Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Apache: htaccess force www and https ssl #server
# force HTTPS and www.
RewriteEngine On
RewriteCond %{HTTP_HOST} (?!^www\.)^(.+)$ [OR]
RewriteCond %{HTTPS} off
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L]
# alternative way
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,NE]
# without lookbehind
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.domain\.de [NC]
RewriteRule ^(.*)$ https://www.domain.de/$1 [R=301,L]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.domain.de/$1 [R=301,L]
# force HTTPS and www not for subdomains
RewriteCond %{HTTP_HOST} ^domain\.de [NC]
RewriteRule ^(.*)$ https://www.domain.de/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^www\.domain\.de [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.domain.de/$1 [R=301,L]
# for cloudflare
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# not locally
<IfModule !mod_win32.c>
RewriteEngine on
...
</IfModule>
# not locally #2
RewriteEngine On
RewriteCond %{HTTP_HOST} !\.dev$ [NC]
RewriteCond %{HTTP_HOST} !\.local$ [NC]
RewriteCond %{HTTP_HOST} !^www\.domain\.de [NC]
RewriteRule ^(.*)$ https://www.domain.de/$1 [R=301,L]
RewriteCond %{HTTP_HOST} !\.dev$ [NC]
RewriteCond %{HTTP_HOST} !\.local$ [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.domain.de/$1 [R=301,L]
# force www only
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
# force HTTPS and non-www
<IfModule !mod_win32.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)(.+) [OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)
RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]
</IfModule>
<IfModule mod_win32.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
</IfModule>
# Force non-www and ssl
RewriteCond %{HTTP_HOST} !\.local\.vielhuber\.de$ [NC]
RewriteCond %{HTTP_HOST} ^(www\.)(.+)
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)
RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} !\.local\.vielhuber\.de$ [NC]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)
RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]
# force ssl and www for main domain, force ssl and non www for all subdomains (except locally)
RewriteEngine On
# for subdomains: force ssl and non www
RewriteCond %{HTTP_HOST} !\.local$ [NC]
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(www\.)?camac-harps\.com$ [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.|)(.*)$ [NC]
RewriteRule ^.*$ https://%1%{REQUEST_URI} [R,L]
# for main domains: force ssl and www
RewriteCond %{HTTP_HOST} !\.local$ [NC]
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP_HOST} ^camac-harps\.com$ [NC]
RewriteRule ^.*$ https://www.camac-harps.com%{REQUEST_URI} [R,L]
# # force https
# RewriteCond %{HTTP_HOST} !\.xip\.io$ [NC]
# RewriteCond %{HTTP_HOST} !\.local$ [NC]
# RewriteCond %{HTTPS} !=on [NC]
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# force ssl and non-www for main domain and for all subdomains (except local)
RewriteEngine On
# main domain
RewriteCond %{HTTP_HOST} ^(www\.)?tld\.org$ [NC]
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://tld.org%{REQUEST_URI} [R=301,L,NE]
# subdomains
RewriteCond %{HTTP_HOST} !^local\.tld\.org$ [NC]
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^((?!www\.)[^.]+)\.tld\.org$
RewriteRule ^ https://%1.tld.org%{REQUEST_URI} [NE,L,R]
# # force www except on development machines (.local & .xip.io)
# RewriteCond %{HTTPS} !=on
# RewriteCond %{HTTP_HOST} !\.local$ [NC]
# RewriteCond %{HTTP_HOST} !\.xip\.io$ [NC]
# RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
# RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# # https
# RewriteCond %{HTTPS} =on
# RewriteCond %{HTTP_HOST} !\.local$ [NC]
# RewriteCond %{HTTP_HOST} !\.xip\.io$ [NC]
# RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
# RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# # force non-www except on development machines (.local & .xip.io)
# RewriteCond %{HTTPS} !=on
# RewriteCond %{HTTP_HOST} !\.local$ [NC]
# RewriteCond %{HTTP_HOST} !\.xip\.io$ [NC]
# RewriteCond %{HTTP_HOST} ^www\..+$ [NC]
# RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# # https
# RewriteCond %{HTTPS} =on
# RewriteCond %{HTTP_HOST} !\.local$ [NC]
# RewriteCond %{HTTP_HOST} !\.xip\.io$ [NC]
# RewriteCond %{HTTP_HOST} ^www\..+$ [NC]
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
@lars3003

This comment has been minimized.

Copy link

commented Feb 6, 2018

this just saved my ass. ;) Thank you!

@carasmo

This comment has been minimized.

Copy link

commented Feb 9, 2018

This is supremely helpful. If there is such a thing as karma, may only great things happen to you!

@BHWWills

This comment has been minimized.

Copy link

commented Feb 16, 2018

Ok, please can you help me, so why do I get this?

when using v1 i get redirected to: https://www./ without anything else?

when using v2 if i put more than the host in http:// it skips me to the index file:
i.e. http://www.test.com/test GOES TO https://www.test.com/index.php NOT https://www.test.com/test

I also have some code for removing the index.php from the url so http://www.test.com/index.php/test BECOMES http://www.test.com/test, so something isn't playing ball.

Thanks

RewriteEngine On

RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteCond %{REQUEST_FILENAME}/index.php !-f
RewriteRule . index.php [L]

RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,NE]
@mofesolapaul

This comment has been minimized.

Copy link

commented May 11, 2018

Many thanks

@xidb

This comment has been minimized.

Copy link

commented Jul 6, 2018

My solution to force https and www in one redirect step to prevent loosing link "juice".
Redirects http://domain, https://domain, http://www.domain to https://www.domain

# if host contains www - skip redirect to www
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule .? - [S=1]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# redirect all to https
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
@tommix95

This comment has been minimized.

Copy link

commented Nov 1, 2018

Excellent, thank you very much, with this rule I solved.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)(.+) [OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www.)?(.+)
RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]

I wanted to ask, how can I delete the ".html" extension from the "https://domain.com/index.html" domain for all pages,
or just remove "index.html" from "https://domain.com/index.html".

how should I change the current rule?

@maartenbruins

This comment has been minimized.

Copy link

commented Nov 7, 2018

# force HTTPS and www.
RewriteEngine On
RewriteCond %{HTTP_HOST} (?!^www\.)^(.+)$ [OR]
RewriteCond %{HTTPS} off
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L]

Why you're using:

RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L]

And not:

RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L,NE]

What is there are some specific special characters involved? Then the origin REQUEST_URI is different than the redirected REQUEST_URI.

@Swashbuckler007

This comment has been minimized.

Copy link

commented Nov 29, 2018

If I need https://www version of the website (all links have already been distributed a lot), and also HSTS Preloader, then I am getting following error in when checking in https://hstspreload.org.

http://example.com (HTTP) should immediately redirect to https://example.com (HTTPS) before adding the www subdomain. Right now, the first redirect is to https://www.example.com/. The extra redirect is required to ensure that any browser which supports HSTS will record the HSTS entry for the top level domain, not just the subdomain.

How it can be solved?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.