www vs no-www and SSL

Discussions about Apache mod Rewrite, .htaccess, Use, experiences ... URL Rewriting.

Moderator: Moderators

www vs no-www and SSL

Postby opitanga » Sun Jul 27, 2008 1:41 am

Hello there,

The SSL on my osCommerce shopping cart is point to mysite.com. Not to -www.mysite.com
I choose that under the guidance of my webmaster. After reading about SEO, arguably I can say it was a mistake. Anyway, now I have this redirect in the .htaccess for the sake of consistency as there are links on the web that point to www and no-www:

Code: Select all
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.mysite.com [NC]
RewriteRule ^(.*) http://mysite.com/$1 [L,R=301]


Now if I switch and redirect no-www -> www as I would like to, then my SSL area does not work because is pointed to no-www.
I want to have the www back at least in the no SSL area, so here are my questions:

1. Is it possible to solve this through the configure.php in osCommerce
2. Is it possible to make the above to redirect no-www -> www on http only and not on https
3. Should I change the SSL to -www.mysite.com
4. Should I not worry and keep the no-www and the redirect above

Thanks
opitanga
 
Posts: 8
Joined: Fri Jul 25, 2008 1:26 pm

Advertisement

Postby dcz » Sun Jul 27, 2008 8:03 am

I think you'd better change your SSL to use the www prefix, since I'm not sure the SSL can be valid if you use -www.example.com instead.

Now, for the www prefix redirection, you need to set up two cases, on for SSL and one for Non SSL. By the way, your rewriterule was actually attempting to get rid of the www prefix.

This could be done the following way :
Code: Select all
Options +FollowSymLinks
RewriteEngine On
# Non SSL
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^www\.mysite.com [NC]
RewriteRule ^(.*) http://www.mysite.com/$1 [L,R=301]
# SSL
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} !^www\.mysite.com [NC]
RewriteRule ^(.*) https://www.mysite.com/$1 [L,R=301]


Or you can test the port (usually 443 for SSL) :
Code: Select all
Options +FollowSymLinks
RewriteEngine On
# Non SSL
RewriteCond %{SERVER_PORT} !^443$

RewriteCond %{HTTP_HOST} !^www\.mysite.com [NC]
RewriteRule ^(.*) http://www.mysite.com/$1 [L,R=301]
# SSL
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{HTTP_HOST} !^www\.mysite.com [NC]
RewriteRule ^(.*) https://www.mysite.com/$1 [L,R=301]


This would add the www prefix for both SSL and non SSL URLs, and allows both to be used at this stage.

++
Useful links :
SEO Forum || SEO Directory || SEO phpBB || Search
____________________

Liens Utiles :
Forum référencement || Annuaire référencement || Référencement phpBB || Recherche
dcz
Admin
Admin
 
Posts: 21325
Joined: Fri Apr 28, 2006 9:03 pm

Postby opitanga » Mon Jul 28, 2008 2:00 pm

Thanks for the response.

2 questions:

1. To apply this, should I change the SSL to -www.mysite.com first or this is a solution if I keep the SSL to mysite.com?
2. I did not see a redirect from mysite.com to -www.mysite.com

Thanks
opitanga
 
Posts: 8
Joined: Fri Jul 25, 2008 1:26 pm

Postby dcz » Tue Jul 29, 2008 7:19 am

1) I think you should but I'm not 100% sure, it's possible that the SSL cert will work on your subdomains as well (www being a genuine sub domain), but the idea followed here was to use the www prefix in all cases.

2) well the above code will force the www prefix in all cases. Humanly speaking, the code will redirect anything that is not using the www prefix on your domain, ! = different from, and !^ = that does not start with.
Any used domain that would hit this .htaccess and that would not begin with -www.yoursite.com will be redirected to -www.yoursite.com

There are two case to take care of both http and https protocol.

++
Useful links :
SEO Forum || SEO Directory || SEO phpBB || Search
____________________

Liens Utiles :
Forum référencement || Annuaire référencement || Référencement phpBB || Recherche
dcz
Admin
Admin
 
Posts: 21325
Joined: Fri Apr 28, 2006 9:03 pm

Re: www vs no-www and SSL

Postby snakeo » Tue Sep 20, 2011 2:49 am

You can't redirect to fix this because the SSL check happens before the HTTP connection has been fully made.

So, you have 3 options:

1) The best option is to get a cert that supports www and non-www. RapidSSL (http://bit.ly/nnMbLu) does this nicely
2) You can also get a wildcard cert that will let you do ANYTHING.mydomain.com. It's really expensive: bit.ly/ncanL9
3) The last choice is to purchase two separate certs, one for www and one for non-www. Why would you do this when you could do #1 though.

Good luck!
snakeo
 
Posts: 1
Joined: Tue Sep 20, 2011 2:46 am


Return to Apache mod Rewrite

Who is online

Users browsing this forum: No registered users and 6 guests