Welcome to WebmasterWorld Guest from 54.164.198.240

Forum Moderators: Ocean10000 & phranque

About redirecting from https to https://www

     
8:19 pm on May 18, 2018 (gmt 0)

New User

joined:May 18, 2018
posts: 6
votes: 0


Hi,

I have purchased ssl just for the www version: https://www.example.com - it works.
I want to redirect users of https://example.com to https://www.example.com

What code I place in .htaccess file or how do I do this?

Thanks

[edited by: phranque at 10:53 pm (utc) on May 18, 2018]
[edit reason] exemplified domain [/edit]

11:10 pm on May 18, 2018 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11465
votes: 174


welcome to WebmasterWorld [webmasterworld.com], karlsult7!

what have you tried so far?
6:29 am on May 19, 2018 (gmt 0)

New User

joined:May 18, 2018
posts: 6
votes: 0


I tried lots of different .htaccess code:

RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L]

RewriteCond %{HTTP_HOST} ^mydomain.com$
RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L]


and this:

RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L,NE]


and this

RewriteCond %{HTTP_HOST} ^mydomain.com$
RewriteRule (.*) https://www.mydomain.com$1 [R=301,L]


and a few more.

Of course in these code I replaced mydomain.com with my actual domain name.

I contacted my hosting account where I bout the ssl via live chat about 10 times, they don't know. Now I emailed them perhaps
on live chat they don't do technical support.

Thanks
6:44 am on May 19, 2018 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11465
votes: 174


RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L]

RewriteCond %{HTTP_HOST} ^mydomain.com$
RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L]

this is closest to what you want.

i would modify this by combining the two into one ruleset and stating the hostname test as "not exactly canonical":
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]


in most cases this should be the last external redirect and should be placed before any internal rewrites.
the ()? or the [NC] may or may not be necessary on your server but it can't hurt.
7:18 am on May 19, 2018 (gmt 0)

New User

joined:May 18, 2018
posts: 6
votes: 0


I added it on top, this is my .htaccess file, for me if I go to my website https://example.com it still does not redirect to the www version, it just certificate error.

# BEGIN WpFastestCache
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
# Start WPFC Exclude
# End WPFC Exclude
# Start_WPFC_Exclude_Admin_Cookie
RewriteCond %{HTTP:Cookie} !wordpress_logged_in_[^\=]+\=jcksrl
# End_WPFC_Exclude_Admin_Cookie
RewriteCond %{HTTP_HOST} ^www.example.com
RewriteCond %{HTTP_USER_AGENT} !(facebookexternalhit|WhatsApp|Mediatoolkitbot)
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !(\/){2}$
RewriteCond %{REQUEST_URI} \/$
RewriteCond %{QUERY_STRING} !.+
RewriteCond %{HTTP:Cookie} !wordpress_logged_in
RewriteCond %{HTTP:Cookie} !comment_author_
RewriteCond %{HTTP:Cookie} !wp_woocommerce_session
RewriteCond %{HTTP:Cookie} !safirmobilswitcher=mobil
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/all/$1/index.html -f [or]
RewriteCond /home3/santu2qw/public_html/example.com/wp-content/cache/all/$1/index.html -f
RewriteRule ^(.*) "/wp-content/cache/all/$1/index.html" [L]
</IfModule>
<FilesMatch "index\.(html|htm)$">
AddDefaultCharset UTF-8
<ifModule mod_headers.c>
FileETag None
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Mon, 29 Oct 1923 20:30:00 GMT"
</ifModule>
</FilesMatch>
# END WpFastestCache
# BEGIN GzipWpFastestCache
<IfModule mod_deflate.c>
AddType x-font/woff .woff
AddType x-font/ttf .ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE font/opentype font/ttf font/eot font/otf
</IfModule>
# END GzipWpFastestCache
# BEGIN LBCWpFastestCache
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|webp|js|css|swf|x-html|css|xml|js|woff|woff2|ttf|svg|eot)(\.gz)?$">
<IfModule mod_expires.c>
AddType application/font-woff2 .woff2
ExpiresActive On
ExpiresDefault A0
ExpiresByType image/webp A2592000
ExpiresByType image/gif A2592000
ExpiresByType image/png A2592000
ExpiresByType image/jpg A2592000
ExpiresByType image/jpeg A2592000
ExpiresByType image/ico A2592000
ExpiresByType image/svg+xml A2592000
ExpiresByType text/css A2592000
ExpiresByType text/javascript A2592000
ExpiresByType application/javascript A2592000
ExpiresByType application/x-javascript A2592000
ExpiresByType application/font-woff2 A2592000
</IfModule>
<IfModule mod_headers.c>
Header set Expires "max-age=2592000, public"
Header unset ETag
Header set Connection keep-alive
FileETag None
</IfModule>
</FilesMatch>
# END LBCWpFastestCache

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# Use PHP71 as default
AddHandler application/x-httpd-php71 .php
<IfModule mod_suphp.c>
suPHP_ConfigPath /opt/php71/lib
</IfModule>


Thanks

[edited by: phranque at 1:00 pm (utc) on May 19, 2018]
[edit reason] Please Use example.com [webmasterworld.com] [/edit]

1:06 pm on May 19, 2018 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11465
votes: 174


if I go to my website https://example.com it still does not redirect to the www version, it just certificate error

that's not a mod_rewrite problem.
when you request a url starting with https: the browser does the secure (TLS) handshake before the request is sent to the server.
you have to get your secure certificate problem figured out with your host first.
1:16 pm on May 19, 2018 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:May 1, 2018
posts:81
votes: 10


Make sure to redirect http://example.com to https://example.com before https://www.example.com



[edited by: not2easy at 4:04 pm (utc) on May 19, 2018]
[edit reason] Please. Use example.com Please. [/edit]

3:45 pm on May 19, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15304
votes: 703


Make sure to redirect
Using mod_rewrite, it can and should be done in a single step, hence the two [OR]-delimited conditions.

Also, be sure to read the boilerplate about using “example.com”. There’s a reason for it. In some cases, like the present one, two reasons.
4:10 pm on May 19, 2018 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4084
votes: 257


There are other Rewrite Rules after the canonical, inserted by WP plugins. The canonical should be the last rule before that ending WP snippet. I would consult the host as phranque suggested and make certain that the WP Settings file is also updated.
7:59 pm on May 19, 2018 (gmt 0)

New User

joined:May 18, 2018
posts: 6
votes: 0


that's not a mod_rewrite problem.
when you request a url starting with https: the browser does the secure (TLS) handshake before the request is sent to the server.
you have to get your secure certificate problem figured out with your host first.

This means I need 2 ssl certificates, one for the www version, which I already have and another one for the non www version. Correct?

Thanks
8:40 pm on May 19, 2018 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4084
votes: 257


You should not be able to access the non www version if you have properly applied a 301 rewrite to the http non-www version. If you can visit http://example.com that means that your rewrite rule is not being applied. This can happen if it is the first of several rewrite rules. It can also happen if the Settings file has not been updated to show the correct URL for your preferred domain with the new protocol.
10:21 pm on May 19, 2018 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11465
votes: 174


Make sure to redirect http://example.com to https://example.com before https://www.example.com

Using mod_rewrite, it can and should be done in a single step

^^^this...^^^

There are other Rewrite Rules after the canonical, inserted by WP plugins. The canonical should be the last rule before that ending WP snippet.

the hostname canonicalization redirect should occur before both the /wp-content/cache/ internal rewrite and the standard WP rewrite snippet.

You should not be able to access the non www version if you have properly applied a 301 rewrite to the http non-www version.

you need to access the non-www server in order to respond with the redirect to www.
10:33 pm on May 19, 2018 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4084
votes: 257


You should not be able to access the non www version if you have properly applied a 301 rewrite to the http non-www version.

I should clarify - what I meant by accessing the http non-www version was actually viewing or landing on that URL as a destination.
10:57 pm on May 19, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15304
votes: 703


you need to access the non-www server in order to respond with the redirect to www
I think the idea was that if someone requests http://example.com, you redirect them to https://www.example.com. If they're requesting https://example.com out of the blue, when your site has always used www (and, until recently, was http) ... well, then they're intentionally requesting a nonexistent form of the sitename and they deserve everything they get. Or don't get, as the case may be. So far, people--or robots--don't just walk in and request https without first trying http.* In a few years' time, they probably will.

Do example.com and www.example.com really require paying for two separate certificates? I thought it was another of those situations where with-and-without www are treated as the same thing unless you've given specific instructions to the contrary. The free ones from Let's Encrypt definitely cover both forms; I don't have two separate certificates for each HTTPS site.


* My test site affords a crude but useful metric: the http logs are typically at least twice the size of https logs, because that's where the blocked robots are coming in.
4:03 pm on May 20, 2018 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:May 1, 2018
posts:81
votes: 10


It may seem that way. Why do an extra redirext? It's the proper way. Each subdomain is a different "domain" and by 301 redirecting the non www version to [www....] It is saying 301 to my other domain, instead of this host is HTTPS. To avoid the additional redirext, look into using HSTS
4:50 pm on May 20, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15304
votes: 703


www is not a “different domain”. Yes, it is technically possible to set things up so example.com and www.example.com are entirely different sites, living on different servers, administered by different people, serving different content ... but that is not the way the internet works.

I looked up among places actually selling security certificates, which seemed more useful than reading informational articles. (This is not something one hears every day.) The very first place I checked says unambiguously for their baseline certificate “Secures both www.example.com and example.com”. Conversely, there’s a discussion from about two years ago at serverfault dot com [serverfault.com] about whether anything-in-the-world.example.com includes, or should include, example.com (where anything-in-the-world is nothing). It would admittedly be a little ridiculous if you sprang for a wild-card certificate and then still had to buy an additional one for the bare root--but that seems to be some people's reported experience.
4:04 pm on May 22, 2018 (gmt 0)

New User

joined:May 18, 2018
posts: 6
votes: 0

[quote]you have to get your secure certificate problem figured out with your host first.[/quote]

Ok I got that solved, I have a multi ssl certificate so I just added the hostname without www like this https:/[smilestopper]/example.com.

Now to redirect all visitors to the https version of the website from any:

http://
http://www

is this .htaccess code correct:

RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^www.example.com

Thanks
8:11 pm on May 22, 2018 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11465
votes: 174


is this .htaccess code correct:

the correct directives are in my second post in this thread...
8:43 pm on May 25, 2018 (gmt 0)

New User

joined:May 18, 2018
posts: 6
votes: 0


RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]


Thanks a lot.