I have this .htaccess file to redirect http://
to https://
I also did www.
to root domain redirection!
www.
to root domain works! however https://
redirection doesn't!
If I set RewriteCond %{HTTPS} on
to RewriteCond %{HTTPS} off
or RewriteCond %{HTTPS} =!on
I get a browser error:
The example.com page isn’t working
mysite.com redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS
One edit I did gave me a 500 error but I reverted that back to how it was before! all I did was change: RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
to RewriteRule(.*) https://%{HTTP_HOST}%{REQUEST_URI}
or RewriteRule (.*)https://%{HTTP_HOST}%{REQUEST_URI}
This is my entire .htaccess
file!
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTPS} on [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://antimalwareprogram.co%{REQUEST_URI} [R=301,L,NE]
</IfModule>
RewriteCond %{HTTPS} on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Yes, this will create a redirect loop. The logic is wrong. What this says is... if HTTPS is "on" then redirect to HTTPS. You should be checking if HTTPS is "off" (or "not on", ie. !on
).
(By removing the spaces between the arguments you likely created a rewrite loop, hence the 500 error. Spaces are delimiters in Apache config files.)
Try something like the following instead:
RewriteEngine On
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [R=302,L,NE]
This handles both the HTTPS and www canonical redirects. You don't need the first rule. You don't need the <IfModule>
container either.
Change the 302
to 301
only when you are sure it's working OK.
Make sure you've cleared your browser cache before testing. 301s get cached hard by the browser.
UPDATE: If this still gives you the same error (a redirect loop) then it's possible that your SSL is managed by a front-end proxy, not your application server. If this is the case then you won't be able to use the HTTPS
server variable. See these related questions:
It seems that in this case, ENV:HTTPS
(an environment variable) needed to be used in place of HTTPS
(Apache server variable). Note, however, that this is non-standard / server specific, as it implies a front-end proxy is being used to manage the SSL.