https & multidomain redirect in one?

Fix it!!

https & multidomain redirect in one?

Postby megan_taylor1 » Thu Dec 04, 2008 3:38 pm

Hi all, I have the domains mydomain.com and mydomain.com.au, and want to redirect to SSL. I've decided to redirect ALL pages to HTTPS in order to make rule writing easy. (are there any downsides to this?)

My SSL certificate was issued for mydomain.com, not www.mydomain.com.
The .com.au is successfully parked on top of the .com, and works as is.

The rule I've written to redirect all domains to SSL is as follows:
Code: Select all
RewriteCond %{HTTP_HOST} !^mydomain.com [NC]
RewriteRule ^(.*)$ https://mydomain.com/$1 [R=301]
[other rules follow]


How it works:
http://www.mydomain.com YES
http://mydomain.com NO
http://www.mydomain.com.au YES
http://mydomain.com.au NO

Can someone help me rewrite this rule to redirect all of the above to https://mydomain.com?
megan_taylor1
 
Posts: 14
Joined: Fri Nov 07, 2008 10:32 pm

aha!

Postby megan_taylor1 » Thu Dec 04, 2008 3:52 pm

Checking through some other posts I came across the condition
Code: Select all
RewriteCond %{SERVER_PORT} !^443$

which seems to work for my application, and still lets following rewrite rules work!

:)
megan_taylor1
 
Posts: 14
Joined: Fri Nov 07, 2008 10:32 pm

Postby richardk » Sat Dec 06, 2008 8:31 am

Have you got the OR flag (so that it will make it redirect https://www.exmaple.com/ to https://exmaple.com/)?
Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteCond %{SERVER_PORT} !^443$ [OR]
RewriteCond %{HTTP_HOST} !^example\.com$ [NC]
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby megan_taylor1 » Sun Dec 07, 2008 4:28 pm

Hi RichardK, Thanks for that! Good idea.

If I add the code in as you wrote it (with L flag at end)
How do I ensure all following rewriting rules are still enacted? (the PHP site is being rewritten to appear as a folder structure with no querystrings) Would I need an additional RewriteCond after the code you provided me? If so, how would I phrase it? I would want the following rules to be looked at in all cases.
megan_taylor1
 
Posts: 14
Joined: Fri Nov 07, 2008 10:32 pm

Postby megan_taylor1 » Sun Dec 07, 2008 5:41 pm

Hmm...
I am having trouble seeing any effect of the http host rewrite condition.

The top of my .htaccess file is as follows:

RewriteCond %{SERVER_PORT} !^443$ [OR]
RewriteCond %{HTTP_HOST} !^mydomain\.com$ [NC]
RewriteRule ^(.*)$ https://mydomain.com/$1 [R=301]

The following URLs are not rewriting:
https://www.mydomain.com
https://www.mydomain.com.au
https://mydomain.com.au

I would expect all of the above to redirect to https://mydomain.com
megan_taylor1
 
Posts: 14
Joined: Fri Nov 07, 2008 10:32 pm

Postby richardk » Mon Dec 08, 2008 11:59 am

Does any mod_rewrite work when you are using HTTPS?

Try it as two seperate redirects
Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteCond %{HTTP_HOST} !^example\.com$ [NC]
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]

RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby megan_taylor1 » Mon Dec 08, 2008 3:00 pm

2 separate rules still doesn't redirect other https urls to the correct one.

Code: Select all
Options +FollowSymLinks

RewriteEngine On

#change www and .com.au links into correct https link.
RewriteCond %{HTTP_HOST} !^example\.com$ [NC]
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]

#redirect everyone to HTTPS.
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]

#rewrite PHP to SEO friendly links:
RewriteBase /

#other rules follow


The rest of my rules work. The only thing that doesn't work is
the following URLs not rewriting:
https://www.example.com
https://www.example.com.au
https://example.com.au

I just get a SSL certificate error:
www.example.com uses an invalid security certificate.
The certificate is only valid for example.com.

I guess it's not the end of the world. I'm just a bit confused as to why the redirects aren't working. The rules LOOK like they should work. Maybe it's a server configuration thing. Thanks for your help, RichardK.
megan_taylor1
 
Posts: 14
Joined: Fri Nov 07, 2008 10:32 pm

Postby richardk » Tue Dec 09, 2008 12:27 pm

I just get a SSL certificate error:
www.example.com uses an invalid security certificate.
The certificate is only valid for example.com.

I guess it's not the end of the world. I'm just a bit confused as to why the redirects aren't working. The rules LOOK like they should work. Maybe it's a server configuration thing.

The SSL certificate is processed before mod_rewrite. If the certificate is wrong then mod_rewrite is never processed.
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: Google [Bot] and 2 guests

cron