Activities

September 2012
M T W T F S S
« Aug   Oct »
 12
3456789
10111213141516
17181920212223
24252627282930

Apache : Forcing all url to https on www domain

One of the client purchased the SSL certificate (Secure Site with EV) from Verisign.com. Unfortunately this certificate can protect the only the “www” domain name unlike other CA authorities ie Most of the CA authorites providing standard SSL certificate with “www” prefix along with their domain name. So that we can protect https://domain.com and https://www.domain.com.

Pls note Verisign SS EV Certificate will cost $1.700/2year which is intend to protect sesitive date like Finance, Banking and Medical type data. Moreover they do offers free site malware scanning and Vulnerabilities Assessment along with this order. Go it’s good to go.. 🙂

So I has to use all the secured links run under “www” prefix. When I use “force https” in Apache, it can only operate the name “HTTP_HOST” not “www.domain.com” So this technique will not work in this scenario.

Here are my Apache Rewrite rules

Step 1 :Set Rewrite rules

RewriteEngine On
RewriteCond %{HTTP_HOST} !^.domain\.com [NC]
RewriteRule ^(.*)$ https://www.domain.com$1 [R,L]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^([a-z.]+)$ [NC]
RewriteRule ^/(.*)$ https://www.%1/$1 [R=301,L]

Step 2 :Set application to force ssl connection

Moreover I need to tune the application to forcefully listen only on www and https request. As I uses codeigniter php frame work, There is an options to change the base urls in it’s config files under application config folder. The following files needed to update to achieve this
1. application/config/siteconfig.php
2. application/config/config.php

Edit both files and change the “base_url” value to https

#vi application/config/config.php // change the http to https
$config['base_url'] = "https://".$_SERVER['SERVER_NAME'];
#vi application/config/siteconfig.php // change the http to https
$config['site_baseurl']                                                 = "https://".$_SERVER['SERVER_NAME'];

Updated on 29rd July 2013. Worked like a charm on Godaddy shared hosting [Thanks stackoverflow.com
The following line will re-direct all the http traffic to www.domain.com.It is working fine on Godaddy shared hosting.

RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

## Following part is for Codignator re-direction
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]

All set.. Let’s start testing 🙂

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>