Login/Register
htaccess force https and redirect www to non-www, but no other subdomains
Asked Answered
Solved regexapache.htaccessmod-rewritehttps
L

7

24

I know there are many similar threads, but none of them seems to match my exact problem. Here is what I’m trying to do:

(1) http://www.mydomain.com/ -> https://mydomain.com/
(2) http://mydomain.com/     -> https://mydomain.com/
(3) https://www.mydomain.com -> https://mydomain.com/

Ideally, I would also like to cover the situation if I will ever add more subdomains, to automatically behave like the following (preferably in a generic way that will work for any subdomain I add).

(4) http://sub.mydomain.com/ -> https://sub.mydomain.com/

At this point I’m wondering if it is even possible to create a single .htaccess file that does everything I need, although I have to admit that I understand regexes, but I’m not exactly a mod_rewrite uberpro.

Here are the solutions that I already tried:

My SSL certificate covers the www-subdomain, so I’m not looking for a 'untrusted connection' error solution, I’m aware that isn’t possible.

Lardner answered 30/1, 2014 at 21:2 Comment(0)
O
16

Put this code in your DOCUMENT_ROOT/.htaccess file:

RewriteEngine On

# remove www and add https
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]

# add https
RewriteCond %{HTTPS} !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Onwards answered 30/1, 2014 at 21:15 Comment(12)
Although that seems to do the job of redirecting everything to mydomain.com, there seem to be too many redirections going on. In Detail, here’s what browsers tell me for (1) through (3), including the desired redirection target: Opera: 301 Moved Permanently. The document has moved here (link to mydomain.com, leads to same result) Chromium: This webpage has a redirect loop Firefox: The page isn't redirecting properly. […] in a way that will never complete. May that be caused by the redirect=301 in the rewrite rule?Lardner
Sorry, I’m still getting the same issues. I hope it’s not something else that I’m doing wrong and am not aware of (of course I wiped all cached data, cookies and whatnot from my browsers before testing again). Maybe I’ll go with just forcing https and leaving the www-subdomain as a remainder of internet history ... maybe it’s not that important after all. Nevertheless, thank you very much for your efforts in writing me a nice universal htaccess-file, I appreciate it.Lardner
Yep, I just tried a fresh new virtual machine with some new browsers, definitely without any history. Still getting the redirect loop :-(Lardner
Here are screenshots of the http headers as shown in firebug of how I try to access, in that order: http://www.edelextra.biz/, http://edelextra.biz/, https://www.edelextra.biz/ and https://edelextra.biz – there are always about 20 '301 Moved Permanently's until it stops trying. imgur.com/a/pbpcnLardner
Still no luck … well, the redirect loop is gone! But, so is the website :-) New screenshots! imgur.com/a/4G8kLLardner
It’s doing the looping again. imgur.com/a/XXDCk – But, please, I don’t want to be stealing your time here! As mentioned in my second comment, the www-subdomain is not my biggest problem right now, so if it’s impossible to do, just let it be ... maybe I’ll figure out how to do it someday when I have the time ;-)Lardner
Still a loop, but no more redirection of www, apparently. imgur.com/a/kot4X – stop it! :-)Lardner
Hm … seems to be more difficult than I expected. I have only static HTML files for testing in this new webspace, no CMS, CGI scripts or stuff using mod_rewrite that might interfere with the rules in this .htaccess. I opened a support ticket at my hoster now, told them what I’m trying to do and asked if they have any global configs that could be getting in my way. Let’s see what they say!Lardner
Turns out that %{HTTPS} is a feature of mod_ssl, which isn’t running on my hoster’s machines. Instead, they use pound as HTTPS-frontend, which offers the environment variable %{ENV:HTTPS}. So I added a line to check for that and left the old in to work on legacy setups as well. My finally-working .htaccess looks like this now: RewriteEngine On RewriteCond %{HTTPS} !=on RewriteCond %{ENV:HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE] RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]Lardner
Oh sorry, the linebreaks in my last post were omitted; but I think you get what I mean. Maybe you’ll like to include RewriteCond %{ENV:HTTPS} !=on in your otherwise perfectly working well-crafted code above, so I can mark this as answered! And thank you very much for your patience!Lardner
Hi, this doesn't seem to be redirecting http://domain.com -> https://domain.com. Is it like this for anyone else?Candie
@JackNicholson: Try commenting RewriteCond %{ENV:HTTPS} off line and retest. If it still doesn't work then please post a new question with more details.Onwards
N
29

I found most of the suggestions were not catching when you had something that was https://www.example.com and redirecting to https://example.com.

The following worked for all permutations:

RewriteEngine On

# match any URL with www and rewrite it to https without the www
RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]

# match urls that are non https (without the www)
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^(www\.)(.*) [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Hope this helps someone!

Nones answered 17/12, 2015 at 11:27 Comment(3)
Worked for me as an .htaccess file; but still didn't redirect https://www.example.com to https://example.com when used in a <Directory> block under a virtual host config file. Any idea how to adapt it for that case?Picket
Please disregard my last comment. My redirection logic was getting overwritten by another virtual host that letsencrypt (certbot) had generated; your rewrite rules worked for me when I added them to a <Directory> block under both my *:80 and *:443 virtual hosts.Picket
This solution handles rewriting https://www.example.com to https://example.com. I also had to include this in both *:80 and *:443 virtual host to get it working.Moonset
O
16

Put this code in your DOCUMENT_ROOT/.htaccess file:

RewriteEngine On

# remove www and add https
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]

# add https
RewriteCond %{HTTPS} !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Onwards answered 30/1, 2014 at 21:15 Comment(12)
Although that seems to do the job of redirecting everything to mydomain.com, there seem to be too many redirections going on. In Detail, here’s what browsers tell me for (1) through (3), including the desired redirection target: Opera: 301 Moved Permanently. The document has moved here (link to mydomain.com, leads to same result) Chromium: This webpage has a redirect loop Firefox: The page isn't redirecting properly. […] in a way that will never complete. May that be caused by the redirect=301 in the rewrite rule?Lardner
Sorry, I’m still getting the same issues. I hope it’s not something else that I’m doing wrong and am not aware of (of course I wiped all cached data, cookies and whatnot from my browsers before testing again). Maybe I’ll go with just forcing https and leaving the www-subdomain as a remainder of internet history ... maybe it’s not that important after all. Nevertheless, thank you very much for your efforts in writing me a nice universal htaccess-file, I appreciate it.Lardner
Yep, I just tried a fresh new virtual machine with some new browsers, definitely without any history. Still getting the redirect loop :-(Lardner
Here are screenshots of the http headers as shown in firebug of how I try to access, in that order: http://www.edelextra.biz/, http://edelextra.biz/, https://www.edelextra.biz/ and https://edelextra.biz – there are always about 20 '301 Moved Permanently's until it stops trying. imgur.com/a/pbpcnLardner
Still no luck … well, the redirect loop is gone! But, so is the website :-) New screenshots! imgur.com/a/4G8kLLardner
It’s doing the looping again. imgur.com/a/XXDCk – But, please, I don’t want to be stealing your time here! As mentioned in my second comment, the www-subdomain is not my biggest problem right now, so if it’s impossible to do, just let it be ... maybe I’ll figure out how to do it someday when I have the time ;-)Lardner
Still a loop, but no more redirection of www, apparently. imgur.com/a/kot4X – stop it! :-)Lardner
Hm … seems to be more difficult than I expected. I have only static HTML files for testing in this new webspace, no CMS, CGI scripts or stuff using mod_rewrite that might interfere with the rules in this .htaccess. I opened a support ticket at my hoster now, told them what I’m trying to do and asked if they have any global configs that could be getting in my way. Let’s see what they say!Lardner
Turns out that %{HTTPS} is a feature of mod_ssl, which isn’t running on my hoster’s machines. Instead, they use pound as HTTPS-frontend, which offers the environment variable %{ENV:HTTPS}. So I added a line to check for that and left the old in to work on legacy setups as well. My finally-working .htaccess looks like this now: RewriteEngine On RewriteCond %{HTTPS} !=on RewriteCond %{ENV:HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE] RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]Lardner
Oh sorry, the linebreaks in my last post were omitted; but I think you get what I mean. Maybe you’ll like to include RewriteCond %{ENV:HTTPS} !=on in your otherwise perfectly working well-crafted code above, so I can mark this as answered! And thank you very much for your patience!Lardner
Hi, this doesn't seem to be redirecting http://domain.com -> https://domain.com. Is it like this for anyone else?Candie
@JackNicholson: Try commenting RewriteCond %{ENV:HTTPS} off line and retest. If it still doesn't work then please post a new question with more details.Onwards
R
2

To Force using HTTPS

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

To Force www to non www

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.bewebdeveloper.com$
RewriteRule ^(.*) http://bewebdeveloper.com/$1  [QSA,L,R=301]
Ravi answered 20/10, 2014 at 20:39 Comment(0)
O
2
RewriteEngine on


RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.([^.]+\.[^.]+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]

This script will redirect

to

while preserving the subdomain.

Odelle answered 11/6, 2016 at 5:59 Comment(0)
A
2

I found the following answer would match to your requirement:

www to non-www with https but no other subdomains

RewriteEngine on

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Fulfill all of the three (3) conditions: 

(1) http://www.example.com/ -> https://example.com/
(2) http://example.com/     -> https://example.com/
(3) https://www.example.com -> https://example.com/

but no other subdomains than www like so:

(4) http://others.example.com -> https://others.example.com/
(5) https://others.example.com -> https://others.example.com/
Affiliate answered 1/5, 2018 at 22:43 Comment(1)
This one worked best for me!Deist
D
1

just add this code in root .htaccess file

RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]
Donavon answered 14/7, 2021 at 10:6 Comment(0)
T
0

Non of the examples worked for me, they just seemed to get stuck in a loop, the following works though.

    # match any URL with www and rewrite it to https without the www
    RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
    RewriteRule (.*) https://%2%{REQUEST_URI} [R=301,L]

    # match non https and redirect to https
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

The order matters, it will prevent a 3rd redirect in some cases.

If you want to use a sub domain (anything other than www.) just remove the first ruleset.

So for sub domains all you need is 

    # match non https and redirect to https
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

I use Cloudways services and I've found this to be the only thing that works

Thrombophlebitis answered 12/10, 2016 at 1:40 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.