Ira Rainey Ira Rainey - 2 months ago 29
Apache Configuration Question

.htaccess redirect https to http not working

I am trying to catch any https traffic to the front of my site so:

is redirected to:

However other subdomains need to be redirected elsewhere. For the most part this is all working, apart from the https -> http redirection. Here's my .htaccess file at the moment:

RewriteEngine On

RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}

RewriteCond %{HTTP_HOST} ^domain\.com [NC]
RewriteRule ^(.*)$$1 [L,R=301]

RewriteCond "%{HTTP_HOST}" !^www.* [NC]
RewriteCond "%{HTTP_HOST}" ^([^\.]+).*$
RewriteRule ^(.*)$ [L,R=301]

It would seem that this bit:

RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}

isn't working as I would imagine. In fact it doesn't seem to redirect at all.

In another subdirectory I have the opposite in effect which works fine:

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

so my thinking is the opposite should have done the job, but seemingly not.

Any thoughts anyone?


I'm thinking that this could have something to do with the fact that on the server there is an ssl cert which the ISP uses to provide a generic https address to your site. For example if you have a site at:

You can access the same content/hosting account over https by using:

Could it be that because when I type in https into the browser I'm being served the generic cert and because it doesn't match the domain name I've entered I'm getting a security warning about an untrusted cert which is stopping the redirection?


Looking at the server headers I think I am correct with my above assumption. The server is returning:

The host name in the certificate is invalid or does not match

Would this stop the redirection?


Just realised that I never closed this off, so for the benefit of anyone else trying to solve this I will now.

In short, the catch all https -> http redirection that I was trying to achieve won't work because the server is serving up the cert first which is then generating the security warning. This happens before the redirect for obvious security reasons, hence the redirect not working a I wanted.

Hope that helps somebody else.