htaccess force https and redirect www to non-www, but no other subdomains

regex apache .htaccess mod-rewrite https

22,570

Solution 1

Put this code in your DOCUMENT_ROOT/.htaccess file:

RewriteEngine On

RewriteCond %{HTTPS} off
RewriteCond %{ENV:HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]

RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]

Solution 2

I found most of the suggestions were not catching when you had something that was https://www.example.com and redirecting to https://example.com.

The following worked for all permutations:

RewriteEngine On

# match any URL with www and rewrite it to https without the www
RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]

# match urls that are non https (without the www)
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^(www\.)(.*) [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Hope this helps someone!

Solution 3

To Force using HTTPS

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

To Force www to non www

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.bewebdeveloper.com$
RewriteRule ^(.*) http://bewebdeveloper.com/$1  [QSA,L,R=301]

Solution 4

RewriteEngine on


RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.([^.]+\.[^.]+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]

This script will redirect

https://domain.com

while preserving the subdomain.

View more solutions

22,570

sub_lunar

Updated on July 15, 2021

Comments

sub_lunar almost 3 years
I know there are many similar threads, but none of them seems to match my exact problem. Here is what I’m trying to do:
```
(1) http://www.mydomain.com/ -> https://mydomain.com/
(2) http://mydomain.com/     -> https://mydomain.com/
(3) https://www.mydomain.com -> https://mydomain.com/
```
Ideally, I would also like to cover the situation if I will ever add more subdomains, to automatically behave like the following (preferably in a generic way that will work for any subdomain I add).
```
(4) http://sub.mydomain.com/ -> https://sub.mydomain.com/
```
At this point I’m wondering if it is even possible to create a single .htaccess file that does everything I need, although I have to admit that I understand regexes, but I’m not exactly a mod_rewrite uberpro.

Here are the solutions that I already tried:
- Force non-www and https via htaccess
  - Sort of works, but seems to generate a redirect loop
- .htaccess redirect www to non-www with SSL/HTTPS
  - Works for (1) and (3), but not for (2)
- htaccess force www to non-www with consideration of http or https
  - Redirects to http://mydomain.com/ (without https) for (1)
  - Does nothing for (2)
  - Redirects to http://mydomain.com/ (without https) for (3)
My SSL certificate covers the www-subdomain, so I’m not looking for a 'untrusted connection' error solution, I’m aware that isn’t possible.
sub_lunar over 10 years

Although that seems to do the job of redirecting everything to mydomain.com, there seem to be too many redirections going on. In Detail, here’s what browsers tell me for (1) through (3), including the desired redirection target: Opera: 301 Moved Permanently. The document has moved here (link to mydomain.com, leads to same result) Chromium: This webpage has a redirect loop Firefox: The page isn't redirecting properly. […] in a way that will never complete. May that be caused by the redirect=301 in the rewrite rule?
sub_lunar over 10 years

Sorry, I’m still getting the same issues. I hope it’s not something else that I’m doing wrong and am not aware of (of course I wiped all cached data, cookies and whatnot from my browsers before testing again). Maybe I’ll go with just forcing https and leaving the www-subdomain as a remainder of internet history ... maybe it’s not that important after all. Nevertheless, thank you very much for your efforts in writing me a nice universal htaccess-file, I appreciate it.
sub_lunar over 10 years

Yep, I just tried a fresh new virtual machine with some new browsers, definitely without any history. Still getting the redirect loop :-(
sub_lunar over 10 years

Here are screenshots of the http headers as shown in firebug of how I try to access, in that order: http://www.edelextra.biz/, http://edelextra.biz/, https://www.edelextra.biz/ and https://edelextra.biz – there are always about 20 '301 Moved Permanently's until it stops trying. imgur.com/a/pbpcn
sub_lunar over 10 years

Still no luck … well, the redirect loop is gone! But, so is the website :-) New screenshots! imgur.com/a/4G8kL
sub_lunar over 10 years

It’s doing the looping again. imgur.com/a/XXDCk – But, please, I don’t want to be stealing your time here! As mentioned in my second comment, the www-subdomain is not my biggest problem right now, so if it’s impossible to do, just let it be ... maybe I’ll figure out how to do it someday when I have the time ;-)
sub_lunar over 10 years

Still a loop, but no more redirection of www, apparently. imgur.com/a/kot4X – stop it! :-)
sub_lunar about 10 years

Hm … seems to be more difficult than I expected. I have only static HTML files for testing in this new webspace, no CMS, CGI scripts or stuff using mod_rewrite that might interfere with the rules in this .htaccess. I opened a support ticket at my hoster now, told them what I’m trying to do and asked if they have any global configs that could be getting in my way. Let’s see what they say!
sub_lunar about 10 years

Turns out that %{HTTPS} is a feature of mod_ssl, which isn’t running on my hoster’s machines. Instead, they use pound as HTTPS-frontend, which offers the environment variable %{ENV:HTTPS}. So I added a line to check for that and left the old in to work on legacy setups as well. My finally-working .htaccess looks like this now: RewriteEngine On RewriteCond %{HTTPS} !=on RewriteCond %{ENV:HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE] RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]
sub_lunar about 10 years

Oh sorry, the linebreaks in my last post were omitted; but I think you get what I mean. Maybe you’ll like to include RewriteCond %{ENV:HTTPS} !=on in your otherwise perfectly working well-crafted code above, so I can mark this as answered! And thank you very much for your patience!
Jack over 8 years

Hi, this doesn't seem to be redirecting http://domain.com -> https://domain.com. Is it like this for anyone else?
anubhava over 8 years

@JackNicholson: Try commenting RewriteCond %{ENV:HTTPS} off line and retest. If it still doesn't work then please post a new question with more details.
Jackson over 7 years

Worked for me as an .htaccess file; but still didn't redirect https://www.example.com to https://example.com when used in a <Directory> block under a virtual host config file. Any idea how to adapt it for that case?
Jackson over 7 years

Please disregard my last comment. My redirection logic was getting overwritten by another virtual host that letsencrypt (certbot) had generated; your rewrite rules worked for me when I added them to a <Directory> block under both my *:80 and *:443 virtual hosts.
kimbaudi over 7 years

This solution handles rewriting https://www.example.com to https://example.com. I also had to include this in both *:80 and *:443 virtual host to get it working.