Comments (8)
The visitor is not redirected from www.example.com to https://example.com, as I would have expected.
the http redirect example has:
RewriteCond %{HTTPS} !=on
Which excludes https requests. I'm not exactly sure why it looks like it's always been like that.
For info/reference, if it's a single-domain server, and you want to force https://example.com you would ordinarily have only 2 rules:
- not https -> https://example.com
- wrong domain -> https://example.com
i.e.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ http://example.com%{REQUEST_URI} [R=301,L]
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^example\.com$ [NC]
# RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC] # if one-domain but using subdomains
RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L]
</IfModule>
Or simply:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP_HOST} !^example\.com$ [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L]
</IfModule>
With the rules in your last comment there are more redirects than you mention for the second example:
http://www.example.com
-> http://example.com
-> https://example.com
I'll check if there's a reason that www redirect isn't schema-relative.
from server-configs-apache.
For example, changing the subdomain removal to this:
# Option 1a: rewrite www.example.com → example.com
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
</IfModule>
# Option 1b: rewrite https://www.example.com → https://example.com
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
</IfModule>
Does produce the behaviour I expected. Now this might be a very inefficient way to do this and there might be a more compact way, but it does what I expected initially:
http://example.com
-> https://example.com
http://www.example.com
-> https://example.com
https://www.example.com
-> https://example.com
So I'm wondering why there is an explicit check for https and a rewrite to an unsecured domain in the rewrite rule that's currently in h5bp's htaccess. If possible, wouldn't it be better to make it protocolless? It seems like it's possible to rewrite both http: and https:
from server-configs-apache.
Ok, well this:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP_HOST} !^example\.com$ [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L]
</IfModule>
makes sense, but is it necessary to specify the domain (example.com) manually? Because that might be the reason to not make it the default (less configuration required).
If it could be simplified to work without having to specify the domain then I don't see why that shouldn't be the default.
from server-configs-apache.
And I guess that the inefficiency of
http://www.example.com -> http://example.com -> https://example.com
is the drawback of the modularity of the rules (i.e. they allow you to force https without forcing subdomain removal or vice versa), which I don't mind. I'd rather have the modularity than the efficiency.
from server-configs-apache.
is it necessary to specify the domain (example.com) manually?
No, I wrote it that way purely for clarity.
from server-configs-apache.
Ok I see. Btw. if I'm not mistaken, this would be the rewrite for both http and https (courtesy of stack overflow):
# Option 1: rewrite www.example.com → example.com
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST}#%{HTTPS}s ^www\.([^#]+)#(?:off|on(s)) [NC]
RewriteRule ^ http%2://%1%{REQUEST_URI} [R=301,L]
</IfModule>
For me this worked as expected.
from server-configs-apache.
RewriteEngine On
RewriteCond %{HTTPS} =off [OR]
RewriteCond %{HTTP_HOST} !^www. [OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index.(html|php)
RewriteCond %{HTTP_HOST} ^(www.)?(.+)$
RewriteRule ^(index.(html|php))|(.*)$ https://www.%2/$3 [R=301,L]
from server-configs-apache.
this is not working when i try to redirect https://www.example.com to https://example.com. Can you please help
from server-configs-apache.
Related Issues (20)
- Feature request: video/mov in .htaccess? HOT 4
- SSL auto renewal blocked by www redirect HOT 2
- Missing version in custom `.htaccess` builds HOT 8
- `DirectoryIndex` comment if pre-compressed content is enabled HOT 4
- Question: mpm_winnt_module HOT 3
- Remove `image/avif-sequence` MIME type HOT 6
- Variable evaluation in build script HOT 2
- Add build parameter to generate `.htaccess` without comments HOT 2
- `ServerTokens Prod` missing HOT 2
- Missing `<IfModule mod_authz_core.c>` block HOT 1
- Remove `<IfModule>` from `Options -Indexes` HOT 1
- Add `<IfModule http2_module>` for h2 protocol support HOT 9
- Add note about `RewriteOptions Inherit` HOT 3
- `Permissions-Policy` header for Google “Topics API” HOT 1
- Add `Document Policy` to security section HOT 2
- Add `Shared Brotli` and `Shared Zstandard` (zstd) HOT 2
- Error with `Permissions-Policy` header: Unrecognized feature: `'document-domain'` HOT 1
- Format `Content-Security-Policy` header directives HOT 4
- Add `ExpiresByType` for `audio/mp4` with `"access plus 1 year"` HOT 3
- Fallback with ExpiresDefault does not seem to include images HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from server-configs-apache.