How to force https

Forum Moderators: phranque

Message Too Old, No Replies

How to force https

jukka79

7:32 pm on Jan 18, 2015 (gmt 0)

Hi,

I have Drupal multisite setup on LAMP stack.

I need to force only 2 websites out of 10 to use HTTPS. Certs are installed and everything works, only problem is that users can access the http://www.example.com of the SSL secured site.

I have tried this in the htaccess:

#RewriteCond %{HTTP_HOST} http://example.com [NC,OR]
#RewriteCond %{HTTP_HOST} [example.com...] [NC,OR]
#RewriteCond %{HTTP_HOST} http://www.example.com [NC]
#RewriteRule ^(.*)$ [example.com...] [L,R=301,NC]

But it is not working. I can't use rewritecond which would redirect all traffic because there is other sites using the same htaccess which are not able to use https.

So how to force only certain domains to use https and www. so that the rules won't affect any other sites using the same htaccess file.

[edited by: phranque at 12:22 am (utc) on Jan 19, 2015]
[edit reason] Please Use example.com [webmasterworld.com] [/edit]

phranque

12:44 am on Jan 19, 2015 (gmt 0)

assuming both https: sites us the www.example.com canonical form of hostname and default port specifications, you could try something like this:

# if the request is on a non-secure port for a hostname on either of the 2 secure domains,
# externally redirect the request to the canonical (secure) protocol and (www.) hostname
RewriteCond %{SERVER_PORT} !=443
RewriteCond %{HTTP_HOST} \.(example1|example2)\.com$
RewriteRule ^(.*)$ https://www.%1.com/$1 [R=301,L]

lucy24

1:55 am on Jan 19, 2015 (gmt 0)

RewriteCond %{HTTP_HOST} http://example.com [NC,OR]

The "host" is only the hostname. If you include the protocol, the condition will always fail.

Incidentally, [NC] isn't necessary or appropriate here. It just makes more work for the server. Any wrongly cased requests will be picked up by your domain-name-canonicalization redirect further along-- at which point you'll concurrently be giving the right protocol.