12

This is an Apache httpd 2.2 server.

We require that access to this webserver be encrypted by HTTPS.

When web clients visit my site at http://www.example.org/$foo (port 80), I want to redirect their request to the HTTPS encrypted website at https://www.example.org/$foo .

There seem to be two common ways to do this:

First method uses the 'Redirect' directive from mod_alias:

<VirtualHost *:80>
    Redirect permanent / https://www.example.org/
</VirtualHost>

Second method uses mod_rewrite:

<VirtualHost *:80>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

What is the difference between a "Redirect permanent" and the mod_rewrite stanza. Is one better then the other?

Stefan Lasiewski
  • 23,667
  • 41
  • 132
  • 186

3 Answers3

9

By default mod_rewrite does "302 Found" redirects, which are temporary. Assuming everything else is equal, Redirect permanent is equivalent to RewriteRule <blah> [R=permanent].

Mark Wagner
  • 18,019
  • 2
  • 32
  • 47
  • Actually no, `Redirect` directive handles redirect from http to https better. See Stefan's comment below and check this section of Apache documentation: http://httpd.apache.org/docs/current/rewrite/avoid.html#redirect – Gondy Mar 16 '19 at 09:56
8

Is one better then the other?

Apache now recommends the use of Redirect from mod_alias instead of using RewriteRule from mod_rewrite. See https://httpd.apache.org/docs/current/rewrite/avoid.html#redirect , which says:

mod_rewrite should be considered a last resort, when other alternatives are found wanting. Using it when there are simpler alternatives leads to configurations which are confusing, fragile, and hard to maintain.

Stefan Lasiewski
  • 23,667
  • 41
  • 132
  • 186
5

Search engines will see a permanent redirect and update their indexes accordingly.

MDMarra
  • 100,734
  • 32
  • 197
  • 329