1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 12:27 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

SSL error prevents redirection

SSL error prevents redirection

         

TinaMG

5:51 pm on Feb 8, 2011 (gmt 0)

10+ Year Member



My client recently decided to switch all of his sub-domains to sub-directories (because SSL works fine on the sub-directories, but shows warnings on the sub-domains).

I have implemented 301 redirects (htaccess) on all subdomains. For the most part, this is all fine. However, IE (and other browsers for some people) seems to read the SSL before the redirect. So, IE shows a certificate error/warning and doesn't redirect.

For instance:

The following redirects fine for me in Firefox, but shows a certificate error/warning in IE:
[mysubdomain.mydomain.com...]

The following redirects fine for me in Firefox and IE:
[mysubdomain.mydomain.com...]

I have added various iterations of 301 redirects to the root of the account, the root of the main domain AND the root of the subdomain. I have even added PHP redirects to the one file that lives in the subdomain's root. No matter what I do, IE seems to deal with the SSL before the redirect. Does anyone know if there is a way to force IE (and any other browser that acts the same) to process the htaccess file BEFORE dealing with the SSL request?

Thanks!

Below are some of the redirect commands I've tried/am trying:

In the subdomain root:
RewriteEngine on
RewriteBase /
RewriteCond %{HTTPS} on
RewriteRule ^(.*)$ [mydomain.com...] [R=301,L]
RewriteEngine on
RewriteCond %{HTTPS} mysubdomain.mydomain.com$ [NC]
RewriteRule (.*)$ [mydomain.com...] [R=301,L]
RewriteEngine on
RewriteCond %{HTTPS} mysubdomain.mydomain.com/index.php$ [NC]
RewriteRule (.*)$ [mydomain.com...] [R=301,L]
RewriteEngine on
RewriteCond %{HTTP_HOST} [mysubdomain.mydomain.com$...] [NC]
RewriteRule (.*)$ [mydomain.com...] [R=301,L]
RewriteEngine on
RewriteCond %{HTTP_HOST} [mysubdomain.mydomain.com...] [NC]
RewriteRule (.*)$ [mydomain.com...] [R=301,L]
RewriteEngine on
RewriteCond %{HTTP_HOST} mysubdomain.mydomain.com$ [NC]
RewriteRule (.*)$ [mydomain.com...] [R=301,L]
RewriteEngine on
RewriteCond %{HTTP_HOST} mysubdomain.mydomain.com/index.php$ [NC]
RewriteRule (.*)$ [mydomain.com...] [R=301,L]


In the account root (above the main domain root -- this is where the non-SSL subdomain redirections live and work):

RewriteEngine on
RewriteCond %{HTTPS} mysubdomain.mydomain.com$ [NC]
RewriteRule (.*)$ [mydomain.com...] [R=301,L]
RewriteEngine on
RewriteCond %{HTTPS} mysubdomain.mydomain.com/index.php$ [NC]
RewriteRule (.*)$ [mydomain.com...] [R=301,L]
RewriteEngine on
RewriteCond %{HTTP_HOST} [mysubdomain.mydomain.com$...] [NC]
RewriteRule (.*)$ [mydomain.com...] [R=301,L]
RewriteEngine on
RewriteCond %{HTTP_HOST} [mysubdomain.mydomain.com...] [NC]
RewriteRule (.*)$ [mydomain.com...] [R=301,L]
RewriteEngine on
RewriteCond %{HTTP_HOST} mysubdomain.mydomain.com$ [NC]
RewriteRule (.*)$ [mydomain.com...] [R=301,L]
RewriteEngine on
RewriteCond %{HTTP_HOST} mysubdomain.mydomain.com/index.php$ [NC]
RewriteRule (.*)$ [mydomain.com...] [R=301,L]

g1smd

6:03 pm on Feb 8, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



IE does not process the .htaccess file. Your server does.

One reason that your rules fail is that HTTP_HOST contains ONLY the host name. It does not and cannot match "index.php" or any included path.

HTTP_HOST does not contain protocol information.

HTTP will return on or off, not any host name data.

Additionally, you should never redirect to a named index file. The canonical URL for the index file in the root is example.com/ with a trailing slash. For the index file in a folder the canonical URL is example.com/folder/ - again with a trailing slash.

TinaMG

8:05 pm on Feb 8, 2011 (gmt 0)

10+ Year Member



Thanks very much for the info. Looks like I have some homework to do. All the redirects work on HTTP requests and, in the past, I have had bookmarked pages fail on the redirect because the specific default root file name wasn't specified. Perhaps that was a leftover from when we were on a Solaris server.

I did mis-write with the IE comments. Of course, IE doesn't process htaccess. However, it does appear that by simply typing "https" into IE, it somehow attempts to validate SSL before the htaccess file is processed by the server. I don't pretend to understand, particularly when I put an htaccess file in the root of our VPS. Without pointing my finger at IE, I don't know how else to explain why the redirects work for me 100% of the time in Firefox and only fail in IE when the request is HTTPS -- HTTP works fine. If everything was being output from the server, I would have the same results on both browsers (unless security exceptions were saved on one and not the other). Unless, of course, I am overlooking something, which I would not rule out.

g1smd

8:33 pm on Feb 8, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



As coded, only 3 of your 13 rules stand any chance of working.

The other 10 contain syntax errors which mean they can never run.

TinaMG

8:44 pm on Feb 8, 2011 (gmt 0)

10+ Year Member



Thanks!

TinaMG

10:10 pm on Feb 9, 2011 (gmt 0)

10+ Year Member



I am now using this -- and only this -- in the subdomain root:

RewriteEngine on
redirect 301 / [mydomain.com...]

If I type:
[mysubdomain.mydomain.com...]
into IE, Safari or Chrome, I get an SSL warning and am not redirected to the new URL unless I acknowledge the warning and tell the browser to proceed anyway.

[mysubdomain.mydomain.com...]
continues to work (redirects properly)

Firefox always redirects.

Any thoughts/ideas would be greatly appreciated.

jdMorgan

7:23 pm on Feb 17, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



SSL is validated before the client even *connects* to the server. Therefore, the only way out of this sack is to get a proper SSL certificate that allows use of any/all subdomains -- known as a "wild-card-subdomain" SSL Cert.

Install the new cert, then implement your redirects. After you are sure that any and all links on your own site(s) are pointed to the correct subdirectories, subdomains, and domains, you could wait a couple of years and then go back to using the single-domain certificate and remove the redirects. At this point, you'd be "throwing away" any inbound traffic to the "wrong" URLs, but after a couple of years, that might not be such a big loss. If you want to retain that traffic, though, you'll have to keep the wildcard cert and the redirects forever.

Jim
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 12:27 am May 2, 2026