\.com$ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
then if you need:
RewriteCond %{HTTPS} on
RewriteCond ^{HTTP_HOST} ^(www\.)?example\.com$ [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Related
I have a multiple addon domains on my hosting account. I would like to redirect non-https to https for the main domain AND ONLY ONE of the addon domains.
The problem I am experiencing is www.firstaddondomain.com is not redirecting to https://www.firstaddondomain.com. Instead it does not appear to be redirecting at all. It stays at www.firstaddondomain.com.
Note: I do not want to redirect all http to https. I have another addon domain that I do not want redirected to https.
Here is what my .htaccess file looks like:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?maindomain\.com$ [NC]
RewriteRule ^$ https://www.maindomain.com/$1 [R,L]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?firstaddondomain\.com$ [NC]
RewriteRule ^$ https://www.firstaddondomain.com/$1 [R,L]
UPDATE:
Thanks for your answer, anubhava. My first addon domain is actually a .org domain, so my updated .htaccess file is slightly different from your answer.
Here is my updated .htaccess file
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?firstaddondomain\.org$ [NC]
RewriteRule ^ https://www.firstaddondomain.org%{REQUEST_URI} [R=302,L,NE]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?maindomain\.com$ [NC]
RewriteRule ^ https://www.maindomain.com%{REQUEST_URI} [R=302,L,NE]
Your regex isn't capturing $1
Both rules can be combined into one
You can use:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(maindomain|firstaddondomain)\.com$ [NC]
RewriteRule ^ https://www.%1.com%{REQUEST_URI} [R=302,L,NE]
Make sure this rule is your very first rule and placed in DocumentRoot/.htaccess of both domains.
May vary depending on your hosting conditions, however in Godaddy shared hosting environments & withOUT a Wildcard SSL, ie- a single domain SSL cert., This is the only config that managed to exclude an add-on domain from a force HTTPS redirect:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?ADDON_DOMAIN\.com$ [NC]
RewriteRule .* - [L]# This is essential in order to ensure no further conditions are applied after navigating to the add-on domain #
RewriteCond %{HTTPS} off# Now that you've defined your exclusion AND made certain its logic is independent from all other URI Requests, Must re-establish this condition once more #
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I have spent countless hours trying to solve this problem and it's doing my head in. I'm sure that it is very simple but none of the answers I have found either on stackoverflow.com or other sites work for me.
I am using an SSL certificate that is only valid for www.example.com and for a myriad of silly corporate reasons I am stuck with only this certificate.
I would like to force all requests to use SSL and prepend www. to the domain. All of the following domains rewrite correctly:
example.com/
http://example.com/
http://www.example.com/
https://www.example.com/
The domain that is not rewritten and is the one problem I cannot find the answer to anywhere is
https://example.com
It simply spits out the usual "Certificate Is Not Valid" warning.
I have the following code in my .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
RewriteCond %{http_host} ^example.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
I really hope that somebody has a solution for me because I cannot find the answer anywhere.
This should work:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [L,R=302]
RewriteCond %{HTTPS} =off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=302,L]
It will check to see if it has www in the url, if it doesn't then it will add it. Then it will check and see if it is https and if it isn't then it will add it.
I’m trying to redirect an https://www.domain.ext to a plain https://domain.ext, but just can’t get it to work; this is where I’m right now:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^https\:\/\/www\.cadenanoticias\.mx$
RewriteRule ^/?$ "https\:\/\/cadenanoticias\.mx" [R=301,L]
Allso tried
RewriteEngine on
RewriteCond %{HTTP_HOST} *!^https\://www*.cadenanoticias\.mx [NC]
RewriteRule (.*) https://cadenanoticias.mx/$1 [L,R=301]
And not working see: https:www.cadenanoticias.mx
Any idea on why it’s not working?
UPDATE FIX
Got it to work as follows:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.cadenanoticias\.mx$ [NC]
RewriteRule ^(.*)$ https://cadenanoticias.mx/$1 [R=301,L]
RewriteCond %{HTTPS_HOST} ^www\.cadenanoticias\.mx$ [NC]
RewriteRule .? https://%1%{REQUEST_URI} [R=301,L]
Hope it helps someone else.
%{HTTP_HOST} does not match against protocol. Use
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.cadenanoticias\.mx$ [NC]
RewriteRule ^(.*)$ https://cadenanoticias.mx/$1 [R=301,L]
EDIT :
No, bypassing the SSL certificate validation is not possible. The SSL handshake precedes htaccess rules for security reasons. If this was possible, a hacker could hijack a SSL connection to an insecure one without really needing a valid certificate.
There's no solution for this other than buying a cheaper certificate just to do handshake and redirect.
I found many questions like this and tried almost all but failed. My most latest code is:
RewriteCond %{HTTPS} !^on$
RewriteCond %{REQUEST_URI} (/page_1|/page_2|/page_3|/page_3)$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
I want to redirect http to https only for those pages (page_1 - page_4)
Initially it seems to be work but once I reached to page_1 with https and click any other (let say page_my_http_1) link which should not be https it also redirect to https for that page (page_my_http_1).
I also tried:
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} (auth|register|secure)
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !(auth|register|secure)
RewriteRule ^(.*)$ http://%{SERVER_NAME}%{REQUEST_URI} [R=301]
or is there any way to show custom message to user if SSL certificate is not activated on their browser?
Actually many non-technical user gets shocked when the see default warning message shows by the browser.
I changed your example only slightly, but basically it just works
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/(?:auth|register|secure)$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/(?:auth|register|secure)$
RewriteRule .* http://%{SERVER_NAME}%{REQUEST_URI} [R]
I added the ^, $ and /, because otherwise a request like nosecure or authority would be redireted to HTTPS as well.
Never test with 301 enabled, see this answer Tips for debugging .htaccess rewrite rules for details.
Currently using the following to make sure my website always is using www. How would I modify this to be www and https?
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Tried this, but ended up with www.www.website if the user had no https but did already have a www
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Not sure how to combine the two
Make us of {SERVER_PORT} to see if the request is made via regular connection (80), then redirect to the https URL.
This should do it:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Here are some nice example, using different methods.