9

I have a rewrite in my htaccess file that removes index.php from the url

RewriteEngine on
RewriteCond $1 !^(images|media|system|themes|_css|_js|favicon\.ico|robots\.txt|cert\.html|index\.php) [NC]
RewriteRule ^(.*)$ /index.php/$1 [L]

In addition to this, I want to force the www and https for any request that does not have either.

So ultimately all urls should look like this: https://www.example.com/whatever/something/; and for SEO purposes, if a url misses the mark, it should 301 redirect to it's correct version, for example:

http://example.com/about/
301 redirect to
https://www.example.com/about/

Would love some help accomplishing that, thanks!

LazyOne
  • 158,824
  • 45
  • 388
  • 391

1 Answers1

23

Force WWW:

RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L] # include 's' here to force ssl in addition to www

Force SSL:

RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

Remove "index.php":

RewriteCond %{THE_REQUEST} /index.php HTTP
RewriteRule (.*)index.php$ /$1 [R=301,L]
Clayton
  • 392
  • 1
  • 3
  • 17
Evan Mulawski
  • 54,662
  • 15
  • 117
  • 144
  • 1
    Thanks, this seems to work pretty well so far. If I hit https://domain.com/ in the browser I get the certificate untrusted error, because the the cert is only for www. Is there any way around that? –  Jul 27 '11 at 17:13
  • 5
    @mjr Get certificate that covers both `domain.com` and `www.domain.com` .. or the more expensive wildcard certificate (will cover ALL subdomains). Unfortunately secure channel (SSL) has to be established first before HTTP part of HTTPS can kick in. In other words, rewrite rule will not get executed until connection is fully established. – LazyOne Jul 27 '11 at 18:02
  • @mjr I submitted an edit to the accepted answer that should solve your problem. – ShadeTreeDeveloper Nov 14 '12 at 18:03
  • The first code snippet does not force the SSL when one types in something like `www.example.com/example`. The second code snippet under "Force SSL:" seems to work perfectly for me. – Clayton Jul 02 '15 at 20:08