I want to redirect my entire site, including all subdomains to https.
Will this work?
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
While your code may work alright but I would recommend using %{HTTP_HOST} instead of %{SERVER_NAME}. Please understand the difference between 2 variables. %{SERVER_NAME} is the name of the server as configured in your Apache config but later one is the domain name received in real time in HTTP request. So instead of your code use this:
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} Off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
In order to exclude above rule for a particular sub-domain use something like this code:
RewriteCond %{HTTP_HOST} !^sub\.domain\.com$ [NC]
RewriteCond %{HTTPS} Off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Yes, that will work.
The important thing is to make sure that rule is before any routing rules you may have and that no other rules redirect to http://.
Related
I try to solve folling problem with .htaccess.
I use it to rewrite everything to "https://" and put "www" in front of every url.
Now I want to use a SSL-certificate. To validate it, I put a html-file in a certain folder. I do not want this to be redirected to "www.". How can I create an exception only for this one file?
Thank you very much for helping me with this maybe kind of stupid question.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
You did not provide an example of URL that should not be redirected to https. But here is an example. This is a simplified version of your .htaccess file.
I have combined the https and www redirect in one directive.
Assume your domain name is example.com.
There is a negative condition (note the exclamation mark). If the request URI does not begin with index.html then the rule fails and is not enforced.
So http://example.com/index.html will not be converted to https, but there is one important caveat: in this case the www. will not be added either. I understand this what you want, then we can have a simplified set or rules.
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{REQUEST_URI} !^/index.html
RewriteRule (.*) https://www.example.com/$1 [L,R=301]
Looking to redirect an entire domain to its https://example.com version for any variants that are requested (http://, https://www., and www.) in the most SEO friendly way possible.
(I am aware that there are a lot of similar Q/A's, but they seem to be specific so I decided to start with a clean post).
I am currently using this:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
But I have been told that the redirect is not 301, and it also does not redirect the https://www. version.
Is there a simple way to do this all in one go?
Thank you in advance!
Take care
You can use a single rule in your site root .htaccess for this:
RewriteEngine On
# remove www and turn on https in same rule
RewriteCond %{HTTP_HOST} ^www\. [NC,OR]
RewriteCond %{HTTPS} !on
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L,NE]
Use a new browser to test the change.
I've just gotten an SSL cerificate and have redirected my site to display https:// rather than http:// using HTaccess:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://www.example.co.uk/%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Before I used to link to my index like this:
Home
And you would be taken to http://www.example.co.uk.
Now with the SSL I've changed it to this:
Home
And it is taking me to https://www.example.co.uk/www.example.co.uk/.
Any idea why this is?
Your http -> https rules should be this:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Make sure to clear your browser cache or use a new browser for testing.
This is what you need
<IfModule mod_rewrite.c>
RewriteEngine On
# Redirect HTTP to HTTPS automatically (only if not in localhost)
RewriteCond %{HTTP_HOST} !=localhost
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
I have this in my .htaccess file:
RewriteCond %{HTTP_HOST} ^example.com$
RewriteRule (.*) http://www.example.com$1 [R=301,L]
but whenever I access a file on my root like http://example.com/robots.txt it will redirect to http://www.example.comrobots.txt/.
How can I correct this so that it will redirect correctly to http://www.example.com/robots.txt?
Change your configuration to this (add a slash):
RewriteCond %{HTTP_HOST} ^example.com$ [NC]
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
Or the solution outlined below (proposed by #absiddiqueLive) will work for any domain:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
If you need to support http and https and preserve the protocol choice try the following:
RewriteRule ^login\$ https://www.%{HTTP_HOST}/login [R=301,L]
Where you replace login with checkout.php or whatever URL you need to support HTTPS on.
I'd argue this is a bad idea though. For the reasoning please read this answer.
Here's the correct solution which supports https and http:
# Redirect to www
RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
UPD.: for domains like .co.uk, replace
RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
with
RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+\.[^.]+$
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
For Https
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^(.*)$ http%1://www.%{HTTP_HOST}/$1 [R=301,L]
The following example works on both ssl and non-ssl and is much faster as you use just one rule to manage http and https
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.
RewriteCond %{HTTPS}s on(s)|offs()
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [NE,L,R]
[Tested]
This will redirect
http
http://example.com
to
http://www.example.com
https
https://example.com
to
https://www.example.com
Try this, I used it in many websites, it works perfectly
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^bewebdeveloper.com$
RewriteRule ^(.*) http://www.bewebdeveloper.com/$1 [QSA,L,R=301]
I have tested all the above solutions but not working for me, i have tried to remove the http:// and won't redirect also removed the www it redirect well, so i get confused, specially i am running all my sites under https://
So i have combined some codes together and came up with perfect solution for both http:// and https:// and www and non-www.
# HTTPS forced
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
# Redirect to www
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
Hope this can help someone :)
Add the following code in .htaccess file.
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
URLs redirect tutorial can be found from here - Redirect non-www to www & HTTP to HTTPS using .htaccess file
This configuration worked for me in bitnami wordpress with SSL configured :
Added the below under "RewriteEngine On" in file /opt/bitnami/apps/wordpress/conf/httpd-app.conf
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteBase /
RewriteCond %{HTTPS} !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.domain\.com [NC]
RewriteRule (.*) http://www.domain.com/$1 [L,R=301]
This will redirect your domain which is not started with WWW
It is not redirect your all sub domain.
It is useful.
I believe the top answer successfully redirects non-www to www (ex: mysite.com -> www.mysite.com), but doesn't take into account wildcard subdomains, which results in:
random.mysite.com -> www.random.mysite.com
Here's a solution with/without HTTPS
HTTP
RewriteEngine On
RewriteCond %{HTTP_HOST} !www.mysite.com$ [NC]
RewriteRule ^(.*)$ http%{ENV:protossl}://www.mysite.com/$1 [L,R=301]
HTTP/HTTPS
RewriteEngine On
RewriteCond %{HTTPS} =on
RewriteRule ^(.*)$ - [env=protocol:https]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ - [env=protocol:http]
RewriteCond %{HTTP_HOST} !www.mysite.com$ [NC]
RewriteRule ^(.*)$ %{ENV:protocol}://www.mysite.com/$1 [L,R=301]
*note: I haven't tested https because I don't currently have a cert to test, but if someone can verify or optimize what I have that would be awesome.
Two warnings
Avoid 301 and prefer modern 303 or 307 response status codes.
Avoid 301
Think carefully if you really need the permanent redirect indicated as [R=301] because if you decide to change it later, then the previous visitors of the page will continue to see the page of the original redirection.
The permanent redirection information is frequently stored in the browser's cache and, in general, it is difficult to eliminate (reload the page do not solve the problem). Your website visitors will be stuck in the previous redirect "forever".
Avoid 302 too
The new version of the HTTP protocol (v1.1) added two new response status codes that can be used instead of 302.
303 URL redirection but demanding to change the type of request to
GET.
307 URL Redirection but demanding to keep the type of request as initially sent.
You can still use the code 302 (non-permanent redirection) although it is considered ambiguous. In any case, most browsers implement 302 in the same way the new 303 code instructs.
If possible, add this to the main Apache configuration file. It is a lighter-weight solution, less processing required.
<VirtualHost 64.65.66.67>
ServerName example.com
Redirect permanent / http://www.example.com/
</VirtualHost>
<VirtualHost 64.65.66.67>
ServerAdmin me#example.com
ServerName www.example.com
DocumentRoot /var/www/example
.
.
. etc
So, the separate VirtualHost for "example.com" captures those requests and then permanently redirects them to your main VirtualHost. So there's no REGEX parsing with every request, and your client browsers will cache the redirect so they'll never (or rarely) request the "wrong" url again, saving you on server load.
Note, the trailing slash in Redirect permanent / http://www.example.com/.
Without it, a redirect from example.com/asdf would redirect to http://www.example.comasdf instead of http://www.example.com/asdf.
Write in .htaccess :)
## Redirect from non-www to www (remove the two lines below to enable)
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
I have the following htaccess code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond !{HTTPS} off
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
I want my site to be redirected to https://www. with HTTPS, and enforcing the www. subdomain,
but when I access http://www. (without HTTPS), it does not redirect me to https://www with HTTPS.
To first force HTTPS, you must check the correct environment variable %{HTTPS} off, but your rule above then prepends the www. Since you have a second rule to enforce www., don't use it in the first rule.
RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
About proxying
When behind some forms of proxying, whereby the client is connecting via HTTPS to a proxy, load balancer, Passenger application, etc., the %{HTTPS} variable may never be on and cause a rewrite loop. This is because your application is actually receiving plain HTTP traffic even though the client and the proxy/load balancer are using HTTPS. In these cases, check the X-Forwarded-Proto header instead of the %{HTTPS} variable. This answer shows the appropriate process
Michals answer worked for me, albeit with one small modification:
Problem:
when you have a single site security certificate, a browser that tries to access your page without https:// www. (or whichever domain your certificate covers) will display an ugly red warning screen before it even gets to receive the redirect to the safe and correct https page.
Solution
First use the redirect to the www (or whichever domain is covered by your certificate) and only then do the https redirect. This will ensure that your users are not confronted with any error because your browser sees a certificate that doesn't cover the current url.
#First rewrite any request to the wrong domain to use the correct one (here www.)
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#Now, rewrite to HTTPS:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
If you are using CloudFlare or a similar CDN you will get an infinite loop error with the %{HTTPS} solutions provided here. If you're a CloudFlare user you'll need to use this:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
BAD SOLUTION AND WHY!
Don't ever use the solution below because when you are using their code that is something like:
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.example.com%{REQUEST_URI} [L,R=301]
The browser goes to:
http://example.com
Then redirects to:
https://example.com
Then redirects to:
https://www.example.com
This is too much request to the server.
Most of the answers even accepted one has this problem.
BEST SOLUTION AND THE ANSWER
This code has an [OR] condition to prevent dual changes at url!
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.example.com%{REQUEST_URI} [R=301,L]
This is the best way I found for Proxy and not proxy users
RewriteEngine On
### START WWW & HTTPS
# ensure www.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
### END WWW & HTTPS
There are a lot of solutions out there. Here is a link to the apache wiki which deals with this issue directly.
http://wiki.apache.org/httpd/RewriteHTTPToHTTPS
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e. http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context
To redirect http:// or https:// to https://www you can use the following rule on all versions of apache :
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,L,R]
Apache 2.4
RewriteEngine on
RewriteCond %{REQUEST_SCHEME} http [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,L,R]
Note that The %{REQUEST_SCHEME} variable is available for use since apache 2.4 .
If you are on CloudFlare, make sure you use something like this.
# BEGIN SSL Redirect
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
# END SSL Redirect
This will save you from the redirect loop and will redirect your site to SSL safely.
P.S. It is a good idea to if check the mod_rewrite.c!
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
Notes: Make sure you have done the following steps
sudo a2enmod rewrite
sudo service apache2 restart
Add Following in your vhost file, located at /etc/apache2/sites-available/000-default.conf
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
Now your .htaccess will
work and your site will redirect to http:// to https://www
Similar to Amir Forsati's solution htaccess redirect to https://www but for variable domain name, I suggest:
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%2%{REQUEST_URI} [R=301,L]
Set in your .htaccess file
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I used the below code from this website, it works great https://www.freecodecamp.org/news/how-to-redirect-http-to-https-using-htaccess/
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
Hope it helps
I try first answer and it doesnt work...
This work:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress