htaccess redirect non-www to www with SSL/HTTPS

I found the solution.

Without HSTS (single redirect):

RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

With HSTS (double redirect):

RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Your conditions are implicitly AND'd and your second condition will always be true (unless you have other domains), so your current rules will only redirect non-SSL traffic.

You need to OR the conditions and negate the www (second) condition:

RewriteEngine On
RewriteCond %{SERVER_PORT} !=443 [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

If the SERVER_PORT is not 443 (ie. is not HTTPS) or the host does not start with www. (ie. you are accessing the bare domain) then redirect to the canonical URL.

However, whether this will redirect https://example.com to https://www.example.com will depend on your security certificate. (Your site needs to be accessible by both www and non-www over SSL for the .htaccess redirect to trigger.)

htaccess redirect non-www to www with SSL/HTTPS

Tags:

Apache

Https

Mod Rewrite

Htaccess

Related

Recent Posts