Redirecting from www to non-www and setting up SSL on several folders

Forum Moderators: phranque

Message Too Old, No Replies

Redirecting from www to non-www and setting up SSL on several folders

Apache snippet of redirecting users from www to non-www Web site version

origamint

8:02 pm on Aug 7, 2012 (gmt 0)

Hello, everyone.

I am starting an online store and I would like your help with these two .htaccess related issues, please:

1. redirecting visitors from [ http://www.example.com ] to [ http://example.com ]: what is the .htaccess rule?

2. applying a SSL certificate only on specific folders of the site, for example only on [ [example.com...] ], [ [example.com...] ] etc.

I know that there are snippets out there that would do the trick; however, would it be possible to have a single .htaccess rule that elegantly solves these two issues in one instance?

Thank you x

Regards,
Ovidiu

g1smd

8:24 pm on Aug 7, 2012 (gmt 0)

No. You can't do this in one rule nor should you.

A normal site configuration often consists of several dozen rules that perform a number of functions.

For the SSL stuff you need two sets of rules, in mirror image: redirect SSL folders to https and redirect non-SSL folders to http.

Let's see your example code for review.

origamint

9:19 pm on Aug 7, 2012 (gmt 0)

Well, g1smd, thanks for the quick reply. Here's what I have so far:

RewriteEngine On

# redirect from www to non-www, blank space intentionally left between http and : so that it won't be interpreted as link by the forum's software
RewriteCond %{HTTP_HOST} ^www\.(([a-z0-9_]+\.)?domain\.com)$ [NC]
RewriteRule .? http ://%1%{REQUEST_URI} [R=301,L]

# redirect from http:* to https:*
RewriteCond %{HTTPS} off
RewriteRule (.*) [%{HTTP_HOST}%{REQUEST_URI}...]

All I need is to have https:// on these folders: /cart, /my-account and /checkout.

origamint

9:42 pm on Aug 7, 2012 (gmt 0)

Here's a blunt way of forcing https on a specific folder:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} cart
RewriteRule ^(.*)$ [domain.com...] [R,L]

Is there any way of getting rid of the port: 80 specification and applying this rule to all the three folders (cart, my-account, checkout) in one single rule (instead of cloning it three times)?

g1smd

9:48 pm on Aug 7, 2012 (gmt 0)

Use this for the rule pattern: ^((folder1|folder2|folder3).*)$ and the REQUEST_URI test is redundant. Your mirror image rule will need to test for "not" those three folders.

You MUST test the server port. In your mirror image rules you'll need to test for "is port 443" in one and "is not port 443" in the other.

incrediBILL

6:56 am on Aug 9, 2012 (gmt 0)

More important than forcing HTTPS on certain folders is conversely forcing HTTP only on the rest of the site because if Google starts crawling your site as HTTPS it's a real PITA to get all that HTTPS junk out of the index.

FYI, I don't care how carefully you design your site structure to avoid improper HTTPS links, once an external link points to any of your HTTPS pages some crawler will eventually find and follow it.

The best way to avoid such issues from accidentally happening is to block '/cart' and all the other HTTPS only folders in your robots.txt to start. Then reinforce it with a redirect from HTTPS to HTTP when the secure server shouldn't be engaged on all other pages.