htaccess redirect to https://www

Question

I have the following htaccess code:

<IfModule mod_rewrite.c>

RewriteEngine On
RewriteCond !{HTTPS} off
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

</IfModule>

I want my site to be redirected to https://www. with HTTPS, and enforcing the www. subdomain, but when I access http://www. (without HTTPS), it does not redirect me to https://www with HTTPS.

If I do that it redirects to **h t t p s : / / w w w.w w w.** — bigben, Dec 21 '12 at 21:31
Dear @bigben you have accepted a wrong answer here! you can find out why its wrong in my [answer](https://stackoverflow.com/a/43052755/7580839). — Amir Fo, Aug 20 '18 at 19:42

Michael Berkowski · Accepted Answer · 2018-04-02T20:32:38.920

To first force HTTPS, you must check the correct environment variable %{HTTPS} off, but your rule above then prepends the www. Since you have a second rule to enforce www., don't use it in the first rule.

RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

About proxying

When behind some forms of proxying, whereby the client is connecting via HTTPS to a proxy, load balancer, Passenger application, etc., the %{HTTPS} variable may never be on and cause a rewrite loop. This is because your application is actually receiving plain HTTP traffic even though the client and the proxy/load balancer are using HTTPS. In these cases, check the X-Forwarded-Proto header instead of the %{HTTPS} variable. This answer shows the appropriate process

Larzan · Answer 2 · 2014-03-18T10:36:05.847

Michals answer worked for me, albeit with one small modification:

Problem:

when you have a single site security certificate, a browser that tries to access your page without https:// www. (or whichever domain your certificate covers) will display an ugly red warning screen before it even gets to receive the redirect to the safe and correct https page.

Solution

First use the redirect to the www (or whichever domain is covered by your certificate) and only then do the https redirect. This will ensure that your users are not confronted with any error because your browser sees a certificate that doesn't cover the current url.

#First rewrite any request to the wrong domain to use the correct one (here www.)
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

#Now, rewrite to HTTPS:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

score 101 · Answer 3 · answered Nov 13 '14 at 23:30

If you are using CloudFlare or a similar CDN you will get an infinite loop error with the %{HTTPS} solutions provided here. If you're a CloudFlare user you'll need to use this:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

score 60 · Answer 4 · edited Jun 20 '20 at 09:12

60

BAD SOLUTION AND WHY!

Don't ever use the solution below because when you are using their code that is something like:

RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.example.com%{REQUEST_URI} [L,R=301]

The browser goes to:

http://example.com

Then redirects to:

https://example.com

Then redirects to:

https://www.example.com

This is too much request to the server.

Most of the answers even accepted one has this problem.

BEST SOLUTION AND THE ANSWER

This code has an [OR] condition to prevent dual changes at url!

RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.example.com%{REQUEST_URI} [R=301,L]

edited Jun 20 '20 at 09:12

Community

1
1

answered Mar 27 '17 at 17:22

Amir Fo

3,044
1
25
36

4

"BAD SOLUTION AND WHY!" - Those rules are just in the wrong order. Reverse those two rules and it will be correct - you'll get just one redirect and not two. – MrWhite Sep 23 '17 at 10:18
6

Yes, the code as given results in 2 redirects - I'm not disputing that - all I'm saying is that you simply need to reverse these rules to resolve this problem, no other change is required. (The "accepted" answer is indeed incorrect - which appears to be what you are referring to - the directives are in the wrong order.) – MrWhite Sep 24 '17 at 08:59
1

yup @AmirForsati is right. it is redirecting twice and this should be the accepted answer. – Zakir hussain Aug 20 '18 at 09:42
4

You can use this if you want to keep the domainname variable: `RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] RewriteCond %{HTTPS} off RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]` – I.devries Sep 10 '18 at 09:27
This is redirecting me to `wp-content/cache/page_enhanced/` and then so on. How can I fix this? Edit: Looks like I need to put it at the top of `.htaccess`. Thanks for the script :) – Giacomo Feb 28 '19 at 16:45

score 38 · Answer 5 · answered Sep 09 '16 at 16:09

38

This is the best way I found for Proxy and not proxy users

RewriteEngine On

### START WWW & HTTPS

# ensure www.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

### END WWW & HTTPS

answered Sep 09 '16 at 16:09

llioor

4,096
2
29
38

2

Correct **This is the best way I found for Proxy and not proxy users** +1 – Deep 3015 Sep 11 '17 at 12:42
1

This is the best one, as it solves multiple 301 redirects – Niraj Chauhan Oct 03 '17 at 14:13
2

best solution ever. – S M Jobayer Alam Sep 30 '18 at 08:04
1

Great answer. This is the only one that worked for me. Works if you are behind Cloudflare (though I have no page rules set up at Cloudflare). – jasonco Jan 06 '19 at 06:49
The only solution that works on all my cases. But what if I want to do de oposite and remove all "www." – FedeKrum May 06 '20 at 18:15

score 28 · Answer 6 · answered May 23 '14 at 07:47

There are a lot of solutions out there. Here is a link to the apache wiki which deals with this issue directly.

http://wiki.apache.org/httpd/RewriteHTTPToHTTPS

RewriteEngine On
# This will enable the Rewrite capabilities

RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e.  http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context

Amit Verma · Answer 7 · 2016-06-28T16:52:48.403

To redirect http:// or https:// to https://www you can use the following rule on all versions of apache :

RewriteEngine on

RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,L,R]

Apache 2.4

RewriteEngine on

RewriteCond %{REQUEST_SCHEME} http [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,L,R]

Note that The %{REQUEST_SCHEME} variable is available for use since apache 2.4 .

score 8 · Answer 8 · answered Jul 10 '16 at 04:52

8

If you are on CloudFlare, make sure you use something like this.

# BEGIN SSL Redirect
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
# END SSL Redirect

This will save you from the redirect loop and will redirect your site to SSL safely.

P.S. It is a good idea to if check the mod_rewrite.c!

answered Jul 10 '16 at 04:52

Ahmad Awais

23,458
4
66
52

it does not redirect https : // theurlwithoutwww.com to https : // www. – thesearentthedroids Jul 21 '16 at 10:58
This is actually only working solution if you have some "add www" directives beforehand. Others solutions gives me "to many redirects". – Daniel.P. Jul 03 '17 at 20:30

score 4 · Answer 9 · answered Dec 14 '18 at 14:05

4

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]

answered Dec 14 '18 at 14:05

Анастасия Ермолик

369
2
5

Kundan roy · Answer 10 · 2018-09-07T21:48:37.417

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

Notes: Make sure you have done the following steps

sudo a2enmod rewrite

sudo service apache2 restart

Add Following in your vhost file, located at /etc/apache2/sites-available/000-default.conf

<Directory /var/www/html>
  Options Indexes FollowSymLinks MultiViews
  AllowOverride All
  Order allow,deny
  allow from all
  Require all granted
</Directory>

Now your .htaccess will work and your site will redirect to http:// to https://www

score 1 · Answer 11 · answered Sep 27 '19 at 08:22

Similar to Amir Forsati's solution htaccess redirect to https://www but for variable domain name, I suggest:

RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%2%{REQUEST_URI} [R=301,L]

score 0 · Answer 12 · answered Jul 25 '17 at 14:17

0

Set in your .htaccess file

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

answered Jul 25 '17 at 14:17

Adam Kozlowski

3,978
1
23
38

score 0 · Answer 13 · answered May 19 '20 at 13:14

I used the below code from this website, it works great https://www.freecodecamp.org/news/how-to-redirect-http-to-https-using-htaccess/

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

Hope it helps

score -1 · Answer 14 · answered Aug 30 '18 at 14:45

I try first answer and it doesnt work... This work:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

htaccess redirect to https://www

14 Answers14

About proxying

BAD SOLUTION AND WHY!

BEST SOLUTION AND THE ANSWER

Linked

Related