0

I just switched to HTTPS on my server. Could you please help me with .htaccess to redirect all traffic to https://, exclude subdomains:

 www.example.com -> https://example.com 
 example.com -> https://example.com
 **.example.com -> http://*.example.com

Here is my current .htaccess:

# SEO URL Settings
RewriteEngine On
# If your opencart installation does not run on the main web folder make sure you folder it does run in ie. / becomes /shop/ 

RewriteCond %{HTTP_HOST} www.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

RewriteRule (news/news)-([0-9]+) index.php?route=$1&news_id=$2 [L,QSA]
RewriteCond %{QUERY_STRING} (.*)
RewriteRule (news/archive) index.php?route=$1 [L,QSA]

RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=feed/google_base [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]

### Additional Settings that may need to be enabled for some servers 
### Uncomment the commands by removing the # sign in front of it.
### If you get an "Internal Server Error 500" after enabling any of the following settings, restore the # as this means your host doesn't allow that.

# 1. If your cart only allows you to add one item at a time, it is possible register_globals is on. This may work to disable it:
# php_flag register_globals off

# 2. If your cart has magic quotes enabled, This may work to disable it:
# php_flag magic_quotes_gpc Off

# 3. Set max upload file size. Most hosts will limit this and not allow it to be overridden but you can try
# php_value upload_max_filesize 999M

# 4. set max post size. uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value post_max_size 999M

# 5. set max time script can take. uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value max_execution_time 200

# 6. set max time for input to be recieved. Uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value max_input_time 200

# 7. disable open_basedir limitations
# php_admin_value open_basedir none


<IfModule mod_expires.c>
  ExpiresActive on

# Perhaps better to whitelist expires rules? Perhaps.
  ExpiresDefault                          "access plus 1 month"

# cache.appcache needs re-requests in FF 3.6 (thx Remy ~Introducing HTML5)
  ExpiresByType text/cache-manifest       "access plus 0 seconds"

# Your document html
  ExpiresByType text/html                 "access plus 0 seconds"

# Data
  ExpiresByType text/xml                  "access plus 0 seconds"
  ExpiresByType application/xml           "access plus 0 seconds"
  ExpiresByType application/json          "access plus 0 seconds"

# RSS feed
  ExpiresByType application/rss+xml       "access plus 1 hour"

# Favicon (cannot be renamed)
  ExpiresByType image/x-icon              "access plus 1 week"

# Media: images, video, audio
  ExpiresByType image/gif                 "access plus 1 month"
  ExpiresByType image/png                 "access plus 1 month"
  ExpiresByType image/jpg                 "access plus 1 month"
  ExpiresByType image/jpeg                "access plus 1 month"
  ExpiresByType video/ogg                 "access plus 1 month"
  ExpiresByType audio/ogg                 "access plus 1 month"
  ExpiresByType video/mp4                 "access plus 1 month"
  ExpiresByType video/webm                "access plus 1 month"

# HTC files  (css3pie)
  ExpiresByType text/x-component          "access plus 1 month"

# Webfonts
  ExpiresByType font/truetype             "access plus 1 month"
  ExpiresByType font/opentype             "access plus 1 month"
  ExpiresByType application/x-font-woff   "access plus 1 month"
  ExpiresByType image/svg+xml             "access plus 1 month"
  ExpiresByType application/vnd.ms-fontobject "access plus 1 month"

# CSS and JavaScript
  #ExpiresByType text/css                  "access plus 1 week"
  ExpiresByType application/javascript    "access plus 1 week"
  ExpiresByType text/javascript           "access plus 1 week"

  <IfModule mod_headers.c>
    Header append Cache-Control "public"
  </IfModule>       
</IfModule>

FileETag none
Jenny D
  • 27,358
  • 21
  • 74
  • 110
user66638
  • 377
  • 2
  • 6
  • 21

1 Answers1

1

This rule will redirect http traffic from www.example.com & example.com, and will keep anyother.example.com as normal

replace

RewriteCond %{HTTP_HOST} www.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

by

RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^(www\.)?example.com [NC]
RewriteRule (.*) https://example.com/$1 [L,R=301,QSA]

For information :

  • (.*) mean all, ^(.*)$ mean all between start and end, so both have the same result, the shortest way to write is in most case advisable cause it should be faster.

  • List of available flags

  • $1 mean first regexp captured var by RewriteRule

  • %1 mean first regexp captured var by RewriteCond (so %2 is the second capture)

Froggiz
  • 3,013
  • 1
  • 18
  • 30
  • Thank you so much, everything is working, except that www is not redirected to non-www version. non-www version is my preferred domain. – user66638 Dec 22 '15 at 08:43
  • I edited my post to redirect `http://www.example.com` to `https://example.com` – Froggiz Dec 22 '15 at 09:24
  • Hmmm, now it is redirecting me to `https://www.` – user66638 Dec 22 '15 at 09:55
  • Oups sorry i am gone too fast it is %2 cause it is the 2nd var not %1 the first var ! answer edited – Froggiz Dec 22 '15 at 10:02
  • I think it is OK now. :) Can I ask one more question? If I change `RewriteRule ^(.*)$ https://%1/$1 [R=301,L]` - this is totally wrong? – user66638 Dec 22 '15 at 10:15
  • 1
    i added more information in the post to exaplain in detail, in fact it could be correct if you had wrote `%2` instead of `%1` ;) QSA flag is adding querystring, but if i am not wrong it is added by default so [R=301,L] should be equal [R=301,L,QSA]. You can do some test to verify this ! ^_^ – Froggiz Dec 22 '15 at 10:24
  • Ahhh, I just now had time to test, and subdomains are redirected too - this is what I wanted to avoid: `http://xy-beta.domain.com` is redirected to -> `https://xy-beta.domain.com/_sub/xy-beta/` (on the server subdomains are in folder public_html/_sub/) – user66638 Dec 22 '15 at 18:47
  • I updated the answer for it ! – Froggiz Dec 23 '15 at 08:22
  • It is not as easy as I thought: I only tested updated answer on http://htaccess.madewithlove.be -> http://hopp.mihalko.eu/1RFVQtr - it is possible that it is wrong with URL parameters? – user66638 Dec 23 '15 at 11:45
  • 1
    This tool for testing seems wrong : https://httpd.apache.org/docs/current/en/mod/mod_rewrite.html#RewriteRule it rewrite to / instead of https://example.com/. Don't worry the last i posted work with Apache as it should – Froggiz Dec 23 '15 at 11:54