"Too many redirects" when try to redirect site using htaccess

Question

I need to redirect my site from example.net to www.example.net with a 301 redirect.

I'm using All In One WP Security & Firewall for my website and it's automatically adding additional code inside my .htaccess file. The redirect is not working and I think this is caused by that extra code. The error I see in my browser is:

Too many redirects occurred trying to open www.example.net.

Will All In One WP Security & Firewall generates such error?

My 301 code:

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^example.net [NC]
RewriteRule ^(.*)$ www.example.net/$1 [L,R=301,NC]

All in One code:

# BEGIN All In One WP Security
#AIOWPS_BLOCK_WP_FILE_ACCESS_START
<Files license.txt>
order allow,deny
deny from all
</files>
<Files wp-config-sample.php>
order allow,deny
deny from all
</Files>
<Files readme.html>
order allow,deny
deny from all
</Files>
#AIOWPS_BLOCK_WP_FILE_ACCESS_END
#AIOWPS_BASIC_HTACCESS_RULES_START
<Files .htaccess>
order allow,deny
deny from all
</Files>
ServerSignature Off
LimitRequestBody 10240000
<Files wp-config.php>
order allow,deny
deny from all
</Files>
#AIOWPS_BASIC_HTACCESS_RULES_END
#AIOWPS_PINGBACK_HTACCESS_RULES_START
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
#AIOWPS_PINGBACK_HTACCESS_RULES_END
#AIOWPS_DISABLE_INDEX_VIEWS_START
Options -Indexes
#AIOWPS_DISABLE_INDEX_VIEWS_END
#AIOWPS_IP_BLACKLIST_START
Order allow,deny
Allow from all
#AIOWPS_IP_BLACKLIST_END
#AIOWPS_DISABLE_TRACE_TRACK_START
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
#AIOWPS_DISABLE_TRACE_TRACK_END
#AIOWPS_FORBID_PROXY_COMMENTS_START
RewriteCond %{REQUEST_METHOD} =POST
RewriteCond %{HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIENT_IP} !^$
RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteRule .* - [F,NS,L]
#AIOWPS_FORBID_PROXY_COMMENTS_END
#AIOWPS_DENY_BAD_QUERY_STRINGS_START
RewriteCond %{QUERY_STRING} tag=     [NC,OR]
RewriteCond %{QUERY_STRING} ftp:     [NC,OR]
RewriteCond %{QUERY_STRING} http:    [NC,OR]
RewriteCond %{QUERY_STRING} https:   [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} (\;|'|\"|%22).*(request|insert|union|declare|drop) [NC]
RewriteRule ^(.*)$ - [F,L]
#AIOWPS_DENY_BAD_QUERY_STRINGS_END
#AIOWPS_ADVANCED_CHAR_STRING_FILTER_START
<IfModule mod_alias.c>
RedirectMatch 403 \,
RedirectMatch 403 \:
RedirectMatch 403 \;
RedirectMatch 403 \=
RedirectMatch 403 \@
RedirectMatch 403 \[
RedirectMatch 403 \]
RedirectMatch 403 \^
RedirectMatch 403 \`
RedirectMatch 403 \{
RedirectMatch 403 \}
RedirectMatch 403 \~
RedirectMatch 403 \"
RedirectMatch 403 \$
RedirectMatch 403 \<
RedirectMatch 403 \>
RedirectMatch 403 \|
RedirectMatch 403 \.\.
RedirectMatch 403 \%0
RedirectMatch 403 \%A
RedirectMatch 403 \%B
RedirectMatch 403 \%C
RedirectMatch 403 \%D
RedirectMatch 403 \%E
RedirectMatch 403 \%F
RedirectMatch 403 \%22
RedirectMatch 403 \%27
RedirectMatch 403 \%28
RedirectMatch 403 \%29
RedirectMatch 403 \%3C
RedirectMatch 403 \%3E
RedirectMatch 403 \%3F
RedirectMatch 403 \%5B
RedirectMatch 403 \%5C
RedirectMatch 403 \%5D
RedirectMatch 403 \%7B
RedirectMatch 403 \%7C
RedirectMatch 403 \%7D
# COMMON PATTERNS
Redirectmatch 403 \_vpi
RedirectMatch 403 \.inc
Redirectmatch 403 xAou6
Redirectmatch 403 db\_name
Redirectmatch 403 select\(
Redirectmatch 403 convert\(
Redirectmatch 403 \/query\/
RedirectMatch 403 ImpEvData
Redirectmatch 403 \.XMLHTTP
Redirectmatch 403 proxydeny
RedirectMatch 403 function\.
Redirectmatch 403 remoteFile
Redirectmatch 403 servername
Redirectmatch 403 \&rptmode\=
Redirectmatch 403 sys\_cpanel
RedirectMatch 403 db\_connect
RedirectMatch 403 doeditconfig
RedirectMatch 403 check\_proxy
Redirectmatch 403 system\_user
Redirectmatch 403 \/\(null\)\/
Redirectmatch 403 clientrequest
Redirectmatch 403 option\_value
RedirectMatch 403 ref\.outcontrol
# SPECIFIC EXPLOITS
RedirectMatch 403 errors\.
RedirectMatch 403 config\.
RedirectMatch 403 include\.
RedirectMatch 403 display\.
RedirectMatch 403 register\.
Redirectmatch 403 password\.
RedirectMatch 403 maincore\.
RedirectMatch 403 authorize\.
Redirectmatch 403 macromates\.
RedirectMatch 403 head\_auth\.
RedirectMatch 403 submit\_links\.
RedirectMatch 403 change\_action\.
Redirectmatch 403 com\_facileforms\/
RedirectMatch 403 admin\_db\_utilities\.
RedirectMatch 403 admin\.webring\.docs\.
Redirectmatch 403 Table\/Latest\/index\.
</IfModule>
#AIOWPS_ADVANCED_CHAR_STRING_FILTER_END
#AIOWPS_BLOCK_SPAMBOTS_START
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^(.*)?wp-comments-post\.php(.*)$
RewriteCond %{HTTP_REFERER} !^http(s)?://example\.net\.au [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule .* http://127.0.0.1 [L]
</IfModule>
#AIOWPS_BLOCK_SPAMBOTS_END
#AIOWPS_PREVENT_IMAGE_HOTLINKS_START
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://example\.net\.au [NC]
RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L]
</IfModule>
#AIOWPS_PREVENT_IMAGE_HOTLINKS_END
# END All In One WP Security

Can you post a sample of the code inside your `.htaccess` file? — Quill, May 13 '15 at 03:45
I've removed the "thanks" at the end of the question, because it does not add anything to the question. When writing a title, remind yourself that no-one comes to StackOverflow to ask a question about code that works perfectly. When people have a similar problem they use the title to find a question that looks like their problem. Using part of the error you get in the title rather than "not working" is much more useful to them and people that can answer your question. — Sumurai8, May 15 '15 at 13:52
Make use of the [`RELOCATE`](https://codex.wordpress.org/Changing_The_Site_URL#Relocate_method) method to reflect this change, otherwise `.htaccess` and WordPress will redirect to each other creating the redirect loop you're experiencing — Maksida, May 27 '15 at 01:18

score 2 · Answer 1 · edited May 23 '17 at 10:29

The problem is with

RewriteRule ^(.*)$ www.example.net/$1 [L,R=301,NC]

www.example.net is taken as a relative path and not as a different domain.

This is the reason, why it rewrites the URL http://example.net/some/path to http://example.net/www.example.net/some/path, which again is rewritten to http://example.net/www.example.net/www.example.net/some/path and so on.

If you want to rewrite from domain example.net to domain www.example.net you must add the protocol (http) as well, e.g.

RewriteRule ^(.*)$ http://www.example.net/$1 [L,R=301,NC]

Another way to redirect a domain wholesale, is using the Redirect directive

Redirect / http://www.example.net

RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ %{HTTP_HOST}/$1 [L,R=301,NC]

Using %{HTTP_HOST} has the same effect, because it doesn't include the scheme, i.e. http or https. Furthermore, you rewrite from %{HTTP_HOST} to %{HTTP_HOST}, which doesn't change a bit.

To fix this, you must prefix the substitution with www. and also a scheme, either http or https. The flag NC isn't needed here, because you look for any character .* anyway. So the rule should look like

RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [L,R]

Finally, never test with R=301! See this answer Tips for debugging .htaccess rewrite rules for details.

I tried. But again same issue. Here is my code. RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC] RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [L,R=301,NC] — Sree, Jun 23 '15 at 07:09

score 1 · Answer 2 · answered Nov 19 '20 at 20:01

Redirects in the .htaccess File

The .htaccess file is a configuration file used to modify Apache server behavior per directory on a website/server. This is a user-level configuration file, and only some Apache configurations can be edited here, though redirects are common use.

You can have multiple .htaccess files that cascade over a series of directories. If you have a .htaccess in a parent directory, and another in a sub-directory they will both affect the sub-directory. In these instances, it is important to remember where you do and do not have .htaccess files, to prevent conflicts between .htaccess files at different levels.

Below are a series of redirect examples and will aid in identifying redirects in your .htaccess file. These are not the only ways to do these kinds of redirects, but these should show you what the most common redirects look like so that you can recognize them if they are in a .htaccess file you are working with.

Force HTTPS The .htaccess code below first checks if the request came into the server using HTTP or HTTPS. If the request did not use HTTPS, then the configuration will tell the browser to redirect over to the HTTPS version of the same website and URL that was requested before.

RewriteEngine On
 RewriteCond %{HTTPS} off
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Force HTTPS: When Behind a Load Balancer or Proxy (CloudFlare/Incapsula/Sucuri/etc.) Sometimes you may be using a proxy, like a load balancer or a web firewall, like CloudFlare, Incapsula, or Sucuri. These can be configured to use SSL on the front end, but not use SSL on the back end. To allow this to work correctly, you need to check not just for HTTPS in the request, but also if the proxy passed the original HTTPS request to the server using just HTTP. This following rule checks if the request was forwarded from HTTPS, and if so does not try to redirect an additional time.

RewriteEngine On
 RewriteCond %{HTTPS} off
 RewriteCond %{HTTP:X-Forwarded-Proto} =http
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Force non-www This redirect only checks if the website name was requested with www at the start of the domain name. If the www is included, it rewrites the request and tells the browser to redirect over to the non-www version of the domain name.

RewriteEngine On
 RewriteCond %{HTTP_HOST} ^www\. [NC]
 RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Force www This last redirect checks if the website name was not requested with www at the start of the domain name. If the www is not included, it rewrites the request and tells the browser to redirect over to the www version of the domain.

RewriteEngine On
 RewriteCond %{HTTP_HOST} !^www\. [NC]
 RewriteRule (.*) http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

WordPress The WordPress CMS uses a .htaccess file for rewriting URLs to the index.php file, but it defines the URL of the website as a value in the database. If you do not already know the name of the database that is being used on the site, you can look it up in the main configuration for WordPress (wp-config.php).

You can also open the file in a text editor and look for these values, but from an SSH connection, you can use the program grep. This gives you more than just the database name, but the database name is the most important for what we need to do next.

grep DB wp-config.php

define('DB_NAME', 'wordpress_database');
 define('DB_USER', 'wordpress_username');
 define('DB_PASSWORD', 'Password');
 define('DB_HOST', 'localhost');
 define('DB_CHARSET', 'utf8');
 define('DB_COLLATE', '');

The wp_options Table Once you know the name of the database, you can then look at the options table of the WordPress database to see what the URL is set to in the database. The options table can have any prefix at the beginning of the table name, but it is often “wp_” by default, so the full name of the options table is usually wp_options. The two lines that are important are the home and siteurl lines in the options table. You can find these using phpMyAdmin, or another database management utility, but from the command line, you can also just run the following mysql command.

mysql -e 'show tables' wordpress_database | grep options

prefix_options

Checking the Configured URL From the command line, you can check what the current values of the home and siteurl lines in the options table. The command should send you and output like the example below. The important part is that these match each other under most circumstances and that they are what you expect. If they are not what you expect then you will want to update them accordingly.

mysql -e 'select * from wp_options where option_name rlike "home|siteurl"' wordpress_database
 +-----------+-------------+----------------------------------+----------+
 | option_id | option_name | option_value                     | autoload |
 +-----------+-------------+----------------------------------+----------+
 |        36 | home        | http://www.example.com           | yes |
 |         1 | siteurl     | http://www.example.com           | yes |
 +-----------+-------------+----------------------------------+----------+

Updating the Configured URL The following command will update the two rows of the wp_options table for a given database to a new URL. This command should suit most situations where you need to update or correct the URL configured for a WordPress site. Updating the base_urls configured in a WordPress Multisite is beyond the scope of this article, but would involve updating multiple wp_option type tables.

mysql -e 'update wp_options set option_value="https://www.example.com" where option_name rlike "home|siteurl"' wordpress_database

score 0 · Answer 3 · answered Feb 19 '17 at 08:33

I had the same problem. The problem was not the rule. The rule was correct but the order of the rules in the .htaccess was not. This is what I had before. Note I am rewriting to non-www.

#https
  RewriteCond %{HTTPS} off
  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  #remove home
  RewriteCond %{THE_REQUEST} ^.*/home
  RewriteRule ^(.*)home$ https://example.com/$1 [R=301,L] 


 # !IMPORTANT! Set your RewriteBase here and don't forget trailing and leading
 #  slashes.
 # If your page resides at
 #  http://www.example.com/mypage/test1
 # then use
 # RewriteBase /mypage/test1/
 #RewriteBase /
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule ^(.*)$ index.php?/$1 [L]

   #301 redirect
 RewriteCond %{HTTP_HOST} ^www.example.com$ [NC]
 RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]

I changed to

 #301 redirect
 RewriteCond %{HTTP_HOST} ^www.example.com$ [NC]
 RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]

 #https
  RewriteCond %{HTTPS} off
  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  #remove home
  RewriteCond %{THE_REQUEST} ^.*/home
  RewriteRule ^(.*)home$ https://example.com/$1 [R=301,L] 


 # !IMPORTANT! Set your RewriteBase here and don't forget trailing and leading
 #  slashes.
 # If your page resides at
 #  http://www.example.com/mypage/test1
 # then use
 # RewriteBase /mypage/test1/
 #RewriteBase /
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule ^(.*)$ index.php?/$1 [L]

"Too many redirects" when try to redirect site using htaccess

3 Answers3