Best Practice: 301 Redirect HTTP to HTTPS (Standard Domain)

.htaccess mod-rewrite redirect https url-redirection
97,904

Solution 1

To start with your favorite solution:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
    RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
</IfModule>

In the part handling non-https URLs you are redirecting to %{HTTP_HOST}. Then, in case your host name started with "www", a second redirect has to take place to send you from https://www.domain.tld to https://domain.tld which is supposed to be your final destination.

You can shorten this by using 

RewriteRule ^(.*)$ https://domain.tld/%{REQUEST_URI} [L,R=301]

directly in the first rule. The second rule would then only apply to clients, who try to access https://www.domain.tld.

Alternative 1. does not work for the same reason (missing the case that HTTP_HOST could be www.domain.tld) and additionally because of the missing [L,R=301]. This is necessary because you do not just rewrite an URL here, like you could do in other types of rewrite rules. You are requesting the client to change the type of it's request - this is why you are sending him a HTTP code of 301.

Concerning the match part of the RewriteRule itself, you should be consistent: if you want to capture parts of the URI you will use a regular expression with parentheses. As you are in fact using it as a whole here it is fine to just use one of the alternatives for "anything", like ^ and use %{REQUEST_URI} later. If you use some capturing (i.e. (some_regex) you should reference it in the target by using $1 (or whatever you are going to reference) here.

In your 3rd alternative, again www + https is missing.

You can check if https is off or if the domain name contains a leading "www" in one rule, however rewrite conditions are implicitly connected with "and".

So it should read:

RewriteCond %{HTTPS} off          [OR]
RewriteCond %{HTTP_HOST} ^www\.   [NC]
RewriteRule ^ https://domain.tld%{REQUEST_URI} [R=301,L,NE]

The NE is necessary for passing on things like GET-parameters and the like on to the new URI unchanged, see:

http://httpd.apache.org/docs/2.4/rewrite/flags.html

Solution 2

So, condensing, this becomes;

RewriteEngine On 
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC] 
RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L,NE]

Let me know if you see any bugs

Solution 3

    RewriteEngine On   
    RewriteCond %{HTTPS} off
    RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    RewriteCond %{HTTP_HOST} !^www\.
    RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Nothing to change just copy and paste.

Share:
97,904
dash
Author by

dash

Updated on August 17, 2020

Comments

  • dash
    dash over 3 years

    I have been searching for the perfect 301 redirect. But I am finding so many solutions and do not know what’s best.

    Here is what I want to do

    Best practice .htacess?

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
    RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
</IfModule>

    This is my preferred code. At least unil now.

    Alternative ways

    I also found a lot of other ways to redirect from HTTP to HTTPS. For example:

    1.

    RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    Missing one step? And no [R=301,L] here?

    2.

    RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    Is a different order generally better?

    Should I use

    RewriteRule ^(.*)$

    instead of

    RewriteRule (.*)

    ?

    3.

    RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} example\.com$ [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L,NE]

    Does using the full domain name have any performance advantages? Do I really need NE? ([R=301,L,NE] vs. [L,R=301])

    So, my question to all experts: What's the best (performing) way to redirect both from HTTP to HTTPS and from to HTTPS:// ?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Redirect non-www and non-http to https
Redirect http to https in laravel 5.2
htaccess redirect to https://www
Why is Apache Permanent Redirect removing the slash between the domain and the path?
htaccess Redirect One File to Another
RewriteCond not working on force https for HTTP_HOST
Temporary redirect to maintenance page
Redirect NON-www to www for https
How to keep original URL in addressbar after RewriteRule
Redirect only one folder to HTTPS, all others to HTTP