Redirect specific SSL url to other domain with similar

Forum Moderators: phranque

Message Too Old, No Replies

Redirect specific SSL url to other domain with similar

AnyGoodNameWillDo

9:54 am on Jan 14, 2011 (gmt 0)

My SSL Certificat is for "my-german-domain.net".

My site is available under "http://my-german-domain.net" and "http://my-english-domain.net" and the "www" versions.

I want certain sections of my website to use SSL. Joomla CMS automatically redirects these pages to the corresponding "https://" url.

It is only possible to have one Certificat for one serverspace, thus I cannot use the SSL under "my-english-domain.net".

So, I wanted to use .htaccess to rewrite all SSL request on the English domain to be rewritten to the German domain.

I came up with:

RewriteEngine On

## redirect english domain ssl requests to german domain
RewriteRule ^https://(www\.)?my-english-domain.net(.*)$ https://$1my-german-domain.net$2 [R,L]

But, when I enter like "https://www.my-english-domain.net/component/something.html" it does not get redirected and my browser warns about the mismatch between url and certificat.

It seems I am doing something wrong.

jdMorgan

2:36 pm on Jan 14, 2011 (gmt 0)

The code has several errors, most importantly those that reflect a misunderstanding of which values are present in which server variables as well as how back-references are assigned and named. The corrected code would look like this:


# Externally redirect English-domain SSL requests to German domain
RewriteCond %{SERVER_PORT} =443
# alternate version of preceding directive required by some server configurations (commented-out)
# RewriteCond %{HTTPS} =on [NC]
RewriteCond %{HTTP_HOST} ^(www\.)?my-english-domain\.net [NC]
RewriteRule ^(.*)$ https://%1my-german-domain.net/$1 [R=302,L]

However, since SSL auth is performed before any mod_rewrite code is executed, you may still get security warnings, even with this technically-correct code. If this occurs, you may need to re-architect your site so that domain redirection is only performed on non-SSL pages, and simply offer a "click here to go to the German domain" interstitial page if an English page request is made via SSL.

Alternatively, set up the English and German sites on two separate server instances, with proper SSL certificates for each.

Also it is generally recommended to canonicalize hostnames, so that you do not create duplicate-content problems and so that you do not have to handle both the "www" and non-www cases in every rule. That is, pick either the "www" hostname or the non-www hostname as your correct and canonical hostname, and always redirect requests for the "wrong one" to the "right one."

Assuming that you want the non-www hostname as your canonical hostname, in the code above, this would involve removing the "%1" back-reference from the RewriteRule substitution, and then following that rule with another one:


RewriteCond %{HTTP_HOST} ^([^.]+\.)*my-english-domain\.net [NC]
RewriteCond %{HTTP_HOST} !^my-english-domain\.net$
RewriteRule ^(.*)$ http://my-english-domain.net/$1 [R=301,L]

A similar hostname-canonicalization rule should be installed on your German domain to handle any non-canonical-hostname requests arriving at that server which *have not* been redirected from the English domain, and which therefore have not already been checked for canonical hostname.

All variations in pattern-anchoring and case-sensitivity in the code above are intentional.

Additional canonicalization redirects are also recommended, such as redirecting requests for "my-<language>-domain/index.php" to "my-<language>-domain/" to eliminate duplicate-content between "/index.xyz" and "/".

Rule order is critical -- See the thread in our Apache Forum Library titled "Proper order for htaccess" for more information.

Jim

[edit] Corrected as noted below. [/edit]

[edited by: jdMorgan at 3:52 pm (utc) on Jan 16, 2011]

AnyGoodNameWillDo

3:38 pm on Jan 16, 2011 (gmt 0)

Thank you!

I tried the redirect, but that gave a certificat error, as you predicted.

I tried the canonical hostname part, but it seemed not to work. I found this, which did:


#Rules to canonotize the domains to be without www
RewriteCond %{HTTP_HOST} ^www\.my-english.domain\.net$
RewriteRule ^ http://my-english.domain.net%{REQUEST_URI} [L,R=301]

I picked up your suggestion to programmatically rewrite the ssl request for the English domain, adapting sslredirect.php in Joomla.


 // Redirect to SSL
if($redirect == true) {
  $uri->setScheme('https');
  // adaptation to redirect English domain to German domain
  if ($_SERVER['HTTP_HOST']=='my-english-domain.net') $uri->setHost('my-german-domain.net');
  $application->redirect($uri->toString());
}

Having separate servers for each domain name would be a sollution, but is not within the budget at the moment.

jdMorgan

3:57 pm on Jan 16, 2011 (gmt 0)

> I tried the canonical hostname part, but it seemed not to work. I found this, which did.

I only "worked a little bit," though... Try requesting any of these:

www.my-english.domain.net.
www.my-english.domain.net:80
www.my-english.domain.net.:80
www.my-english.domain.net:443
www.my-english.domain.net.:443
my-english.domain.net.
my-english.domain.net:80
my-english.domain.net.:80
my-english.domain.net:443
my-english.domain.net.:443
junk.my-english.domain.net
foo.my-english.domain.net.
bar.my-english.domain.net:80
quux.my-english.domain.net.:80
rats.my-english.domain.net:443
trash.my-english.domain.net.:443
etc...

These are all perfectly-valid but non-canonical hostnames, but none of them will be canonicalized by your new "rule that works." Your testing was not thorough enough.

The reason my rule above did not work is because there was a typo -- a missing quantifier in the regular-expressions pattern for subdomain detection. I have corrected this error in the code above.

Jim

AnyGoodNameWillDo

10:38 pm on Jan 16, 2011 (gmt 0)

yes, that worked fine. Thank you very much!