Force non-www and https via htaccess

.htaccess mod-rewrite https no-www

24,369

Solution 1

Try this rule:

RewriteCond %{HTTP_HOST} ^(www\.)(.+) [OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)
RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]

Solution 2

Based on Gumbo's comment : "the TLS/SSL connection is established and certificate is validated before it is handed down to HTTP and the HTTP redirection takes place" I gave this a try (which seems to work):

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.blahblah.com/$1 [R,L]

RewriteCond %{HTTP_HOST} ^www\.blahblah\.com [NC]
RewriteRule ^(.*)$ https://blahblah.com/$1 [L,R=301]

please tell me if there is something wrong with this approach.

Solution 3

The only set of rules that works for me is the following

# match any URL with www and rewrite it to https without the www
    RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
    RewriteRule (.*) https://%2%{REQUEST_URI} [R=301,L]

# match non https and redirect to https
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

The order matters, it prevents a third redirect in some cases.

24,369

Author by

bear

Updated on November 12, 2021

Comments

bear over 2 years
I'm trying to force a user to be redirected to the non-www website, and, force https.

I've got this which sort of work, but doesn't force https, when http is entered.
```
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://site.com\.net/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^www\.
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
```
Any ideas on what I'm doing wrong?
Jon almost 13 years

I get the old "Connected is untrusted" message from the browser when I try visiting: https://www.mydomainname.co.uk using the htaccess from the accepted answer above. http://mydomainname.co.uk and http://www.mydomainname.co.uk both redirect fine. My certificate was generated for mydomainname.co.uk. Any ideas (or any more information you need)?
Gumbo almost 13 years

@Jon: The TLS/SSL layer is on top of HTTP (HTTPS is also known as “HTTP over TLS/SSL”). So the TLS/SSL connection is established and certificate is validated before it is handed down to HTTP and the HTTP redirection takes place. You can’t fix that.
Jon almost 13 years

Thanks for the update, just to confirm - there is no work around? (At all, or that you know of?)
Gumbo almost 13 years

@Jon: No, there is no solution to this that I know of.
bobsoap almost 9 years

This produces a redirect loop for me. I found this answer to work: stackoverflow.com/a/21467534/298218
Džuris about 7 years

I got a redirect loop as weel when using a subdomain.