allow my visitors to use http OR https:

Forum Moderators: phranque

Message Too Old, No Replies

allow my visitors to use http OR https:

while specifying http: as canonical

crobb305

9:53 pm on Apr 4, 2011 (gmt 0)

I want my visitors to be able to add https: to the address bar if it makes them more comfortable.

I have various rules in my htaccess that rewrite to http: as canonical (add 'www', add trailing slash, etc)

For example, I have this rule:

#Redirect external hotlinks and other non-canonical requests to canonical
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

When I type in [example.com...] in the address bar, I am redirected to http: (this causes a security alert to pop up that tells the visitor the certificate was signed by an untrusted source (the source is very well known and trusted)).

In the example code above, is there a way to force www and a trailing slash while allowing https OR http?

If I accomplish this, how do I tell the search engines to only index http:?

C

g1smd

10:11 pm on Apr 4, 2011 (gmt 0)

I haven't fully thought this through, but something like this...

RewriteCond %{USER_AGENT} Googlebot|BingBot
RewriteCond %{SERVER_PORT} ^443$
RewriteRule (.*) http://www.example.com/$1 [R=301,L]

RewriteCond %{USER_AGENT} !(Googlebot|BingBot)
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
RewriteRule (.*) http://www.example.com/$1 [R=301,L]

RewriteCond %{USER_AGENT} !(Googlebot|BingBot)
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
RewriteRule (.*) https://www.example.com/$1 [R=301,L]

crobb305

10:17 pm on Apr 4, 2011 (gmt 0)

Thank you for those. I may try them, but I am a little nervous about affecting my SEO. My main concern is getting around the certificate errors when someone tries to type https. I really doubt googlebot would encounter any https links because none exist.

Is there a way to utilize my existing hot-linking and www rules to allow both http and https? As it stands now (like in my example), I am specifically writing to http:

crobb305

1:20 am on Apr 5, 2011 (gmt 0)

I guess it's really kind of unnecessary right now, but I have this SSL cert and thought I'd use it. I am getting a security error on my https to http redirect when www isn't specified (despite my non-www to www rule), so I guess I need to get a wildcard SSL Certificate to eliminate that. Then I can deal with the goal from the original post down the road.