Force non-www and https via htaccess
24,369
Solution 1
Try this rule:
RewriteCond %{HTTP_HOST} ^(www\.)(.+) [OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)
RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]
Solution 2
Based on Gumbo's comment : "the TLS/SSL connection is established and certificate is validated before it is handed down to HTTP and the HTTP redirection takes place" I gave this a try (which seems to work):
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.blahblah.com/$1 [R,L]
RewriteCond %{HTTP_HOST} ^www\.blahblah\.com [NC]
RewriteRule ^(.*)$ https://blahblah.com/$1 [L,R=301]
please tell me if there is something wrong with this approach.
Solution 3
The only set of rules that works for me is the following
# match any URL with www and rewrite it to https without the www
RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
RewriteRule (.*) https://%2%{REQUEST_URI} [R=301,L]
# match non https and redirect to https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
The order matters, it prevents a third redirect in some cases.
Author by
bear
Updated on November 12, 2021Comments
-
bear over 2 years
I'm trying to force a user to be redirected to the non-www website, and, force https.
I've got this which sort of work, but doesn't force https, when http is entered.
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://site.com\.net/$1 [R=301,L] RewriteCond %{HTTP_HOST} ^www\. RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
Any ideas on what I'm doing wrong?
-
Jon almost 13 yearsI get the old "Connected is untrusted" message from the browser when I try visiting:
https://www.mydomainname.co.uk
using the htaccess from the accepted answer above.http://mydomainname.co.uk
andhttp://www.mydomainname.co.uk
both redirect fine. My certificate was generated formydomainname.co.uk
. Any ideas (or any more information you need)? -
Gumbo almost 13 years@Jon: The TLS/SSL layer is on top of HTTP (HTTPS is also known as “HTTP over TLS/SSL”). So the TLS/SSL connection is established and certificate is validated before it is handed down to HTTP and the HTTP redirection takes place. You can’t fix that.
-
Jon almost 13 yearsThanks for the update, just to confirm - there is no work around? (At all, or that you know of?)
-
Gumbo almost 13 years@Jon: No, there is no solution to this that I know of.
-
bobsoap almost 9 yearsThis produces a redirect loop for me. I found this answer to work: stackoverflow.com/a/21467534/298218
-
Džuris about 7 yearsI got a redirect loop as weel when using a subdomain.