Just a quick comparison to some of mine. The only big difference I could see was that mine had the protocol on the RewriteRule part. So instead of RewriteRule ^(.*)$ www.example.co.uk/$1 [R=301,L] I had RewriteRule ^(.*)$ https://www.example.co.uk/$1 [R=301,L]

Thanks Jack, does that work for you?

The only thing I see that you might want to edit is that first condition, because it rewrites the URL to the same URL. That might cause a loop.

It also can make a difference where these lines appear in your htaccess file and whether there are other rewrites or redirects before or after these lines.

Also, the HTTP_HOST server variable does not contain the scheme/protocol, so your first 4 conditions won't match anyway. To check for http or https you can check the HTTPS server variable (which is either "on" or "off") - assuming you have an SSL cert installed on your server?

However, instead of checking for all the variations it could be, you only need to check what it is not. ie. if it's not your canonical domain then redirect to your canonical domain.

For example, to redirect HTTP to HTTPS and canonicalise the host you can do something like:

RewriteEngine On
RewriteCond %{HTTPS} !on [OR] 
RewriteCond %{HTTP_HOST} !^www\.example\.co\.uk$ 
RewriteRule (.*) https://www.example.co.uk/$1 [R=302,L]

The ! prefix on the regex negates the regex. Don't forget to escape the literal dots in the regex.

So, the above says... for all requests that are not HTTPS OR not "www.example.co.uk" then redirect to "https://www.example.co.uk/..."

Note that this a 302 (temporary) redirect - change it to 301 (permanent) only when you are sure it's working OK. 301s are cached hard by the browser, so you don't want the browser to remember your mistakes!

...mine had the protocol on the RewriteRule part.

Note that if you don't include the protocol on the RewriteRule substitution then the redirect will be seen as relative (by default, this is relative to the directory containing the .htaccess file) and so your "external" redirect will break horribly.

Thank you all for the help, but I may have got a bit lost there, sorry :frowning: How do I ensure that the first 5 addresses below, redirect permanently to the last please?

RewriteEngine on
RewriteCond %{HTTP_HOST} ^http://www.example.co.uk$ [OR]
RewriteCond %{HTTP_HOST} ^http://example.co.uk$ [OR]
RewriteCond %{HTTP_HOST} ^https://www.example.co.uk$ [OR]
RewriteCond %{HTTP_HOST} ^https://example.co.uk$ [OR]
RewriteCond %{HTTP_HOST} ^example.co.uk$
RewriteRule ^(.*)$ www.example.co.uk/$1 [R=301,L]

RewriteRule ^(.*)$ www.example.co.uk/$1 [R=301,L]

What's the canonical protocol? HTTP or HTTPS? This is missing from your substitution (target URL).

You don't have 5 addresses from which to redirect. There are only 4 in total (HTTP or HTTPS and www or no-www) and one of those is the canonical, so it's a 3 to 1, not a 5 to 1 redirect (otherwise you'll get a redirect loop).

Is "example.co.uk" the only domain on this account?

http(s) is not part of the HTTP_HOST, so the rule won't execute at all.

Canonicalization redirects should be expressed as a negative: if the host is anything other than this-exact-form, and/or if the protocol is not-https, then redirect. The basic form is:

RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.co\.uk$
RewriteRule (.*) https://www.example.co.uk/$1 [R=301,L]

You don't need anchors in the pattern (.*) because this part is greedy by default: start capturing as soon as you can, go on as long as you can.

Personally I've started excluding robots.txt from this rule (i.e. there's another preceding RewriteCond), because some robots seem to get confused by the redirect. YMMV.

Thank you both for you input, this is totally all unknown to me, so thank you for your patience. I'm just trying to ensure that *whatever* someone puts in the address bar before the word example.com, it will always resolve to www.example.com

'example.co.uk' is the only domain on the account.

I'm just trying to ensure that *whatever* someone puts in the address bar before the word example.com, it will always resolve to www.example.com

below is lucy24's suggested code with a slight modification to avoid an infinite redirect chain for requests by HTTP/1.0 clients that don't provide a Host request header (and some comments inserted that explain how it does exactly as you want):

# if the requested protocol is not HTTPS or
RewriteCond %{HTTPS} !on [OR]
# if the provided Host header value (if any) is not exactly the canonical hostname (or null)
RewriteCond %{HTTP_HOST} !^(www\.example\.co\.uk)?$
# externally redirect any such noncanonical protocol or hostname requests using a 301 status code to the same requested path (and possibly query string) on the canonical protocol and hostname
RewriteRule (.*) https://www.example.co.uk/$1 [R=301,L]

it will always resolve to www.example.com

However, you've not actually clarified whether it should "resolve" to http://www.example.com or https://www.example.com? Do you have an SSL cert installed?

We can assume that you want to redirect to HTTPS, since that would be the "correct" thing to do (providing you have an SSL cert installed). But this is an "assumption" on our part, and it could be very wrong. Having answered dozens (and then some) of these type of questions, it is not uncommon for people to "try" to redirect from HTTPS when they don't actually have a valid SSL cert installed. And, from the information given, this could be what you are trying to do... you have explicitly included the "https://..." protocol in one of the URLs you want to redirect from, but you have omitted the protocol in the URL you want to redirect to (which is not going to work) - how should we interpret this information?

...whatever anyone puts before the actual domain name

Can anyone put whatever before the actual domain name? (ie. Does whatever resolve?) Or is it just "www" or nothing?

Can anyone put whatever before the actual domain name?

One advantage of expressing the rule as a !negative is that it doesn't matter. Your host/DNS might enable wild-card subdomains by default--not that you're likely to get a lot of really off-the-wall requests, even so. (Do malign robots run around asking for forums.example.com, blog.example.com and so on?)

to avoid an infinite redirect chain for requests by HTTP/1.0 clients that don't provide a Host request header

The (parentheses)? part does no harm; my own htaccess files use it. But if you're on shared hosting it is almost certainly not needed, since requests without a Host: header will never make it as far as your site. (Hurrah! One whole category of stupid robots you never have to set eyes on!)

Honestly I'd be inclined to block requests without a Host: header outright. Even on HTTP/1.0, which a handful of minor but law-abiding robots still use, it is possible to send the header.

Edit: If you're still on http, see if your site can be reached at all via https. (You'll need to override browser warnings about a missing or invalid certificate. Go ahead: it's your own site, so you know what you're doing.) In my case--which is probably typical of shared hosting--I was formerly unreachable by https, because the server simply wasn't listening on the applicable port. Now that some sites on the server have gone to https, it does listen, so I could theoretically reach my remaining http sites by https. It's your call whether you want to redirect these requests.

Further edit: I just tried going an http site of my own with the https protocol. After passing about three layers of browser warning and clicking a lot of “yes, yes, I really mean it” buttons, I landed on my host's “Site not found” page ... accompanied by the site’s own favicon. So, yeah, if this is typical shared-host behavior, I don’t think you need to worry a lot about redirecting from https to http. Try for yourself.