2

I am using elasticbeanstalk to redirect HTTP requests to a secure port.

I want to redirect all my requests to https://example.com.

The following scenarios are working

  • http://www.example.com --> https://example.com
  • http://example.com --> https://example.com

However,

  • https://www.example.com --> doesn't work and it redirects to https://www.example.com

I am using the following Rewrite rules

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]

I took the help of the following article to understand the use case https://simonecarletti.com/blog/2016/08/redirect-domain-http-https-www-apache/

As per my understanding, the following condition should work

RewriteCond %{HTTP_HOST} ^www\. [NC]
karan
  • 23
  • 3

1 Answers1

1

As per my understanding, the following condition should work

RewriteCond %{HTTP_HOST} ^www\. [NC]

Yes, this "works". However, your first condition:

RewriteCond %{HTTP:X-Forwarded-Proto} =http

ensures the directive is only processed for HTTP requests.

If you are using Elastic Beanstalk, then I don't believe you should be checking %{HTTPS} anyway (at least you don't need to) - since it will always be off. You can resolve your issue by removing this redundant check and moving the OR flag to the first condition. For example:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]

(Aside: You need to be careful when checking both %{HTTP:X-Forwarded-Proto} and %{HTTPS} as this could enable someone to bypass your redirect if not served from behind a proxy. If you are not serving your content from behind a proxy then you should not be checking %{HTTP:X-Forwarded-Proto}.)

Community
  • 1
MrWhite
  • 12,647
  • 4
  • 29
  • 41