Redirect permanent vs RedirectMatch, which is better to enforce SSL security in Apache?
Either a Redirect or a RedirectMatch can be 301 or 302, depending on how you invoke it, so that is not the difference between the two.
DIFFERENCES & MEANINGS:
The difference is that Redirect
only matches a simple URL-PATH, while RedirectMatch
allows you to use regex pattern matching.
Also, a 301 is a permanent redirect, and a 302 is a temporary redirect.
SEARCHING FOR GODOT
To preserve search engine ranking you should always use 301 redirects. Ideally for SEO you want some consistency in protocol and FQDN, so it goes well beyond just enforcing SSL/TLS.
So let's say your "complete" URL for your home page is:
https://www.example.com/index.php
Though you may have a server that is not case sensitivity, and that aliases all subdomains to the root domain, and that will use the file 'index' if it is not implicit in the path, such that you get to the same location by entering only
example.com
into the browser's location field. While that certainly makes it easy for a user to directly type in just example.com
it creates potential problems for SEO. If this is how your sever is set up then ALL of these URLs resolve to the exact same content:
https://www.example.com/index.php
https://www.example.com/index
https://www.example.com/
https://example.com/index.php
https://example.com/index
https://example.com/
http://www.example.com/index.php
http://www.example.com/index
http://www.example.com/
http://example.com/index.php
http://example.com/index
http://example.com/
But even though your server may think these are all the same, and the content served is identical, Google considers them all to be unique URLs, and when they determine that these 12 URLs serve duplicate content, you will be penalized in search rankings.
And it's not enough to just ensure all your internal links are specified as the preferred URL — some fan of your site is undoubtedly going to post a link, and write the link as http://example.com
when you'd prefer https://www.example.com
so you need Google to know that http://example.com
should be interpreted as your preferred, and the way to do this is with PERMANENT redirects.
Now you can make a Redirect
or a RedirectMatch
permanent (301) just by adding 301 to the line:
Redirect 301 /here/ https:www.example.com/there/
RedirectMatch 301 /here/(.*) https:www.example.com/there/$1
Also, for a permanent redirection these variations:
Redirect 301
Redirect Permanent
RedirectPermanent
all mean exactly the same thing.
a ROSE is not a Rose is not a rose is not a RoSe
I haven't even gotten into trailing slashes and case sensitivity on directories or parameters, but these make a difference too. The only time Google does not care about case or trailing slash is in the root domain.
All of these are identical to google:
www.MyFunDomain.com/
www.MyFunDomain.com
www.myfundomain.com/
www.myfundomain.com
WWW.MyFuNdOmAiN.COM
This is because the spec for domain names is case insensitive. But these:
example.com/MyPath/
example.com/MyPath
example.com/mypath/
example.com/mypath
example.com/mYpAtH
Are all considered DIFFERENT even if your system or server considers them to be the same. While trailing slashes are not required on the TLD, they ARE required on all paths. le.com/mypath/
implies le.com/mypath/index.html
and le.com/mypath
implies le.com/mypath.html
.
BEST PRACTICES
The solution to this is:
1) Make a house standard that all paths and file names be lower case ONLY.
2) Setup rewrite rules to make permanent 301 redirects for all variations in scheme, subdomain, trailing path slash, and file extension.
Because the possibilities are practically endless, and Redirect
requires case sensitive paths, RedirectMatch
or Rewrite
are better choices, so that every possible variation in:
https://www.example.com/sitepath/
is shown to the Google crawlers exactly that way, and not
http://example.com/SitePath/index.php
I'm not going to post a specific example of a rewrite rule because there are too many variables (including HSTS issues) and ways to create problems. Instead I'll refer you to Dan Morell's pretty excellent tutorials for NON HSTS sites and a separate link for HSTS sites.
Related videos on Youtube
Ulukai
Updated on September 18, 2022Comments
-
Ulukai almost 2 years
I have been using:
RedirectMatch /(.*) https://www.website.com/$1
to enforce redirection from virtualhost 80 to 443 in apache.
My reasoning is that it makes sense to grab anything that the user puts in and translate it directly to https. Yet, I have seen this used quite often as well:
Redirect permanent / https://www.website.com/
Which I have not been using because I am assuming it would not be an exact translation of the addressed typed by the user to https.
Which one is best to enforce encryption for the whole site together with using Strict Transport Security?
-
Ulukai over 8 yearsCould you elaborate a bit more please? What are the advantages of 302 over 301? Thank you
-
Ulukai over 8 yearsAnd actually, I think you mean the other way around?
-
MastaJeet over 8 yearsYeah, I mean the other way around. :) The benefit is that a 301 is cacheable and both Google and Bing will display the https site in search results. Both of these provide a small performance increase by eliminating a request.