Best Practice: 301 Redirect HTTP to HTTPS (Standard Domain)
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Nothing to change just copy and paste.
So, condensing, this becomes;
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L,NE]
Let me know if you see any bugs
To start with your favorite solution:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
</IfModule>
In the part handling non-https URLs you are redirecting to %{HTTP_HOST}
. Then, in case your host name started with "www", a second redirect has to take place to send you from https://www.domain.tld to https://domain.tld which is supposed to be your final destination.
You can shorten this by using
RewriteRule ^(.*)$ https://domain.tld/%{REQUEST_URI} [L,R=301]
directly in the first rule. The second rule would then only apply to clients, who try to access https://www.domain.tld
.
Alternative 1. does not work for the same reason (missing the case that HTTP_HOST
could be www.domain.tld
) and additionally because of the missing [L,R=301]
. This is necessary because you do not just rewrite an URL here, like you could do in other types of rewrite rules. You are requesting the client to change the type of it's request - this is why you are sending him a HTTP code of 301
.
Concerning the match part of the RewriteRule
itself, you should be consistent: if you want to capture parts of the URI you will use a regular expression with parentheses. As you are in fact using it as a whole here it is fine to just use one of the alternatives for "anything", like ^
and use %{REQUEST_URI}
later. If you use some capturing (i.e. (some_regex)
you should reference it in the target by using $1
(or whatever you are going to reference) here.
In your 3rd alternative, again www + https is missing.
You can check if https is off or if the domain name contains a leading "www" in one rule, however rewrite conditions are implicitly connected with "and".
So it should read:
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://domain.tld%{REQUEST_URI} [R=301,L,NE]
The NE is necessary for passing on things like GET-parameters and the like on to the new URI unchanged, see:
http://httpd.apache.org/docs/2.4/rewrite/flags.html