Welcome to WebmasterWorld Guest from 54.80.185.137

Forum Moderators: Ocean10000 & incrediBILL & phranque

.htaccess migration to https

     
11:20 am on Mar 31, 2018 (gmt 0)

New User

joined:Jan 11, 2015
posts:30
votes: 0


hi I have a problem, the ssl certificate supports android versions from 4.4.3 up.

Android versions < 4.4.3 still bring me visitors how can I do for these versions to serve http instead of https?

this is the code I use to make a 301 redirect in https on everything.

RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


thanks

[edited by: phranque at 12:27 pm (utc) on Mar 31, 2018]
[edit reason] unlinked url [/edit]

11:41 am on Mar 31, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:11113
votes: 662


It is not advised to serve both secure (HTTPS] and non-secure (HTTP) versions of the same content.

There are several reasons for this. One reason would be duplicate content. Googlebot & other search engines see these as seperate pages, but they will both have the same content.

Also - depending on your server config, once you migrate to HTTPS the server uses SNI. It is the SNI that older browsers cannot support.

Older browsers need to be pushed off the web. They are vulnerable to hacks & viruses.
The web is moving forward with security efforts to make it safer for all of us. Let the past die off.
11:45 am on Mar 31, 2018 (gmt 0)

New User

joined:Jan 11, 2015
posts:30
votes: 0


all certificates do not support android versions <4.4.3?
12:54 pm on Mar 31, 2018 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11235
votes: 126


i thought android started SNI support with honeycomb (v3.0 which is now 7 years old):
https://en.wikipedia.org/wiki/Android_version_history#Android_3.0_Honeycomb_(API_11)

Android versions < 4.4.3 still bring me visitors how can I do for these versions to serve http instead of https?

perhaps you could configure a subdomain with another virtual host listening on a different port that is configured to use a supported certificate.
you could redirect old androids to the subdomain and should redirect new androids and other user agents requesting the old subdomain to the main secure hostname.
that would solve the duplicate content problem and provide optimal secure protocols for all visitors.