homepage Welcome to WebmasterWorld Guest from 54.167.249.155
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
redirect non-www to www unless.
SSL issues force me to not always redirect.
Duskrider




msg:3578241
 10:20 pm on Feb 18, 2008 (gmt 0)

I've had a successful redirect from non-www to www on my domain for some time now. I recently, however, registered an SSL certificate for the non www version of my domain, and if I try to https to the www version it shows as not secure.

So I've had to disable the non-www to www redirect in order to view the secure portion of the site (example.com/secure), but I'd still like to enforce the redirect if the secure directory isn't involved.

Here's the code I tried (and failed).

#Redirect non-www request to www.example.com
#RewriteCond %{HTTP_HOST} !^www\. [NC]
#RewriteCond %{REQUEST_URI} !^example\.com/secure [NC]
#RewriteCond %{HTTP_HOST} ^([^.]+)\.com [NC]
#RewriteRule (.*) [%1.com...] [R=301,L]
#End www redirect

It ends up causing a loop. I do also have the following redirect for moving from non-secure to secure:

#Redirect order pages to secure site
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^secure(.+) https://example.com/secure$1 [R=301,L]
#End secure redirect

Basically I just want everything in the secure directory to be accessed via https://example.com and everything else to be http://www.example.com

I feel like I'm close but... can't... quite... make it.

Any insight? Thanks.

 

jdMorgan




msg:3578299
 11:32 pm on Feb 18, 2008 (gmt 0)

This approach might work better:

# IF request is not for a resource in /secure
RewriteCond $1 !^secure/
# AND if either the port is 443 (request is via https)
RewriteCond %{SERVER_PORT} ^443$ [OR]
# OR the hostname is not "www"
RewriteCond %{HTTP_HOST} !^www\.example\.com
# THEN externally redirect to www domain using http
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
#
# If the port is not 443 (request is via http)
RewriteCond %{SERVER_PORT} !^443$
# THEN externally redirect requests for all resources in /secure to non-www domain using https
RewriteRule ^secure/(.*) https://example.com/secure/$1 [R=301,L]

This assumes that all requests (http and https) will result in this code being executed. If you have separate DocumentRoots for http and https, then you'll have to put one of the two rules into each of the appropriate .htaccess files.

Jim

Duskrider




msg:3578551
 5:52 am on Feb 19, 2008 (gmt 0)

Works well with one small, but important, problem. When the redirect occurs, even if https is shown in the browser, the lock is not.

I thought I was seeing things, but when I replaced the old code, the lock came back. Upon closer inspection it seems as though, with the code supplied, the lock flashes for a brief moment in the browser bar then goes away.

What could cause that?

jdMorgan




msg:3581181
 3:41 pm on Feb 21, 2008 (gmt 0)

Because the client is redirected by this code, the SSL certificate handling is entirely up to the client.

Check to see what domain your SSL certificate applies to. It must exactly match the HTTPS domain displayed after the redirect is invoked.

Watch out for stale-URL-caching issues as well; Flush your cache before testing any changes to the code.

Jim

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved