Rewrite from http and www to https://non-www

Discussion in 'General' started by FLeupold, Apr 18, 2018.

  1. FLeupold

    FLeupold New Member

    My goal is to redirect all http and www URLs to https://non-www
    To this end, I have written the following lines to .htaccess:
    Code:
        RewriteEngine on
        RewriteCond %{HTTPS} off [OR]
        RewriteCond %{HTTP_HOST} ^www\. [NC]
        RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
        RewriteRule ^(.*)$ https://%1/$1 [R,L]
    While this works perfectly on an Apache server, this fails for redirects from https://www on a LiteSpeed server. (I use web hosting, so I do not have root access).
    On https://www.litespeedtech.com/docs/webserver/config/rewrite it says: 'The implementation of LiteSpeed's rewrite engine follows the Apache's rewrite engine specifications.'
    So is this a bug? If not, what can I do to achieve the goal above?
    Thanks!
     
    Last edited by a moderator: Apr 19, 2018
  2. NiteWave

    NiteWave Administrator

    I tested above rules on a litespeed server, working as expected:
    htttp://www.domain redirect to https://domain
    https://www.domain redirect to https://domain

    I did encounter a problem but not because of redirect :
    Code:
    #curl -I https://www.domain.com
    curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
    
    if server's certificate is for *.domain.com, this error should not occur. but on my test server, the server's certificate is for domain.com only, not for www.domain.com
    the workaround:
    Code:
    #curl -Ik https://www.domain.com
    HTTP/1.1 302 Found
    Date: Thu, 19 Apr 2018 04:32:36 GMT
    Accept-Ranges: bytes
    Server: LiteSpeed
    Cache-Control: no-cache, no-store, must-revalidate, max-age=0
    Location: https://domain.com/
    Alt-Svc: quic=":443"; ma=2592000; v="35,37,38,39"
    Connection: Keep-Alive
    
     
    Last edited by a moderator: Apr 19, 2018
  3. FLeupold

    FLeupold New Member

    Thanks for checking! However, the URL https://www.dw.lpld.ch on my web hosting server is definitely not redirected while there is exactly and only the code above in the .htaccess file. Can you confirm this?

    Might there be something else going on in the background? My web hoster said they were not getting into mod_rewrite rules. So I would like to point him to the issue specifically.
     
    Last edited by a moderator: Apr 23, 2018
  4. NiteWave

    NiteWave Administrator

    please refer my test result:
    Code:
    [root@globalsupport ~]# curl -I https://www.dw.lpld.ch
    curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
    [root@globalsupport ~]# curl -Ik https://www.dw.lpld.ch
    HTTP/1.1 302 Found
    Date: Sun, 22 Apr 2018 08:10:06 GMT
    Accept-Ranges: bytes
    Server: LiteSpeed
    Cache-Control: no-cache, no-store, must-revalidate, max-age=0
    Location: https://dw.lpld.ch/
    Alt-Svc: quic=":443"; ma=2592000; v="35,37,38,39"
    Connection: Keep-Alive
    
    access https://www.dw.lpld.ch in Chrome, Chome gave warning
    Code:
    Your connection is not private
    Attackers might be trying to steal your information from www.dw.lpld.ch (for example, passwords, messages, or credit cards). Learn more
    NET::ERR_CERT_COMMON_NAME_INVALID
    
    ignore this warning and proceed, in dev tool->Network tab, can see the site redirect to
    Code:
    Request URL: https://www.dw.lpld.ch/
    Request Method: GET
    Status Code: 302
    Remote Address: 194.150.248.27:443
    Referrer Policy: no-referrer-when-downgrade
    
    accept-ranges: bytes
    alt-svc: quic=":443"; ma=2592000; v="35,37,38,39"
    cache-control: no-cache, no-store, must-revalidate, max-age=0
    content-length: 1123
    content-type: text/html
    date: Sun, 22 Apr 2018 08:18:38 GMT
    location: https://dw.lpld.ch/
    server: LiteSpeed
    status: 302
    
    so it's redirecting as expected. .htaccess rules has no problem.
    however, it looks subtle difference here between litespeed and apache.
    the fact: ssl cert is for dw.lpld.ch , NOT for www.dw.lpld.ch
    so when access https://www.dw.lpld.ch,
    litespeed will send dw.lpld.ch's cert to Chrome, and Chrome will show "ERR_CERT_COMMON_NAME_INVALID" ?
    but if apache is running, apache will do redirect (rules in .htaccess) first, then send to Chrome, so no error ?
    this is my guess. will test on a domain of ours on both apache and litespeed.
     
    Last edited by a moderator: Apr 23, 2018
  5. NiteWave

    NiteWave Administrator

    confirmed on a test server: apache behaves same as litespeed.
    here's test method and result:
    Code:
    [root@globalsupport public_html]# curl -I https://www.domain.com
    curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
    [root@globalsupport public_html]# curl -Ik https://www.domain.com
    HTTP/1.1 302 Found
    Date: Sun, 22 Apr 2018 08:51:26 GMT
    Server: Apache
    Location: https://domain.com/
    Content-Type: text/html; charset=iso-8859-1
    
    note: I replaced actual domain name with domain.com
     
  6. FLeupold

    FLeupold New Member

    @NiteWave, thanks for dealing with this. However, I don't understand your conclusions.

    curl might have troubles on both, Litespeed and Apache.

    But your findings from before still hold:
    Chrome/Firefox/Safari are sent the cert before the redirect. That is a crucial difference. Does the error lie in Litespeed, then?
     
    Last edited by a moderator: Apr 24, 2018
  7. NiteWave

    NiteWave Administrator

    this was the question before I did tests with apache,
    after did tests with apache, apache also behavior exactly in this way.
    so there is no subtle difference here between apache and litespeed.
     

Share This Page