Welcome to WebmasterWorld Guest from 54.159.242.217

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

redirect non-www to www unless.

SSL issues force me to not always redirect.

     
10:20 pm on Feb 18, 2008 (gmt 0)

Junior Member

10+ Year Member

joined:May 31, 2006
posts:116
votes: 0


I've had a successful redirect from non-www to www on my domain for some time now. I recently, however, registered an SSL certificate for the non www version of my domain, and if I try to https to the www version it shows as not secure.

So I've had to disable the non-www to www redirect in order to view the secure portion of the site (example.com/secure), but I'd still like to enforce the redirect if the secure directory isn't involved.

Here's the code I tried (and failed).

#Redirect non-www request to www.example.com
#RewriteCond %{HTTP_HOST} !^www\. [NC]
#RewriteCond %{REQUEST_URI} !^example\.com/secure [NC]
#RewriteCond %{HTTP_HOST} ^([^.]+)\.com [NC]
#RewriteRule (.*) [%1.com...] [R=301,L]
#End www redirect

It ends up causing a loop. I do also have the following redirect for moving from non-secure to secure:

#Redirect order pages to secure site
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^secure(.+) [example.com...] [R=301,L]
#End secure redirect

Basically I just want everything in the secure directory to be accessed via [example.com...] and everything else to be http://www.example.com

I feel like I'm close but... can't... quite... make it.

Any insight? Thanks.

11:32 pm on Feb 18, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


This approach might work better:

# IF request is not for a resource in /secure
RewriteCond $1 !^secure/
# AND if either the port is 443 (request is via https)
RewriteCond %{SERVER_PORT} ^443$ [OR]
# OR the hostname is not "www"
RewriteCond %{HTTP_HOST} !^www\.example\.com
# THEN externally redirect to www domain using http
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
#
# If the port is not 443 (request is via http)
RewriteCond %{SERVER_PORT} !^443$
# THEN externally redirect requests for all resources in /secure to non-www domain using https
RewriteRule ^secure/(.*) https://example.com/secure/$1 [R=301,L]

This assumes that all requests (http and https) will result in this code being executed. If you have separate DocumentRoots for http and https, then you'll have to put one of the two rules into each of the appropriate .htaccess files.

Jim

5:52 am on Feb 19, 2008 (gmt 0)

Junior Member

10+ Year Member

joined:May 31, 2006
posts:116
votes: 0


Works well with one small, but important, problem. When the redirect occurs, even if https is shown in the browser, the lock is not.

I thought I was seeing things, but when I replaced the old code, the lock came back. Upon closer inspection it seems as though, with the code supplied, the lock flashes for a brief moment in the browser bar then goes away.

What could cause that?

3:41 pm on Feb 21, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Because the client is redirected by this code, the SSL certificate handling is entirely up to the client.

Check to see what domain your SSL certificate applies to. It must exactly match the HTTPS domain displayed after the redirect is invoked.

Watch out for stale-URL-caching issues as well; Flush your cache before testing any changes to the code.

Jim

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members