Welcome to WebmasterWorld Guest from 54.198.106.21

Forum Moderators: Ocean10000 & incrediBILL & phranque

Redirecting or rewriting https to http

.htaccess

     
12:57 pm on Jun 25, 2017 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 6, 2004
posts:159
votes: 0


My web host recently added, without asking, an SSL certificate free of charge to the accounts of all their customers. For my site the result is that requests for both http:// and https:// versions of the same URL now resolve. Except for unsecure parts of the page, such as images, due to "mixed content". cPanel states that those having requested HTTPS adresses have found them via Direct address / Bookmark / Link in email. Probably they have just tested. Those having utilised HTTPS have all also requested a file named .well-known/dnt-policy.txt and gotten a 404. That file appears to contain an EFF do not track compliance policy.

The security warnings in browsers and the lack of images will of course confuse my visitors. But this will also cause canonical issues when Google finds out or if people start linking to HTTPS URLs. So I would like to somehow block https:// requests in .htaccess. In the cPanel File Manager I am obviously able to change the permissions (now 0751 or 0600) for the files within the SSL directory, but maybe I should not mess with that.

(Kindly refrain from suggesting I go HTTPS. This is an old and well established but small non-profit information/hobby site whose visitors do not need HTTPS. I dislike Google and Chrome trying to force me, because in this case there really are no benefits for the user, but a lot of disadvantages for the old html site as well as extra work for me.)

Under the Downloads heading in cPanel's Awstat for the "non-secure site" hundreds of requests for files like /F052E0C3E90C46DE4****C2CA38728A3.txt have started to appear. At least some of these files are SSL certificate numbers "used" by my "secure site". Previously the Downloads section consisted only of PDFs. I find those listings annoying. Why do they appear for the "non-secure site"?
5:16 pm on June 25, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:13841
votes: 485


Redirecting from HTTPS to HTTP works exactly, precisely, no-difference-at all the same as redirecting from HTTP to HTTPS. Just add a second RewriteCond to your existing domain-name-canonicalization redirect.
4:06 am on June 26, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:8995
votes: 409


This is an old and well established but small non-profit information/hobby site whose visitors do not need HTTPS
All sites will be required to be secure soon. There is no such thing as a site whose visitors do not need HTTPS.

Browsers will eventually not render nonsecure content and Google has started moving toward giving secure pages ranking advantage, which will over time likely evolve toward a secure index where nonsecure content will not be included.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members