Skip to content

Instantly share code, notes, and snippets.

@meaku
Created March 18, 2013 13:14
Show Gist options
  • Save meaku/5187056 to your computer and use it in GitHub Desktop.
Save meaku/5187056 to your computer and use it in GitHub Desktop.
.htaccess for SSL via SNI to prevent the certificate-error for unsupported browsers. Always share http links and https will be used if supported. Otherwise the connection will be http. SNI is not supported on IE on Windows XP (5 - 8) and Android < 4.x __Important Note__ Don't use this .htaccess if you need HTTPS for all your clients. It is just …
# HTTP(S) Stuff
# Redirect all users except IE 5-8 & Android < 4 to HTTPS
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP_USER_AGENT} !MSIE\ [5-8]
RewriteCond %{HTTP_USER_AGENT} !Android.*(Mobile)?\ [0-3]
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]
@59RY
Copy link

59RY commented Nov 1, 2014

I think it's better...:
(MSIE [1-6]\.|MSIE [78]\.\d\; Windows NT 5\.|Android.*(Mobile)?\ [0-2]\.)

for Japan, it's better (include non-SNI Japan cell-phones):
(MSIE [1-6]\.|MSIE [78]\.\d\; Windows NT 5\.|UP\.Browser\/|DoCoMo/\d\.|SoftBank\/\d\.|Android.*(Mobile)?\ [0-2]\.)

and for IIS (note that this is example):

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="HTTP → HTTPS (if SNI OK)" stopProcessing="false">
                    <match url="^(.*)$" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" />
                        <add input="{HTTP_USER_AGENT}" pattern="(MSIE [1-6]\.|MSIE [78]\.\d\; Windows NT 5\.|Android.*(Mobile)?\ [0-2]\.)" negate="true" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
                </rule>
                <rule name="HTTPS → HTTP (if SNI NG)" stopProcessing="false">
                    <match url="^(.*)$" />
                    <conditions>
                        <add input="{HTTPS}" pattern="on" />
                        <add input="{HTTP_USER_AGENT}" pattern="(MSIE [1-6]\.|MSIE [78]\.\d\; Windows NT 5\.|Android.*(Mobile)?\ [0-2]\.)" negate="false" />
                    </conditions>
                    <action type="Redirect" url="http://{HTTP_HOST}/{R:1}" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

@ourfingertips
Copy link

meaku - thanks for this! Any chance you can help me add a line so Windows Phone 8.1 / Nokia Lumia 1020 (NOKIA 909) so it will not be ssl? I have discovered an issue with the certificates on this phone. I also need a way to troubleshoot it - how do I add a line so I can see Internet Explorer 11 is or is not switching to https:// or http:// - Thanks!

I try the following and get no errors but it is not changing the ssl as I need - what am I missing?

# Redirect all users except windows phone 8 ... & Android < 4 to HTTPS
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP_USER_AGENT} !windows\ phone\ 8\.
RewriteCond %{HTTP_USER_AGENT} !Lumia\ 1020
RewriteCond %{HTTP_USER_AGENT} !MSIE\ 11\.
RewriteCond %{HTTP_USER_AGENT} !Android.*(Mobile)?\ [0-3]
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L] 

@JDW1
Copy link

JDW1 commented Jan 27, 2017

y59, not everyone has access to the server config file, but many do have edit power over .htaccess. Therefore, how would you reformat your suggested code for use in .htaccess?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment