Login/Register
Force non-www and https via htaccess
Asked Answered
Solved .htaccessmod-rewritehttpsno-www
C

4

21

I'm trying to force a user to be redirected to the non-www website, and, force https.

I've got this which sort of work, but doesn't force https, when http is entered. 

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://site.com\.net/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^www\.
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

Any ideas on what I'm doing wrong?

Condensable answered 14/6, 2011 at 16:55 Comment(0)
T
51

Try this rule:

RewriteCond %{HTTP_HOST} ^(www\.)(.+) [OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)
RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]
Toler answered 14/6, 2011 at 16:59 Comment(6)
I get the old "Connected is untrusted" message from the browser when I try visiting: https://www.mydomainname.co.uk using the htaccess from the accepted answer above. http://mydomainname.co.uk and http://www.mydomainname.co.uk both redirect fine. My certificate was generated for mydomainname.co.uk. Any ideas (or any more information you need)?Respire
@Jon: The TLS/SSL layer is on top of HTTP (HTTPS is also known as “HTTP over TLS/SSL”). So the TLS/SSL connection is established and certificate is validated before it is handed down to HTTP and the HTTP redirection takes place. You can’t fix that.Toler
Thanks for the update, just to confirm - there is no work around? (At all, or that you know of?)Respire
@Jon: No, there is no solution to this that I know of.Toler
This produces a redirect loop for me. I found this answer to work: https://mcmap.net/q/260286/-htaccess-force-https-and-redirect-www-to-non-www-but-no-other-subdomainsSpatola
I got a redirect loop as weel when using a subdomain.Demonize
P
5

Based on Gumbo's comment : "the TLS/SSL connection is established and certificate is validated before it is handed down to HTTP and the HTTP redirection takes place" I gave this a try (which seems to work):

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.blahblah.com/$1 [R,L]

RewriteCond %{HTTP_HOST} ^www\.blahblah\.com [NC]
RewriteRule ^(.*)$ https://blahblah.com/$1 [L,R=301]

please tell me if there is something wrong with this approach.

Pereyra answered 11/9, 2014 at 23:23 Comment(0)
L
4

The only set of rules that works for me is the following

# match any URL with www and rewrite it to https without the www
    RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
    RewriteRule (.*) https://%2%{REQUEST_URI} [R=301,L]

# match non https and redirect to https
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

The order matters, it prevents a third redirect in some cases.

Libau answered 12/10, 2016 at 1:44 Comment(0)
F
0

With this code I rediret from http and www and none www to https none www. Just pay attenstion that the place you insert the code in htaccess is important:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
Fibrinous answered 12/11, 2021 at 6:2 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.