Mindaugas Li Mindaugas Li - 1 month ago 5
Apache Configuration Question

Redirecting HTTP to HTTPS without Redirect 301

I need to have https by default on my site, so I used this .htaccess code to redirect all http traffic to https

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


Everything works great, except that website receives many POST requests coming to old http:// address, and POST data is lost when 301 is used. I can NOT stop POST requests from coming to old http:// address because they come from PHP-based scripts (installed on clients' servers), so my only possible options seem to be 307 or 308 redirects (because they keep POST data).

However, redirect 307 is considered as temporary, while I plan to use https permanently, so it doesn't seem to be the best choice? Of course, I can use 308, but this one seems to be "new" and isn't properly supported by all browsers (according to many comments I found on stackoverflow). Maybe someone knows a better rewrite rule to be used in .htaccess?

P.S. I know the best idea is to use 301 redirect and modify scripts to post data to https by default (and I did so already), but it may take a very long time while all clients will update scripts on their servers, that's why another workaround is needed too.

Answer

Keep the 301, change your conditions to these:

RewriteCond %{HTTPS} =off
RewriteCond %{REQUEST_METHOD} !=POST

If your clients' legacy scripts use any other method, you will have to change the second condition to include it, e.g.:

RewriteCond %{REQUEST_METHOD} !^(?:POST|PUT)$

Normal requests/crawling will always start with GET or HEAD thus be forced to use https, so subsequent requests will also use it. Make sure all the URLs in your site's content are relative or root-relative.