0

I want to know:

How to redirect from ..

https://www.example.com

to be

https://example.com

via .htaccess or CPanel?

As the SSL only installed on the one without "www", and when I visit the "www" one, I get SSL error.


The whole .htaccess file:

# Use PHP 5.3
AddType application/x-httpd-php53 .php

##
# @package      Joomla
# @copyright    Copyright (C) 2005 - 2012 Open Source Matters. All rights reserved.
# @license      GNU General Public License version 2 or later; see LICENSE.txt
##

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
##

## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects

##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

# RewriteBase /

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.
<IfModule mod_headers.c>
Header unset ETag
#Header unset Last-Modified
</IfModule>
FileETag None
#<FilesMatch "\.(ico|gz|JPG|jpg|jpeg|png|gif|js|css|swf)$">
#Header unset Cache-control
#Header set Expires "access plus 1 month"
#</FilesMatch>

<FilesMatch "\.(?!(ico|gz|JPG|jpg|jpeg|png|gif|js|css|swf))[^.]+$">
  Header unset Last-Modified
  Header unset Cache-control
</FilesMatch>

# Google Analytics Integration - Added by cPanel.
<IfModule mod_substitute.c>
AddOutputFilterByType SUBSTITUTE text/html
Substitute "s|(<script src='/google_analytics_auto.js'></script>)?</head>|<script src='/google_analytics_auto.js'></script></head>|i"
</IfModule>
# END Google Analytics Integration

RewriteEngine On
RewriteCond %{HTTPS} OFF
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

RewriteCond %{HTTP_HOST} ^shop\.iravin\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.shop\.iravin\.com$
RewriteRule ^/?$ "https\:\/\/iravin\.com\/index\.php\?option\=com_virtuemart" [R=301,L]
masegaloeh
  • 17,978
  • 9
  • 56
  • 104
CairoCoder
  • 103
  • 2
  • 7
  • What SSL error are you getting? – TheCleaner May 24 '13 at 13:43
  • This is probably not the site you are looking for! You attempted to reach www.iravin.com, but instead you actually reached a server identifying itself as eravin.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of www.iravin.com. You should not proceed, especially if you have never seen this warning before for this site. – CairoCoder May 24 '13 at 13:44

3 Answers3

4

You have both domains (example.com and www.example.com) on the same IP address. Then you have opened port 80 for HTTP and port 443 for HTTPS. As you have noticed, the port is open for all domains on the server; it can't be closed for just one domain while remaining open for any other.

When a client connects to https://www.example.com, it will start with the SSL negotiation, and the user will get a warning that the SSL certificate does not match. Any redirect that you create will happen only after the SSL negotiation, so they will still be getting the SSL certificate warning.

You should get a certificate that is either a wildcard domain certificate (i.e. one that matches *.example.com) or one that has www.example.com as a Subject Alternate Name to only domain-name.com. That way both www.example.com and example.com will work without warnings.

There is more information about SSL certificates and webservers here: Q: Multiple SSL domains on the same IP address and same port?

Jenny D
  • 27,358
  • 21
  • 74
  • 110
0

To redirect with 301 from www.example.com to no-www URL use this:

RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%2://%1%{REQUEST_URI} [L,R=301]

or this one:

RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
kockiren
  • 886
  • 2
  • 14
  • 35
0

Add your (local IP address)and www.example.com in your /etc/hosts It works for me.

198.138.10.106   example.com
198.138.10.106   www.example.com

Having this in /etc/apache2/sites-enabled/000-default.conf

RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com [OR]
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Anthony Geoghegan
  • 2,800
  • 1
  • 23
  • 34