Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL & phranque

redirect non-www to www unless.

SSL issues force me to not always redirect.

10:20 pm on Feb 18, 2008 (gmt 0)

5+ Year Member

I've had a successful redirect from non-www to www on my domain for some time now. I recently, however, registered an SSL certificate for the non www version of my domain, and if I try to https to the www version it shows as not secure.

So I've had to disable the non-www to www redirect in order to view the secure portion of the site (example.com/secure), but I'd still like to enforce the redirect if the secure directory isn't involved.

Here's the code I tried (and failed).

#Redirect non-www request to www.example.com
#RewriteCond %{HTTP_HOST} !^www\. [NC]
#RewriteCond %{REQUEST_URI} !^example\.com/secure [NC]
#RewriteCond %{HTTP_HOST} ^([^.]+)\.com [NC]
#RewriteRule (.*) [%1.com...] [R=301,L]
#End www redirect

It ends up causing a loop. I do also have the following redirect for moving from non-secure to secure:

#Redirect order pages to secure site
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^secure(.+) [example.com...] [R=301,L]
#End secure redirect

Basically I just want everything in the secure directory to be accessed via [example.com...] and everything else to be http://www.example.com

I feel like I'm close but... can't... quite... make it.

Any insight? Thanks.

11:32 pm on Feb 18, 2008 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

This approach might work better:

# IF request is not for a resource in /secure
RewriteCond $1 !^secure/
# AND if either the port is 443 (request is via https)
RewriteCond %{SERVER_PORT} ^443$ [OR]
# OR the hostname is not "www"
RewriteCond %{HTTP_HOST} !^www\.example\.com
# THEN externally redirect to www domain using http
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
# If the port is not 443 (request is via http)
RewriteCond %{SERVER_PORT} !^443$
# THEN externally redirect requests for all resources in /secure to non-www domain using https
RewriteRule ^secure/(.*) https://example.com/secure/$1 [R=301,L]

This assumes that all requests (http and https) will result in this code being executed. If you have separate DocumentRoots for http and https, then you'll have to put one of the two rules into each of the appropriate .htaccess files.


5:52 am on Feb 19, 2008 (gmt 0)

5+ Year Member

Works well with one small, but important, problem. When the redirect occurs, even if https is shown in the browser, the lock is not.

I thought I was seeing things, but when I replaced the old code, the lock came back. Upon closer inspection it seems as though, with the code supplied, the lock flashes for a brief moment in the browser bar then goes away.

What could cause that?

3:41 pm on Feb 21, 2008 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

Because the client is redirected by this code, the SSL certificate handling is entirely up to the client.

Check to see what domain your SSL certificate applies to. It must exactly match the HTTPS domain displayed after the redirect is invoked.

Watch out for stale-URL-caching issues as well; Flush your cache before testing any changes to the code.



Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month