Reputation: 1948
I am using .htaccess to redirect all requests (except to subdomains) from HTTP to HTTPS. This code works for me just fine:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !=m.example.com
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
However, it does not prevent the user from manually attempting to access the subdomain using the HTTPS (The SSL that I have does not cover subdomains and shows trust error when used for sub-domains).
Now, I am wondering:
1-How can I redirect all HTTPS requests to subdomain back to HTTP?
2-How can I modify this code to dynamically apply the subdomain restrictions to other subdomains (not only m.example.com)
Upvotes: 0
Views: 2063
Reputation: 16825
1) If the certificate doesn't include m.example.com, you can never send the redirect, since the browser will refuse to make a connection. So there is no way of doing this.
2) So all you want the htaccess to do is redirect the naked domain to https. To do this use:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^example.com$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
I case the certificate also includes www.example.com
use
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
Upvotes: 1