.htaccess error - ERR_TOO_MANY_REDIRECTS

user8529958 picture user8529958 · Sep 6, 2017 · Viewed 23.1k times · Source

I have this .htaccess file to redirect http:// to https://
I also did www. to root domain redirection!
www. to root domain works! however https:// redirection doesn't! If I set RewriteCond %{HTTPS} on to RewriteCond %{HTTPS} off or RewriteCond %{HTTPS} =!on I get a browser error:

The example.com page isn’t working

mysite.com redirected you too many times.

Try clearing your cookies.

ERR_TOO_MANY_REDIRECTS


One edit I did gave me a 500 error but I reverted that back to how it was before! all I did was change: RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} to RewriteRule(.*) https://%{HTTP_HOST}%{REQUEST_URI} or RewriteRule (.*)https://%{HTTP_HOST}%{REQUEST_URI}

Anyone have any Ideas on how to fix this issue?

This is my entire .htaccess file!

<IfModule mod_rewrite.c>
 RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTPS} on          [OR]
RewriteCond %{HTTP_HOST} ^www\.   [NC]
RewriteRule ^ https://antimalwareprogram.co%{REQUEST_URI}     [R=301,L,NE]
</IfModule>

Answer

MrWhite picture MrWhite · Sep 7, 2017
RewriteCond %{HTTPS} on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Yes, this will create a redirect loop. The logic is wrong. What this says is... if HTTPS is "on" then redirect to HTTPS. You should be checking if HTTPS is "off" (or "not on", ie. !on).

(By removing the spaces between the arguments you likely created a rewrite loop, hence the 500 error. Spaces are delimiters in Apache config files.)

Try something like the following instead:

RewriteEngine On
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [R=302,L,NE]

This handles both the HTTPS and www canonical redirects. You don't need the first rule. You don't need the <IfModule> container either.

Change the 302 to 301 only when you are sure it's working OK.

Make sure you've cleared your browser cache before testing. 301s get cached hard by the browser.


UPDATE: If this still gives you the same error (a redirect loop) then it's possible that your SSL is managed by a front-end proxy, not your application server. If this is the case then you won't be able to use the HTTPS server variable. See these related questions:


It seems that in this case, ENV:HTTPS (an environment variable) needed to be used in place of HTTPS (Apache server variable). Note, however, that this is non-standard / server specific, as it implies a front-end proxy is being used to manage the SSL.