htaccess force https and redirect www to non-www, but no other subdomains
Solution 1
Put this code in your DOCUMENT_ROOT/.htaccess
file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{ENV:HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]
Solution 2
I found most of the suggestions were not catching when you had something that was https://www.example.com and redirecting to https://example.com.
The following worked for all permutations:
RewriteEngine On
# match any URL with www and rewrite it to https without the www
RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]
# match urls that are non https (without the www)
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^(www\.)(.*) [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Hope this helps someone!
Solution 3
To Force using HTTPS
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
To Force www to non www
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.bewebdeveloper.com$
RewriteRule ^(.*) http://bewebdeveloper.com/$1 [QSA,L,R=301]
Solution 4
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.([^.]+\.[^.]+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]
This script will redirect
to
while preserving the subdomain.
Related videos on Youtube
sub_lunar
Updated on July 15, 2021Comments
-
sub_lunar almost 3 years
I know there are many similar threads, but none of them seems to match my exact problem. Here is what I’m trying to do:
(1) http://www.mydomain.com/ -> https://mydomain.com/ (2) http://mydomain.com/ -> https://mydomain.com/ (3) https://www.mydomain.com -> https://mydomain.com/
Ideally, I would also like to cover the situation if I will ever add more subdomains, to automatically behave like the following (preferably in a generic way that will work for any subdomain I add).
(4) http://sub.mydomain.com/ -> https://sub.mydomain.com/
At this point I’m wondering if it is even possible to create a single .htaccess file that does everything I need, although I have to admit that I understand regexes, but I’m not exactly a mod_rewrite uberpro.
Here are the solutions that I already tried:
-
Force non-www and https via htaccess
- Sort of works, but seems to generate a redirect loop
-
.htaccess redirect www to non-www with SSL/HTTPS
- Works for (1) and (3), but not for (2)
-
htaccess force www to non-www with consideration of http or https
- Redirects to http://mydomain.com/ (without https) for (1)
- Does nothing for (2)
- Redirects to http://mydomain.com/ (without https) for (3)
My SSL certificate covers the www-subdomain, so I’m not looking for a 'untrusted connection' error solution, I’m aware that isn’t possible.
-
Force non-www and https via htaccess
-
sub_lunar over 10 yearsAlthough that seems to do the job of redirecting everything to mydomain.com, there seem to be too many redirections going on. In Detail, here’s what browsers tell me for (1) through (3), including the desired redirection target: Opera: 301 Moved Permanently. The document has moved here (link to mydomain.com, leads to same result) Chromium: This webpage has a redirect loop Firefox: The page isn't redirecting properly. […] in a way that will never complete. May that be caused by the redirect=301 in the rewrite rule?
-
sub_lunar over 10 yearsSorry, I’m still getting the same issues. I hope it’s not something else that I’m doing wrong and am not aware of (of course I wiped all cached data, cookies and whatnot from my browsers before testing again). Maybe I’ll go with just forcing https and leaving the www-subdomain as a remainder of internet history ... maybe it’s not that important after all. Nevertheless, thank you very much for your efforts in writing me a nice universal htaccess-file, I appreciate it.
-
sub_lunar over 10 yearsYep, I just tried a fresh new virtual machine with some new browsers, definitely without any history. Still getting the redirect loop :-(
-
sub_lunar over 10 yearsHere are screenshots of the http headers as shown in firebug of how I try to access, in that order:
http://www.edelextra.biz/
,http://edelextra.biz/
,https://www.edelextra.biz/
andhttps://edelextra.biz
– there are always about 20 '301 Moved Permanently's until it stops trying. imgur.com/a/pbpcn -
sub_lunar over 10 yearsStill no luck … well, the redirect loop is gone! But, so is the website :-) New screenshots! imgur.com/a/4G8kL
-
sub_lunar over 10 yearsIt’s doing the looping again. imgur.com/a/XXDCk – But, please, I don’t want to be stealing your time here! As mentioned in my second comment, the www-subdomain is not my biggest problem right now, so if it’s impossible to do, just let it be ... maybe I’ll figure out how to do it someday when I have the time ;-)
-
sub_lunar over 10 yearsStill a loop, but no more redirection of www, apparently. imgur.com/a/kot4X – stop it! :-)
-
sub_lunar about 10 yearsHm … seems to be more difficult than I expected. I have only static HTML files for testing in this new webspace, no CMS, CGI scripts or stuff using mod_rewrite that might interfere with the rules in this .htaccess. I opened a support ticket at my hoster now, told them what I’m trying to do and asked if they have any global configs that could be getting in my way. Let’s see what they say!
-
sub_lunar about 10 yearsTurns out that
%{HTTPS}
is a feature of mod_ssl, which isn’t running on my hoster’s machines. Instead, they use pound as HTTPS-frontend, which offers the environment variable%{ENV:HTTPS}
. So I added a line to check for that and left the old in to work on legacy setups as well. My finally-working .htaccess looks like this now:RewriteEngine On RewriteCond %{HTTPS} !=on RewriteCond %{ENV:HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE] RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]
-
sub_lunar about 10 yearsOh sorry, the linebreaks in my last post were omitted; but I think you get what I mean. Maybe you’ll like to include
RewriteCond %{ENV:HTTPS} !=on
in your otherwise perfectly working well-crafted code above, so I can mark this as answered! And thank you very much for your patience! -
Jack over 8 yearsHi, this doesn't seem to be redirecting
http://domain.com
->https://domain.com
. Is it like this for anyone else? -
anubhava over 8 years@JackNicholson: Try commenting
RewriteCond %{ENV:HTTPS} off
line and retest. If it still doesn't work then please post a new question with more details. -
Jackson over 7 yearsWorked for me as an
.htaccess
file; but still didn't redirecthttps://www.example.com
tohttps://example.com
when used in a<Directory>
block under a virtual host config file. Any idea how to adapt it for that case? -
Jackson over 7 yearsPlease disregard my last comment. My redirection logic was getting overwritten by another virtual host that letsencrypt (certbot) had generated; your rewrite rules worked for me when I added them to a
<Directory>
block under both my*:80
and*:443
virtual hosts. -
kimbaudi over 7 yearsThis solution handles rewriting
https://www.example.com
tohttps://example.com
. I also had to include this in both*:80
and*:443
virtual host to get it working.