Rewrite from http and www to https://non-www

#1
My goal is to redirect all http and www URLs to https://non-www
To this end, I have written the following lines to .htaccess:
Code:
    RewriteEngine on
    RewriteCond %{HTTPS} off [OR]
    RewriteCond %{HTTP_HOST} ^www\. [NC]
    RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
    RewriteRule ^(.*)$ https://%1/$1 [R,L]
While this works perfectly on an Apache server, this fails for redirects from https://www on a LiteSpeed server. (I use web hosting, so I do not have root access).
On https://www.litespeedtech.com/docs/webserver/config/rewrite it says: 'The implementation of LiteSpeed's rewrite engine follows the Apache's rewrite engine specifications.'
So is this a bug? If not, what can I do to achieve the goal above?
Thanks!
 
Last edited by a moderator:

NiteWave

Administrator
#2
Code:
RewriteEngine on RewriteCond %{HTTPS} off [OR] RewriteCond %{HTTP_HOST} ^www\. [NC] RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC] RewriteRule ^(.*)$ https://%1/$1 [R,L]
I tested above rules on a litespeed server, working as expected:
htttp://www.domain redirect to https://domain
https://www.domain redirect to https://domain

I did encounter a problem but not because of redirect :
Code:
#curl -I https://www.domain.com
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
if server's certificate is for *.domain.com, this error should not occur. but on my test server, the server's certificate is for domain.com only, not for www.domain.com
the workaround:
Code:
#curl -Ik https://www.domain.com
HTTP/1.1 302 Found
Date: Thu, 19 Apr 2018 04:32:36 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Location: https://domain.com/
Alt-Svc: quic=":443"; ma=2592000; v="35,37,38,39"
Connection: Keep-Alive
 
Last edited by a moderator:
#3
Thanks for checking! However, the URL https://www.dw.lpld.ch on my web hosting server is definitely not redirected while there is exactly and only the code above in the .htaccess file. Can you confirm this?

Might there be something else going on in the background? My web hoster said they were not getting into mod_rewrite rules. So I would like to point him to the issue specifically.
 
Last edited by a moderator:

NiteWave

Administrator
#4
please refer my test result:
Code:
[root@globalsupport ~]# curl -I https://www.dw.lpld.ch
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
[root@globalsupport ~]# curl -Ik https://www.dw.lpld.ch
HTTP/1.1 302 Found
Date: Sun, 22 Apr 2018 08:10:06 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Location: https://dw.lpld.ch/
Alt-Svc: quic=":443"; ma=2592000; v="35,37,38,39"
Connection: Keep-Alive
access https://www.dw.lpld.ch in Chrome, Chome gave warning
Code:
Your connection is not private
Attackers might be trying to steal your information from www.dw.lpld.ch (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
ignore this warning and proceed, in dev tool->Network tab, can see the site redirect to
Code:
Request URL: https://www.dw.lpld.ch/
Request Method: GET
Status Code: 302
Remote Address: 194.150.248.27:443
Referrer Policy: no-referrer-when-downgrade

accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="35,37,38,39"
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-length: 1123
content-type: text/html
date: Sun, 22 Apr 2018 08:18:38 GMT
location: https://dw.lpld.ch/
server: LiteSpeed
status: 302
so it's redirecting as expected. .htaccess rules has no problem.
however, it looks subtle difference here between litespeed and apache.
the fact: ssl cert is for dw.lpld.ch , NOT for www.dw.lpld.ch
so when access https://www.dw.lpld.ch,
litespeed will send dw.lpld.ch's cert to Chrome, and Chrome will show "ERR_CERT_COMMON_NAME_INVALID" ?
but if apache is running, apache will do redirect (rules in .htaccess) first, then send to Chrome, so no error ?
this is my guess. will test on a domain of ours on both apache and litespeed.
 
Last edited by a moderator:

NiteWave

Administrator
#5
confirmed on a test server: apache behaves same as litespeed.
here's test method and result:
Code:
[root@globalsupport public_html]# curl -I https://www.domain.com
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
[root@globalsupport public_html]# curl -Ik https://www.domain.com
HTTP/1.1 302 Found
Date: Sun, 22 Apr 2018 08:51:26 GMT
Server: Apache
Location: https://domain.com/
Content-Type: text/html; charset=iso-8859-1
note: I replaced actual domain name with domain.com
 
#6
@NiteWave, thanks for dealing with this. However, I don't understand your conclusions.

curl might have troubles on both, Litespeed and Apache.

But your findings from before still hold:
however, it looks subtle difference here between litespeed and apache.
the fact: ssl cert is for dw.lpld.ch , NOT for www.dw.lpld.ch
so when access https://www.dw.lpld.ch,
litespeed will send dw.lpld.ch's cert to Chrome, and Chrome will show "ERR_CERT_COMMON_NAME_INVALID" ?
but if apache is running, apache will do redirect (rules in .htaccess) first, then send to Chrome, so no error ?
Chrome/Firefox/Safari are sent the cert before the redirect. That is a crucial difference. Does the error lie in Litespeed, then?
 
Last edited by a moderator:

NiteWave

Administrator
#7
this was the question before I did tests with apache,
after did tests with apache, apache also behavior exactly in this way.
so there is no subtle difference here between apache and litespeed.
 
Top