1

I am recreating my question from Stack Overflow because this is actually the more appropriate place to ask this question. The original question is below.

Here is the rewrite rule I am using:

RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{HTTP_HOST} !^(www.)secure.\ [NC]
RewriteRule (.*) https://secure.%{HTTP_HOST}%{REQUEST_URI} [R,L]

This rule is supposed to be applied if the port is 443 (SSL port) and if the requested domain does not start with secure or www.secure .

Instead, it redirects to secure.secure and then returns a 404 error. Alternatively, if I remove the secure from rewrite rule creating 

RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{HTTP_HOST} !^(www.)secure.\ [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

I get a too many redirects error.

I admit, I am not a mod_rewrite expert, but I consider myself able to function with referring to the documentation. On this however, I am stumped. Thanks!

Community
  • 1
Josh
  • 119
  • 2
  • Note I have alrady fixed the syntax error involving the (www.) . It has been corrected to (www.)? , however the problem remains. – Josh Jul 31 '11 at 15:56

2 Answers2

1

The best way is to hard code domain name (I do not know what domain names you may have, therefore this is preferable option). Try this rule:

RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} !^(www\.)?secure\. [NC]
RewriteRule .* https://secure.example.com%{REQUEST_URI} [R=301,L]

The differences:

  1. In general it is better check if HTTPS is on by checking %{HTTPS} variable rather than checking port number -- you can easily bind HTTPS for this site to another port and this which will break the rule (and you will have to edit it). But this depends on your particular circumstances .. so it 's up to you.

  2. Better do "301 Permanent Redirect" (R=301) rather than "302 Found" (R) -- especially if SEO is involved with these URLs. But once again -- it's not a big thing in general.

  3. You have .\ in your pattern for host matching -- I assume it's just a typo.

If you do not want your domain name to be hard coded, you can try this rule -- but I cannot guarantee you that it will work 100% properly:

RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} !^(www\.)?secure\.(.+)$ [NC]
RewriteRule .* https://secure.%2%{REQUEST_URI} [R=301,L]
LazyOne
  • 3,014
  • 1
  • 16
  • 15
0

I avoided hardcoding the domain name by using %{HOST_NAME} in my RewriteRule line, as recommended by Tom O'Connor in reply to my question Forcing SSL in Apache without hard-coding the hostname, if that helps, but the key part of your problem seems (to me) to be that %1 is matching the (www.)? from your RewriteCond, rather than the (.*) from your RewriteRule, which would be %2, as suggested by LazyOne in their answer.

Personally, I think I would use the following:

RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} !^(www.)?secure\.(.+)$ [NC]
RewriteRule ^(.*)$ https://secure.$2/$3 [R=301,L]

, which is only slightly different to LazyOne's suggestion, but a little easier to read (in my opinion).

Community
  • 1
Owen Blacker
  • 631
  • 1
  • 7
  • 20