0

Yes, you read that right. I need HTTPS to HTTP for Safari only. Because all links referring to the site anywhere are HTTPS.

I have a website that has an SSL certificate, and normally we force redirect all traffic to HTTPS via .htaccess.

I've got a problem for Safari only, and would like to FORCE all HTTPS traffic to HTTP FOR the Safari user agent ONLY. At the end of the day I need to cater to the lowest common denominator of Safari version that's likely to hit the site, regardless of how I personally feel about it. The HTTP>HTTPS redirect basically causes a lot of older Safari versions to "fail to connect to server", and the website is propagated via backlink across the internet via https urls only. Even if peoples devices spoof, hide or not report their user-agent, I don't care, I just need to widen the net as best I can.

I want:

IF user-agent=Safari

GO FROM https://example.com

GO TO http://example.com

Would this work? I know nothing about regex to be honest.

### Redirect Safari to HTTP
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT}   ^(?!.*Chrome).*Safari$
RewriteRule /(.*)l               https://example.com/$1       [R]
RewriteRule ^(.*)$               http://example.com/          [L,R=302]

Thank you in advance for any help you can provide.

Fez
  • 1
  • 2
    i think you are trying to solve a x and y problem, (https://faq-database.de/doku.php?id=en:x-and-y-problem) - what is the real issue you are trying to solve? – djdomi Mar 03 '22 at 17:53
  • I wrote it in the paragraph: "The HTTP>HTTPS redirect basically causes a lot of older Safari versions to "fail to connect to server", and the website is propagated via backlink across the internet via https urls only." I have no control over users versions of Safari, and I cannot ask people to update their safari versions. – Fez Mar 03 '22 at 18:05

1 Answers1

2

You can't resolve this by issuing a redirect on the server to redirect from HTTPS to HTTP if "older Safari" browsers are "failing to connect to [the] server" when making the request over HTTPS.

You need to connect successfully to your server over HTTPS before you can issue the redirect to HTTP. (Catch-22)

I have no control over users versions of Safari, and I cannot ask people to update their safari versions.

But you can (theoretically) change (or fix?) the SSL cert on your server. And that is the only way to resolve this.

You would need to use an SSL cert that "older Safari" browser's do support. (A trusted CA and perhaps one that does not use SAN. See the following question on the Webmasters stack: https://webmasters.stackexchange.com/questions/53453/which-is-more-supported-by-web-clients-browsers-san-subject-alternative-name .)

(But how many of your users does this affect anyway?)

MrWhite
  • 11,643
  • 4
  • 25
  • 40
  • Damn, well that's not going to help. It's a legit certificate from a trusted CA, I didn't spin one up myself. But it does use SAN. Running a SSL checker shows it to be completely fine as far as SSL certs go. It's enough users that I have +35% bounce rate because of it. (Old Safari users only) And therefore I need to look into this. The website niche is such that we're likely to have users on ancient phones. – Fez Mar 04 '22 at 04:01
  • (@Fez) You'll have trouble getting a trusted cert without SAN. In the modern world (outside of environments with their own PKI like the US military) 'trusted' = follows CABforum requirements, and CABforum baseline has required SAN since 2011. Plus Chrome for several years, and the newer MSEdge which is really Chromium, never accepts a cert without (matching) SAN; it won't even _try_ to match CommonName. – dave_thompson_085 Mar 04 '22 at 08:04
  • @Fez "+35% bounce rate" - 35% of _all_ visitors?! Or 35% of "old-Safari users" (but what's that)? What browser's specifically is this affecting? What are you categorising as "older Safari versions"? Desktop/mobile? – MrWhite Mar 04 '22 at 09:14
  • So it's 100% of mobile/tablet traffic from the versions of Safari older than 14 who are not connecting to the HTTPS site (regardless of landing page, or acquisition (ads, direct, google, urls). I turn off HTTPS redirection, and those very same browsers that I'm testing with can immediately browse the site, via manual removal of the S in HTTPS://. This traffic constitutes 35% of our total visitors to the site at this time. Exhaustive testing in any other browser/device has zero issues, it's only outdated Safari on either mobile, tablet or desktop that fails to connect to the HTTPS site. – Fez Mar 04 '22 at 19:01
  • One more thing to mention, our same niche competitors have the same issue. My own personal testing gives the same results for their pages also. That's how bad this is. No other site I manage has this kind of widespread problem, but the niches are completely different, so I don't know that it's as big a problem for other niches. This is WHY I've been tearing my hair out. Short of dropping HTTPS completely to accomodate such a large portion of our audience, and taking the concurrent Google Rankings hit, I don't have a solution. – Fez Mar 04 '22 at 19:10