Redirecting to HTTPS and WWW address (non www address redirects to www)

ssl

#1

Hello, I’ve looked over the documents and need some help/clarification on my issue. I’m a little stuck with the .htaccess rules and hoping someone with experience can pick up my issue.

I’m using the flexible SSL.

First I set redirection rules .htaccee at my domain. Which caused several redirects and loops. So I deleted everything and set “Page Rules” as follows.

http://example.com/ > ALWAYS USE SSL
This works great. However, I want the domain without WWW to redirect to WWW.

Example:
http://www.example.com > Redirects to https://www.example.com (Correct)

http://example.com > Redirects to https://example.com (INCORRECT - I want it to redirect to the https://www.example.com version

I tried the following .htacess on my server which worked without cloudflare:

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.example.com$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

I’ve also tried this:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^yoursite.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.yoursite.com [NC]
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [L,R=301,NC]

Can anyone point out where I’ve gone wrong or if I need to add further rules to identify cloudflare so that it doesn’t go into a loop.

I understand you can do some of this with forwarding rules in Page Rules. But I would prefer doing this at my server level using .htaccess if possible.And use the page rules instead for bypassing caching etc.

Thanks


#2

Hi!

Since your origin is attempting to force https and you are on Flexible SSL, this is causing a problem.

Flexible mode works by not encrypting traffic to and from your origin and Cloudflare. Because your origin is forcing https and the request is then redirected to Cloudflare where Cloudflare again tries to send the same http request, an infinite loop is occurring.

To fix this you have a few options:

  • Enable Full or Full Strict mode. (What are SSL options?) This would require installing a certificate at your origin, but good news this is free and easy using Cloudflare’s Origin CA certificates. Assuming you are using Apache you can see this article on how to install.
  • Like you mentioned you’d like to avoid page rules but you can implement this with page rules and remove the redirect at your origin. If you start running out of page rules, they can be purchased a la carte. How do I redirect all visitors to HTTPS/SSL?

Please note this will keep your site under Flexible SSL, where traffic between your origin and Cloudflare’s edge is not encrypted but clients will still see HTTPS in their browsers. I recommend the free and secure method of installing a origin CA certificate personally. Hope that helped!


#3

Thank you - that makes perfect sense.
And I didn’t know you could get a free SSL from cloudflare for the origin. So I will enable the full option with the certificate.

Thanks again.


#4

.htaccess redirect www to non-www with SSL/HTTPS
I’ve got several domains operating under a single .htaccess file, each secured via SSL. I need to force https on every domain while also ensuring www’s redirect to non-www’s. Here’s what I’m using which doesn’t work:

RewriteCond %{HTTP_HOST} ^www.%{HTTP_HOST}
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI}/$1 [R=301,L]

Example: https://www.itsmarttricks.com/

should redirect to… https://itsmarttricks.com