I have looked around and I can't seem to find a definitive solution for this. We are having a small problem with a few or our visitors that are typing in our domain as such:
https://www.example.com
- This is giving a security warning "There is a problem with this website's security开发者_C百科 certificate."
We have an SSL set up for example.com
So if someone types in http://www.example.com
or www.example.com
this gets redirected to https://example.com
which works fine.
This is what I have currently have in my .htaccess
file:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteCond %{SERVER_PORT} !^443$ [OR]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.*) [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,NC,L]
edit:
Most SSL certificates are issued for a specific hostname, e.g. www.example.com
or just example.com
(and there can be wildcard certificates for *.example.com
too) so this might be the case.
Maybe making the www. subdomain an optional match in the last RewriteCond
might help to get the user to the domain stated in the certificate:
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*) [NC]
I think the problem is not with the rewrite/redirect rules but simply with the way http servers handle ssl connection. Before even server has a chance to look into rewrite/redirect rules the SSL handshake take place and if we have a cert for example.com and we enter URL www.example.com connection will abort due to invalid certificate. Check for yourself, set up redirect condition to point URL www.example.com to example.com on SSL secured domain. At first you'll get invalid cert error, but when you add an exception to your browser you'll notice that it works.
Try this
RewriteCond %{HTTP_HOST} ^[a-z0-9-]+\.[a-z]+$
RewriteRule !"" https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NC]
instead of
RewriteCond %{HTTP_HOST} ^www\.(.*) [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,NC,L]
What you are trying to do is impossible. If a user accesses www.domain.cc over SSL, then you will get a certificate error if you do not have a valid SSL certificate - even if all you want to do is redirect them to the correct site.
You will either need a new certificate for www.domain.cc, or convince your registrar to give you a wildcard certificate for *.domain.cc, or one with multiple subjectAltName properties. See http://www.crsr.net/Notes/Apache-HTTPS-virtual-host.html
Or ask for SNA http://en.wikipedia.org/wiki/Server_Name_Indication
Firstly, you will need an SSL certificate that covers both www.xxxx.yyy
and xxxx.yyy
.
Your provider may cover both if you get the cert for www.xxxx.yyy
, but only the xxxx.yyy
if you get it for that. Read their conditions carefully.
I had read so many suggestions as to how to redirect, with all manner of ad-hoc opinions, with varying results, and mostly without any formal explanation.
Of course, that means going to the Apache .htaccess
reference and working from first principles was in order.
Just to reiterate, the main requirement is to redirect all http(s) requests to https://xxxx.yyy
.
As always, turn the rewrite engine on:
RewriteEngine On
For http, that is:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://xxx.yyy/$1 [L,R]
However, doing the same for https (port = 443), will force a loop, which bombs out with an error. We have to restrict the process to only working for the https
and www
. We do this by providing two RewriteCond
statements in a row, which are treated as an implicit AND:
RewriteCond %{SERVER_PORT} 443
RewriteCond %{HTTP_HOST} ^www[.].+$
RewriteRule ^(.*)$ https://xxxx.yyy/$1 [L,R]
At the end of the RewriteRule
, the [L,R]
tells the rewrite engine to:
L
= stop at that rule. That is, if a rule is executed because its conditions (RewriteCond
) were satisfied, stop when done, else go to the next conditions/rule set.R
= issue a HTTP redirect (default code = 302) to the browser, so user or automatic action can be taken to update bookmarks, so they always use thehttps://xxxx.yyy
in future.
精彩评论