21

I'm trying to force a user to be redirected to the non-www website, and, force https.

I've got this which sort of work, but doesn't force https, when http is entered. 

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://site.com\.net/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^www\.
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

Any ideas on what I'm doing wrong?

bear
  • 11,364
  • 26
  • 77
  • 129

4 Answers4

51

Try this rule:

RewriteCond %{HTTP_HOST} ^(www\.)(.+) [OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)
RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]
Gumbo
  • 643,351
  • 109
  • 780
  • 844
  • I get the old "Connected is untrusted" message from the browser when I try visiting: `https://www.mydomainname.co.uk` using the htaccess from the accepted answer above. `http://mydomainname.co.uk` and `http://www.mydomainname.co.uk` both redirect fine. My certificate was generated for `mydomainname.co.uk`. Any ideas (or any more information you need)? – Jon Jul 27 '11 at 09:12
  • @Jon: The TLS/SSL layer is on top of HTTP (HTTPS is also known as “HTTP over TLS/SSL”). So the TLS/SSL connection is established and certificate is validated before it is handed down to HTTP and the HTTP redirection takes place. You can’t fix that. – Gumbo Jul 28 '11 at 16:08
  • Thanks for the update, just to confirm - there is **no** work around? (At all, or that you know of?) – Jon Jul 29 '11 at 09:11
  • @Jon: No, there is no solution to this that I know of. – Gumbo Jul 29 '11 at 10:22
  • 1
    This produces a redirect loop for me. I found this answer to work: http://stackoverflow.com/a/21467534/298218 – bobsoap Jun 16 '15 at 17:32
  • I got a redirect loop as weel when using a subdomain. – Džuris Apr 04 '17 at 08:09
5

Based on Gumbo's comment : "the TLS/SSL connection is established and certificate is validated before it is handed down to HTTP and the HTTP redirection takes place" I gave this a try (which seems to work):

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.blahblah.com/$1 [R,L]

RewriteCond %{HTTP_HOST} ^www\.blahblah\.com [NC]
RewriteRule ^(.*)$ https://blahblah.com/$1 [L,R=301]

please tell me if there is something wrong with this approach.

William Smith
  • 822
  • 1
  • 10
  • 23
4

The only set of rules that works for me is the following

# match any URL with www and rewrite it to https without the www
    RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
    RewriteRule (.*) https://%2%{REQUEST_URI} [R=301,L]

# match non https and redirect to https
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

The order matters, it prevents a third redirect in some cases.

Simon Ilett
  • 91
  • 1
  • 7
0

With this code I rediret from http and www and none www to https none www. Just pay attenstion that the place you insert the code in htaccess is important:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
Sarah
  • 69
  • 1
  • 9