Last active
February 24, 2023 06:01
-
-
Save vielhuber/f2c6bdd1ed9024023fe4 to your computer and use it in GitHub Desktop.
Apache: htaccess force www and https ssl #server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # force HTTPS and www. | |
| RewriteEngine On | |
| RewriteCond %{HTTP_HOST} (?!^www\.)^(.+)$ [OR] | |
| RewriteCond %{HTTPS} off | |
| RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L] | |
| # alternative way | |
| RewriteCond %{HTTP_HOST} !^$ | |
| RewriteCond %{HTTP_HOST} !^www\. [NC] | |
| RewriteCond %{HTTPS}s ^on(s)| | |
| RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] | |
| RewriteCond %{HTTPS} off | |
| RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,NE] | |
| # without lookbehind | |
| RewriteEngine On | |
| RewriteCond %{HTTP_HOST} !^www\.domain\.de [NC] | |
| RewriteRule ^(.*)$ https://www.domain.de/$1 [R=301,L] | |
| RewriteCond %{SERVER_PORT} 80 | |
| RewriteRule ^(.*)$ https://www.domain.de/$1 [R=301,L] | |
| # force HTTPS and www not for subdomains | |
| RewriteCond %{HTTP_HOST} ^domain\.de [NC] | |
| RewriteRule ^(.*)$ https://www.domain.de/$1 [R=301,L] | |
| RewriteCond %{HTTP_HOST} ^www\.domain\.de [NC] | |
| RewriteCond %{SERVER_PORT} 80 | |
| RewriteRule ^(.*)$ https://www.domain.de/$1 [R=301,L] | |
| # for cloudflare | |
| RewriteEngine On | |
| RewriteCond %{HTTP:X-Forwarded-Proto} =http | |
| RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] | |
| # not locally | |
| <IfModule !mod_win32.c> | |
| RewriteEngine on | |
| ... | |
| </IfModule> | |
| # not locally #2 | |
| RewriteEngine On | |
| RewriteCond %{HTTP_HOST} !\.dev$ [NC] | |
| RewriteCond %{HTTP_HOST} !\.local$ [NC] | |
| RewriteCond %{HTTP_HOST} !^www\.domain\.de [NC] | |
| RewriteRule ^(.*)$ https://www.domain.de/$1 [R=301,L] | |
| RewriteCond %{HTTP_HOST} !\.dev$ [NC] | |
| RewriteCond %{HTTP_HOST} !\.local$ [NC] | |
| RewriteCond %{SERVER_PORT} 80 | |
| RewriteRule ^(.*)$ https://www.domain.de/$1 [R=301,L] | |
| # force www only | |
| RewriteEngine on | |
| RewriteCond %{HTTP_HOST} !^www\. | |
| RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L] | |
| # force HTTPS and non-www | |
| <IfModule !mod_win32.c> | |
| RewriteEngine On | |
| RewriteCond %{HTTP_HOST} ^(www\.)(.+) [OR] | |
| RewriteCond %{HTTPS} off | |
| RewriteCond %{HTTP_HOST} ^(www\.)?(.+) | |
| RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L] | |
| </IfModule> | |
| <IfModule mod_win32.c> | |
| RewriteEngine On | |
| RewriteBase / | |
| RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] | |
| RewriteRule ^(.*)$ http://%1/$1 [R=301,L] | |
| </IfModule> | |
| # Force non-www and ssl | |
| RewriteCond %{HTTP_HOST} !\.local\.vielhuber\.de$ [NC] | |
| RewriteCond %{HTTP_HOST} ^(www\.)(.+) | |
| RewriteCond %{HTTP_HOST} ^(www\.)?(.+) | |
| RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L] | |
| RewriteCond %{HTTP_HOST} !\.local\.vielhuber\.de$ [NC] | |
| RewriteCond %{HTTPS} off | |
| RewriteCond %{HTTP_HOST} ^(www\.)?(.+) | |
| RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L] | |
| # force ssl and www for main domain, force ssl and non www for all subdomains (except locally) | |
| RewriteEngine On | |
| # for subdomains: force ssl and non www | |
| RewriteCond %{HTTP_HOST} !\.local$ [NC] | |
| RewriteCond %{HTTPS} !=on | |
| RewriteCond %{HTTP_HOST} !^(www\.)?camac-harps\.com$ [NC] | |
| RewriteCond %{HTTP_HOST} ^(?:www\.|)(.*)$ [NC] | |
| RewriteRule ^.*$ https://%1%{REQUEST_URI} [R,L] | |
| # for main domains: force ssl and www | |
| RewriteCond %{HTTP_HOST} !\.local$ [NC] | |
| RewriteCond %{HTTPS} !=on [OR] | |
| RewriteCond %{HTTP_HOST} ^camac-harps\.com$ [NC] | |
| RewriteRule ^.*$ https://www.camac-harps.com%{REQUEST_URI} [R,L] | |
| # # force https | |
| # RewriteCond %{HTTP_HOST} !\.xip\.io$ [NC] | |
| # RewriteCond %{HTTP_HOST} !\.local$ [NC] | |
| # RewriteCond %{HTTPS} !=on [NC] | |
| # RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] | |
| # force ssl and non-www for main domain and for all subdomains (except local) | |
| RewriteEngine On | |
| # main domain | |
| RewriteCond %{HTTP_HOST} ^(www\.)?tld\.org$ [NC] | |
| RewriteCond %{HTTPS} off [OR] | |
| RewriteCond %{HTTP_HOST} ^www\. [NC] | |
| RewriteRule ^ https://tld.org%{REQUEST_URI} [R=301,L,NE] | |
| # subdomains | |
| RewriteCond %{HTTP_HOST} !^local\.tld\.org$ [NC] | |
| RewriteCond %{SERVER_PORT} 80 | |
| RewriteCond %{HTTP_HOST} ^((?!www\.)[^.]+)\.tld\.org$ | |
| RewriteRule ^ https://%1.tld.org%{REQUEST_URI} [NE,L,R] | |
| # # force www except on development machines (.local & .xip.io) | |
| # RewriteCond %{HTTPS} !=on | |
| # RewriteCond %{HTTP_HOST} !\.local$ [NC] | |
| # RewriteCond %{HTTP_HOST} !\.xip\.io$ [NC] | |
| # RewriteCond %{HTTP_HOST} !^www\..+$ [NC] | |
| # RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] | |
| # # https | |
| # RewriteCond %{HTTPS} =on | |
| # RewriteCond %{HTTP_HOST} !\.local$ [NC] | |
| # RewriteCond %{HTTP_HOST} !\.xip\.io$ [NC] | |
| # RewriteCond %{HTTP_HOST} !^www\..+$ [NC] | |
| # RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] | |
| # # force non-www except on development machines (.local & .xip.io) | |
| # RewriteCond %{HTTPS} !=on | |
| # RewriteCond %{HTTP_HOST} !\.local$ [NC] | |
| # RewriteCond %{HTTP_HOST} !\.xip\.io$ [NC] | |
| # RewriteCond %{HTTP_HOST} ^www\..+$ [NC] | |
| # RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] | |
| # # https | |
| # RewriteCond %{HTTPS} =on | |
| # RewriteCond %{HTTP_HOST} !\.local$ [NC] | |
| # RewriteCond %{HTTP_HOST} !\.xip\.io$ [NC] | |
| # RewriteCond %{HTTP_HOST} ^www\..+$ [NC] | |
| # RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] | |
# force HTTPS and www.
RewriteEngine On
RewriteCond %{HTTP_HOST} (?!^www\.)^(.+)$ [OR]
RewriteCond %{HTTPS} off
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L]
Why you're using:
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L]
And not:
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L,NE]
What is there are some specific special characters involved? Then the origin REQUEST_URI is different than the redirected REQUEST_URI.
If I need https://www version of the website (all links have already been distributed a lot), and also HSTS Preloader, then I am getting following error in when checking in https://hstspreload.org.
http://example.com (HTTP) should immediately redirect to https://example.com (HTTPS) before adding the www subdomain. Right now, the first redirect is to https://www.example.com/. The extra redirect is required to ensure that any browser which supports HSTS will record the HSTS entry for the top level domain, not just the subdomain.
How it can be solved?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Excellent, thank you very much, with this rule I solved.
I wanted to ask, how can I delete the ".html" extension from the "https://domain.com/index.html" domain for all pages,
or just remove "index.html" from "https://domain.com/index.html".
how should I change the current rule?