Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
.htaccess for SSL via SNI to prevent the certificate-error for unsupported browsers. Always share http links and https will be used if supported. Otherwise the connection will be http. SNI is not supported on IE on Windows XP (5 - 8) and Android < 4.x __Important Note__ Don't use this .htaccess if you need HTTPS for all your clients. It is just …
# HTTP(S) Stuff
# Redirect all users except IE 5-8 & Android < 4 to HTTPS
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP_USER_AGENT} !MSIE\ [5-8]
RewriteCond %{HTTP_USER_AGENT} !Android.*(Mobile)?\ [0-3]
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]
@jhnns

This comment has been minimized.

Copy link

commented Mar 19, 2013

Awesome! 👍
But I like DEUTSCHSkript even better.

@59RY

This comment has been minimized.

Copy link

commented Nov 1, 2014

I think it's better...:
(MSIE [1-6]\.|MSIE [78]\.\d\; Windows NT 5\.|Android.*(Mobile)?\ [0-2]\.)

for Japan, it's better (include non-SNI Japan cell-phones):
(MSIE [1-6]\.|MSIE [78]\.\d\; Windows NT 5\.|UP\.Browser\/|DoCoMo/\d\.|SoftBank\/\d\.|Android.*(Mobile)?\ [0-2]\.)

and for IIS (note that this is example):

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="HTTP → HTTPS (if SNI OK)" stopProcessing="false">
                    <match url="^(.*)$" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" />
                        <add input="{HTTP_USER_AGENT}" pattern="(MSIE [1-6]\.|MSIE [78]\.\d\; Windows NT 5\.|Android.*(Mobile)?\ [0-2]\.)" negate="true" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
                </rule>
                <rule name="HTTPS → HTTP (if SNI NG)" stopProcessing="false">
                    <match url="^(.*)$" />
                    <conditions>
                        <add input="{HTTPS}" pattern="on" />
                        <add input="{HTTP_USER_AGENT}" pattern="(MSIE [1-6]\.|MSIE [78]\.\d\; Windows NT 5\.|Android.*(Mobile)?\ [0-2]\.)" negate="false" />
                    </conditions>
                    <action type="Redirect" url="http://{HTTP_HOST}/{R:1}" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>
@ourfingertips

This comment has been minimized.

Copy link

commented Feb 28, 2015

meaku - thanks for this! Any chance you can help me add a line so Windows Phone 8.1 / Nokia Lumia 1020 (NOKIA 909) so it will not be ssl? I have discovered an issue with the certificates on this phone. I also need a way to troubleshoot it - how do I add a line so I can see Internet Explorer 11 is or is not switching to https:// or http:// - Thanks!

I try the following and get no errors but it is not changing the ssl as I need - what am I missing?

# Redirect all users except windows phone 8 ... & Android < 4 to HTTPS
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP_USER_AGENT} !windows\ phone\ 8\.
RewriteCond %{HTTP_USER_AGENT} !Lumia\ 1020
RewriteCond %{HTTP_USER_AGENT} !MSIE\ 11\.
RewriteCond %{HTTP_USER_AGENT} !Android.*(Mobile)?\ [0-3]
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L] 
@JDW1

This comment has been minimized.

Copy link

commented Jan 27, 2017

y59, not everyone has access to the server config file, but many do have edit power over .htaccess. Therefore, how would you reformat your suggested code for use in .htaccess?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.