Question posted in
Some documentation to get you started can be found here.

How do I redirect from http:// to https:// to https://www without breaking other subdomains that aren't www? – Apache

The environment:

WordPress running on a Docker container which is built up a testing pipeline, first into dev (https://dev.example.com), then stage (https://stage.example.com), then finally into production (https://www.example.com).

Note that both Dev and Stage do not have the “www” subdomain but production does.

The problem:

For security reasons, I have to set up an extra redirect. Currently, when a user enters our site without SSL (ie, http://example.com) they are redirected to the secured subdomain (ie, https://www.example.com).

However, for security, they need to hit https://example.com before being redirected to the secured subdomain. Such as:

1) http://example.com ->

2) https://example.com ->

3) https://www.example.com

We must have www as the final result and we must have the extra redirect (there’s no wiggle room, sadly).

Now, where I’m getting stuck is with this redirect and the dev/stage sites.

I can get production redirecting from http://example.com -> https://example.com -> https://www.example.com with the code below:

<IfModule mod_rewrite.c>
RewriteEngine On
# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} example.com$
RewriteRule ^ https://example.com [L,R=301]

# ensure www.
RewriteCond %{HTTP_HOST} !^www.example.com$ [NC]
RewriteRule ^ https://www.example.com [L,R=301]
</IfModule>

But when this code is moved into dev/stage they 502 to death.

I’ve tried using the code below to only redirect to www when the server is not www or dev or stage but then the redirect from http://example.com to https://example.com fails!

<IfModule mod_rewrite.c>
RewriteEngine On
# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} example.com$
RewriteRule ^ https://example.com [L,R=301]

# ensure www only if not dev/stage
RewriteCond %{HTTP_HOST} !^(www|dev|stage).example.com$ [NC]
RewriteRule ^ https://www.example.com [L,R=301]
</IfModule>

Please help! I know using so many redirects is over the top but they are the requirements I’ve been given and I can’t change them.

Any help is really appreciated, I’ve looked at many other answers here and they have helped but I cannot get past the dev/stage redirect failing. I’m stuck!

My full htaccess file:

<IfModule mod_rewrite.c>

 RewriteEngine On
 # ensure https
 RewriteCond %{HTTP:X-Forwarded-Proto} !https
 RewriteCond %{HTTPS} off
 RewriteCond %{HTTP_HOST} (^|.)example.com$
 RewriteRule ^/?(.*)$ https://%{HTTP_HOST}/$1 [R=302]

 # ensure www.
 RewriteCond %{HTTP_HOST} ^example.com$ [OR]
 RewriteCond %{HTTP_HOST} !^(www|corp-dev|corp-stage).example.com$
 RewriteRule ^/?(.*)$ https://www.example.com/$1 [R=302]

# link Redirection

RewriteEngine On
RewriteRule ^health.html$ "/health.html" [END]

RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

</IfModule>
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    What ended up solving this issue for me:

    <IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{HTTP:X-Forwarded-Proto} =http
  RewriteCond %{HTTP_HOST} ^example.com$
  RewriteRule (.*)$ https://example.com/$1 [R=301,L]
</IfModule>
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{HTTP:X-Forwarded-Proto} =http
  RewriteCond %{HTTP_HOST} ^www.example.com$
  RewriteRule (.*)$ https://www.example.com/$1 [R=301,L]
</IfModule>
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{HTTP:X-Forwarded-Proto} =http
  RewriteCond %{HTTP_HOST} ^dev.example.com$
  RewriteRule (.*)$ https://dev.example.com/$1 [R=301,L]
</IfModule>
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{HTTP:X-Forwarded-Proto} =http
  RewriteCond %{HTTP_HOST} ^stage.example.com$
  RewriteRule (.*)$ https://stage.example.com/$1 [R=301,L]
</IfModule>

    My WordPress site had Site URL under the General Settings tab set to https://www.example.com and this was causing a bunch of looping with the other solutions.

    This didn't work for me due to the setting I mentioned but I'll post another solution I tried on the off chance it will help someone else:

    <IfModule mod_rewrite.c>
RewriteEngine On
# Redirect HTTP to HTTPS
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://example.com/$1 [R,L]

# Redirect example.com to www.example.com
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^/?(.*) https://www.example.com/$1 [R,L]
</IfModule>

  2. 0

    Your attempt is nearly fine, I just made some trivial adjustments: 

    RewriteEngine On
# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} (^|.)example.com$
RewriteRule ^/?(.*)$ https://%{HTTP_HOST}/$1 [R=301]

# ensure www.
RewriteCond %{HTTP_HOST} ^example.com$ [OR]
RewriteCond %{HTTP_HOST} !^(www|dev|stage).example.com$
RewriteRule ^/?(.*)$ https://www.example.com/$1 [R=301]

    In general it is a good idea to start testing using a 302 redirection and only change that to a 301 once things are really working. That way you prevent caching issues while testing.

    This rule will work likewise in the http servers host configuration or inside a dynamic configuration file (“.htaccess” file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a dynamic configuration file you need to take care that it’s interpretation is enabled at all in the host configuration and that it is located in the host’s DOCUMENT_ROOT folder.

    And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using dynamic configuration files (“.htaccess”). Those dynamic configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search