HTTP and HTTPS Migration - Both Websites Live Simultaneously - Google Search and SEO forum at WebmasterWorld

Forum Moderators: Robert Charlton & goodroi

Message Too Old, No Replies

HTTP and HTTPS Migration - Both Websites Live Simultaneously

amisseo

4:03 pm on Dec 15, 2016 (gmt 0)

We have a situation where a vendor, who manages a great deal of our websites, is migrating their platform to HTTPS. The problem is that the HTTP & new HTTPS versions will be live simultaneously (in order to give clients time to audit both sites before the hard switch). I know this isn't the way that it should be done, but this is the problem we are facing.

My concern was that we would have two websites in the index, so I suggested that they noindex the new HTTPS website until we are ready for the switch. They told me that they would just add cannonicals to the HTTPS that points to the HTTP and when it's time for the switch reverse the cannonicals.

Is this a viable approach?

phranque

8:57 pm on Dec 15, 2016 (gmt 0)

You should require Basic Authentification for the https: site until you are ready for the switch.

robzilla

9:54 pm on Dec 15, 2016 (gmt 0)

If you have some control over either the web server or the backend scripting, you could set up a redirect from HTTPS to HTTP. If not, I think the rel=canonical approach would be fine; it's one of the examples on Google's help page about canonical URLs [support.google.com].

keyplyr

10:24 pm on Dec 15, 2016 (gmt 0)

Hi amisseo, welcome to WebmasterWorld [webmasterworld.com]

On your site, I suggest installing an SSL Certificate, adding a 301 redirect from HTTP to HTTPS in your htaccess, adjusting any needed link paths to also be HTTPS, then check for any warnings & fix them... all *prior* to your vendor's migration to HTTPS.

This should make the transition smooth when your vendor pulls the switch.

robzilla

8:04 am on Dec 16, 2016 (gmt 0)

(Only now do I realize a HTTPS > HTTP redirect will not actually let you test HTTPS, so scratch that.)

phranque

10:37 am on Dec 16, 2016 (gmt 0)

welcome to WebmasterWorld, amisseo!

this is the short version of the Access Authentication Framework from RFC 2617 HTTP Authentication: Basic and Digest Access Authentication:
https://tools.ietf.org/html/rfc2617#section-1.2

HTTP provides a simple challenge-response authentication mechanism that MAY be used by a server to challenge a client request and by a client to provide authentication information.

The 401 (Unauthorized) response message is used by an origin server to challenge the authorization of a user agent. This response MUST include a WWW-Authenticate header field containing at least one challenge applicable to the requested resource.

A user agent that wishes to authenticate itself with an origin server--usually, but not necessarily, after receiving a 401 (Unauthorized)--MAY do so by including an Authorization header field with the request.

the method for configuring authentication depends on your server.