CODEWITHSUNDEEP
apache.htaccessmod-rewrite
SimonDowdles
SimonDowdles

Reputation: 2046

Prepend 'www' to an HTTPS url using .htaccess & mod_rewrite

I have a dilemma with this one. With the following code I am able to force SSL on any non SSL url, however when the user (and results from Google) take the user to http://mysite.co.za then we hit an issue as the url is then rewritten to https://mysite.co.za

Due to the fact that my certificate is bound to www.mysite.co.za it immediately throws a security error because of the missing 'www' in the url.

Can someone point out a way to add the www to the domain when the domain starts with HTTPS and not HTTP?

Much appreciated.

And the current code to add the https:// is as follows:

RewriteCond %{HTTP_HOST} !^www\.
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Upvotes: 1

Views: 1833

Answers (2)

Gareth
Gareth

Reputation: 138012

This doesn't answer your question, but it's certainly a way around the problem:

SSL certificates from Digicert will by default protect both WWW and non-WWW variants of the same domain. I don't know of any other mainstream certificate authority which does this - Digicert SSL Plus

Upvotes: 0

Artefacto
Artefacto

Reputation: 97805

Can someone point out a way to add the www to the domain when the domain starts with HTTPS and not HTTP?

So you want this:

  • If the host does not start with www:
    • If the connection is secure, do nothing. In this case you're already screwed anyway, because the user has already seen the host mismatch warning.
    • If the connect is not secure redirect to https://www.%{HTTP_HOST}%{REQUEST_URI}

Your current rule:

RewriteCond %{HTTP_HOST} !^www\.
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This rule fails on you because it adds www no matter whether the connection is secure or not. Additionally, it keeps plain http the way it is (no forward to https://).

The rule that satisfy your requirements above is

#if the host does not start with www.
RewriteCond %{HTTP_HOST} !^www\.
#and the connection is not secure
RewriteCond %{HTTPS} =""
#forward
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301]

The L flag is unnecessary because a redirect ends the rewriting.

Upvotes: 1

Related Questions