1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 11:11 am May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

301 redirects for https and changing from non www to www

         

Boulos

3:12 am on Mar 22, 2018 (gmt 0)

5+ Year Member



Good day,

I want to confirm if I am doing this correctly and I have it setup correctly or if there is a better way. I'm changing my site over to https: and forcing it to https:www and this is what I have done to make this happen (NOT modify the .htaccess file)

1. SSL cert is being obtained from cloudflare as domain is part of cloudflare
2. SSL cert is installed on my wordpress site and the following two plugins are installed to make ssl work correctly:
Plugin 1: [wordpress.org...] --> This allows me to enable SSL
Plugin 2: [wordpress.org...] --> Fix For CloudFlare Flexible SSL Redirect Loop For WordPress
3. I added a page rule within cloudflare which forces my site http://domain.ca to always use https
4. Modified Site Address (URL) within wordpress to https://www.domain.ca
5. Added all different combination (http://www, https://www, http://, https://) to my google search console and set the preferred domain to be https://www.domain.ca

With all the configuration listed above everything seems to be working from the looks of it. If I try to access the site by http it redirects me to https://www, if I try to access it with https://domain.ca it redirects me to https://www.domain.ca

Also as a FYI I added the sitemap to https://www.domain.ca.

Is this method ok? It seems to be working fine. I read many people modifying there .htaccess to accomplish this but when I try to implement the following (see code below) into my .htaccess file it doesnt work nothing happens site loads with a https: but it claims its partly encrypted?. Keep in mind when I do try the .htaccess method I disable the wordpress htts plugin and revert the Site Address (URL) back to http but leave the CloudFlare Flexible SSL redirect loop plugin.

.Htaccess 
 
RewriteEngine On

### WWW & HTTPS

# ensure www.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

### WWW & HTTPS


Thank you very much

[edited by: phranque at 3:52 am (utc) on Mar 22, 2018]
[edit reason] unlinked urls [/edit]

phranque

4:06 am on Mar 22, 2018 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



when I try to implement the following (see code below) into my .htaccess file it doesnt work nothing happens

what does "doesn't work" mean in technical terms?
i.e. what was requested and what response did you get?

Keep in mind when I do try the .htaccess method I disable the wordpress htts plugin and revert the Site Address (URL) back to http

why disable the plugin?
enabling secure protocol and redirecting to the secure protocol are both required.

.Htaccess

RewriteEngine On

### WWW & HTTPS
# redirect to https://www..example.com if necessary
RewriteCond %{HTTP:X-Forwarded-Proto} http [OR]
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ [NC,OR]
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]
### WWW & HTTPS

[edited by: phranque at 6:25 am (utc) on Mar 22, 2018]

not2easy

4:40 am on Mar 22, 2018 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



It looks like a typo there in the last Rule code if the object is to rewrite to https://www.example.com rather than https://example.com ?

The line: 
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]
should be: 
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]


Also, since this is for a Wordpress site, be sure that this https + www rewrite section is in your .htaccess file before the WP block of code. That WP generated section needs to be the last thing listed in your rewrites.

phranque

6:27 am on Mar 22, 2018 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



It looks like a typo there in the last Rule code

I've edited the typo...

Boulos

7:40 pm on Mar 22, 2018 (gmt 0)

5+ Year Member



Thank you both for your replies. @phranque not sure why or what I was thinking disabling the https plugin I thought it dealt with the redirection as well but no its clearly the secure protocol.

I tried implementing the code within my .htaccess and when I do so I get the following trying accessing the page.
This page isn’t working
www.domainexample.ca redirected you too many times.

Im I implementing this correctly:
My current .htaccess is as follows: 

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# Use PHPstable as default
AddHandler application/x-httpd-php-stable .php
<IfModule mod_suphp.c>
 suPHP_ConfigPath /opt/phpstable/lib
</IfModule>


And the new updated .htaccess is: Keep in mind I replaced example.com with the url I trying to implement it with. 
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
### WWW & HTTPS
# redirect to https://www.example.com if necessary
RewriteCond %{HTTP:X-Forwarded-Proto} http [OR]
RewriteCond %{HTTP_HOST} !^(www\.eample\.com)?$ [NC,OR]
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]
### WWW & HTTPS
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# Use PHPstable as default
AddHandler application/x-httpd-php-stable .php
<IfModule mod_suphp.c>
 suPHP_ConfigPath /opt/phpstable/lib
</IfModule>


I'm I doing this correctly?

Thank you

not2easy

8:08 pm on Mar 22, 2018 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



No.

You should not edit the WP block of rules. The lines to canonicalize requests are separate and should appear before the WP block of rules.

That is, the part you are adding to rewrite any requests without www and https belongs before the WP part that is generated by WordPress when it is installed. The part that starts with 
# BEGIN WordPress
<IfModule mod_rewrite.c>
and ends with 
# END WordPress
should be the last lines of any rewrites.

Just in case - also check to see that you have updated the domain address in your WP Settings file because that is where WP gets the information to write URLs. That is very important.

Boulos

9:26 pm on Mar 22, 2018 (gmt 0)

5+ Year Member



Hey @not2easy, thanks for the reply. Ah ok I hear sorry I'm new to all of this. So in that being said can I have a double "RewriteEngine On" within my .htaccess file?

Are you referring to something like this: 
RewriteEngine On
### WWW & HTTPS
# redirect to https://www..example.com if necessary
RewriteCond %{HTTP:X-Forwarded-Proto} http [OR]
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ [NC,OR]
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]
### WWW & HTTPS

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# Use PHPstable as default
AddHandler application/x-httpd-php-stable .php
<IfModule mod_suphp.c>
 suPHP_ConfigPath /opt/phpstable/lib
</IfModule>


And my site address (URL) within wordpress settings is set to --> https://www.example.com (example replaced by the actually domain name)

Thank you

not2easy

10:14 pm on Mar 22, 2018 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



More than one instance of "RewriteEngine On" won't have any adverse effect.

Good to check that the settings match with what you're aiming for. In addition. it is always good to keep a backup copy of your old .htaccess file on hand when you upload the new one - just in case there are unforeseen consequences due to things not covered here.

Boulos

10:46 pm on Mar 22, 2018 (gmt 0)

5+ Year Member



Hi @not2easy, thanks for your prompt reply and the confirmation about the "RewriteEngine On" Yes I always have a backup on hand of the file your just never know :). Sorry I meant to saw in the my previous post that with the above .htaccess config I am still getting the following error when I hit the page: "This Page isn't working, redirected you too many times, try cleaning your cookies". I tried clearing my cookies and same issue. Does it take time to replicate for the changes to take effect?

Thanks

phranque

1:42 am on Mar 23, 2018 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Does it take time to replicate for the changes to take effect?

.htaccess changes should be immediate as each .htaccess is reinterpreted for each request.

i would use a http header checker to see what the response status chain is.
post the status codes and the (exemplified) Location: headers from each of the responses until it maxes out.

you may also get some clues from the server access and error log files.

you might have the option to turn rewrite logging on temporarily using the LogLevel directive but you would need access to the relevant VirtualHost container in your server config file:
https://httpd.apache.org/docs/current/mod/mod_rewrite.html#logging

lucy24

1:43 am on Mar 23, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Does it take time to replicate for the changes to take effect?
It should fix itself if you clear the browser cache and force a refresh. If not, take a closer look at the rules. I have no idea why the browser is blathering about cookies, since they presumably don't figure in your RewriteRule. Maybe it's the brower's equivalent of when technical support tells you to turn the machine off and then on again, regardless of whether it could possibly be relevant to the problem.

In some cases, you can figure out what's going on by looking at your raw access logs, which will show the series of redirected requests. But if you're simply changing protocol and/or hostname, logs won't be much help, since that part of the request isn't visible in logs :( It still can't hurt to have a look, though.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 11:11 am May 1, 2026