Hello there,

The SSL on my osCommerce shopping cart is point to mysite.com. Not to -www.mysite.com
I choose that under the guidance of my webmaster. After reading about SEO, arguably I can say it was a mistake. Anyway, now I have this redirect in the .htaccess for the sake of consistency as there are links on the web that point to www and no-www:

Code: Select all

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.mysite.com [NC]
RewriteRule ^(.*) http://mysite.com/$1 [L,R=301]

Now if I switch and redirect no-www -> www as I would like to, then my SSL area does not work because is pointed to no-www.
I want to have the www back at least in the no SSL area, so here are my questions:

1. Is it possible to solve this through the configure.php in osCommerce
2. Is it possible to make the above to redirect no-www -> www on http only and not on https
3. Should I change the SSL to -www.mysite.com
4. Should I not worry and keep the no-www and the redirect above

Thanks

I think you'd better change your SSL to use the www prefix, since I'm not sure the SSL can be valid if you use -www.example.com instead.

Now, for the www prefix redirection, you need to set up two cases, on for SSL and one for Non SSL. By the way, your rewriterule was actually attempting to get rid of the www prefix.

This could be done the following way :

Code: Select all

Options +FollowSymLinks
RewriteEngine On
# Non SSL
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^www\.mysite.com [NC]
RewriteRule ^(.*) http://www.mysite.com/$1 [L,R=301]
# SSL
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} !^www\.mysite.com [NC]
RewriteRule ^(.*) https://www.mysite.com/$1 [L,R=301]

Or you can test the port (usually 443 for SSL) :

Code: Select all

Options +FollowSymLinks
RewriteEngine On
# Non SSL
RewriteCond %{SERVER_PORT} !^443$

RewriteCond %{HTTP_HOST} !^www\.mysite.com [NC]
RewriteRule ^(.*) http://www.mysite.com/$1 [L,R=301]
# SSL
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{HTTP_HOST} !^www\.mysite.com [NC]
RewriteRule ^(.*) https://www.mysite.com/$1 [L,R=301]

This would add the www prefix for both SSL and non SSL URLs, and allows both to be used at this stage.

++

Thanks for the response.

2 questions:

1. To apply this, should I change the SSL to -www.mysite.com first or this is a solution if I keep the SSL to mysite.com?
2. I did not see a redirect from mysite.com to -www.mysite.com

Thanks

1) I think you should but I'm not 100% sure, it's possible that the SSL cert will work on your subdomains as well (www being a genuine sub domain), but the idea followed here was to use the www prefix in all cases.

2) well the above code will force the www prefix in all cases. Humanly speaking, the code will redirect anything that is not using the www prefix on your domain, ! = different from, and !^ = that does not start with.
Any used domain that would hit this .htaccess and that would not begin with -www.yoursite.com will be redirected to -www.yoursite.com

There are two case to take care of both http and https protocol.

++

You can't redirect to fix this because the SSL check happens before the HTTP connection has been fully made.

So, you have 3 options:

1) The best option is to get a cert that supports www and non-www. RapidSSL (http://bit.ly/nnMbLu) does this nicely
2) You can also get a wildcard cert that will let you do ANYTHING.mydomain.com. It's really expensive: bit.ly/ncanL9
3) The last choice is to purchase two separate certs, one for www and one for non-www. Why would you do this when you could do #1 though.

Good luck!