Need to redirect all traffic to https
I want to redirect any traffic that goes to http://example.com to https://example.com
same for http://example.com/about to https://example.com/about
I thought it would be something like t开发者_开发百科his:
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
This works for me:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
If the traffic is coming in over non-SSL HTTP, then redirect to the HTTP equivalent of whatever page the user was originally trying to access. It also doesn't involve any mod_rewrite options, so it's easy to read.
Side rant: why does everyone feel the need to explicitly set the HTTP code of the redirect and mark one of their rewrites as the "last" one? Seriously, I've seen dozens of same-looking htaccess rules in just the last few days.
This is a previous answer using .httaccess but adding changes proposed in the comments, and some from me:
RewriteEngine on
RewriteBase /
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://my.domain.name%{REQUEST_URI} [L,R=301]
Notes:
- This is for the cases where user doesn't have access to main configuration, but has access to .htaccess rules. If you have access to main configuration, use mod_alias solution instead.
- For me the rule was not picked up without defining RewriteBase. Explicitly defining it gets rid of ambiguity with some server setups.
- At least on some configurations,
%{HTTPS}
is not set tooff
when using http, but is null, so!on
is more reliable rule thanoff
. - For explicit host name, you don't rely on client side Host header or server configuration. However, explicit host name natually assumes there is only one domain to redirect. Host header poses some considerable problems, such as containing port and being client-supplied data. Another alternative, as suggested by Apache Wiki, is to use
%{SERVER_NAME}
. If you consider using that, check out caveat from this discussion - it relies on other configuration being correct. R=301
means it's permanent redirect, as it's usually meant to be in this case. If you instead think it's temporary, that can be left out or specified asR=302
.L
means it's last rule to be applied for this request. Leave it if you suspect or know there are other rules after this that you don't want to get applied. You can remove if this is the only rule of the file.
According to the Apache documentation, using mod_alias
is more appropriate than mod_rewrite
for this task. That is, in order to redirect all HTTP traffic to HTTPS, one would:
<VirtualHost *:80>
ServerName www.example.com
Redirect permanent / https://www.example.com/
</VirtualHost >
<VirtualHost *:443>
ServerName www.example.com
# ... SSL configuration goes here
</VirtualHost >
Two things to note about this configuration:
- You need access to the main server configuration file in order for this configuration to work. The
VirtualHost
directive is only valid in the "server config" context. - Keep in mind that
mod_rewrite
directives are processed beforemod_alias
directives. If you've already got a massive block ofRewriteRule
s in your.htaccess
file, you might be better off with themod_rewrite
configuration.
why not just plain and simple?
rewriteCond %{HTTPS} !on
rewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
it has worked to me, and seems to me clear. Cheers.
Working in all conditions is:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [NE,L,R=301]
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
<IfModule>
After some research this what worked for me, a bit different version.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
精彩评论