Redirecting traffic between HTTP and HTTPS
- Конфиги
- .htaccess
Redirecting traffic between HTTP and HTTPS
When you're attempting to use redirects for HTTP or HTTPS traffic, it's common to write rules into the .htaccess file. However, with Acquia Cloud's setup and Varnish sitting in front of user or customer web servers, the typical .htaccess snippets found using a Google search to redirect from either HTTP to HTTPS or HTTPS to HTTP won't always work as expected.
All of the following code examples are intended to be placed in your .htaccess file after the line:
RewriteEngine On
Redirecting all HTTP traffic to HTTPS
In the following example, the server variable HTTP_X_FORWARDED_PROTO is set to https if you're accessing the website using HTTPS, the following code will work with your Acquia-hosted website:
# Redirect HTTP to HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Redirecting all HTTPS traffic to HTTP
In addition, if visitors to a customer's website are receiving insecure content warnings due to Google indexing documents using the HTTPS protocol, traffic may need to be redirected from HTTPS to HTTP.
The rule is basically the same as the preceding example, but without the first Rewrite condition. If no SSL certificate is installed, the value of %{HTTPS} is always set to off, even when you are accessing the website using HTTPS. Use the following rule set in this case:
# Redirect HTTPS to HTTP
RewriteCond %{HTTP:X-Forwarded-Proto} =https
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Redirecting from a bare domain to the www subdomain
SSL certificates can not cover the bare domain for Acquia Cloud Professional websites unless you are using Route 53 or some other similar provider. This is because the SSL certificates for Acquia Cloud Professional websites are placed on an Elastic Load Balancer (ELB). While ELBs require CNAME records for domain name resolution, bare domains require an IP address in an A-record for the domain name (DNS) configuration and cannot have CNAME records. Therefore, it's not possible to terminate traffic to bare domains on the ELB where your SSL certificate is located without Route 53.
Even if all requests for the bare domain are redirected to www, visitors to Acquia Cloud Professional websites that explicitly request the bare domain using the HTTPS protocol, like https://mysite.com, will always receive a security warning in their browser before being redirected to https://www.mysite.com
# Redirect http://domain.com to http://www.domain.com
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Redirecting all traffic to the www SSL domain
You can force all of your traffic to go to the www domain, and to use SSL, even if they did not request it initially.
# ensure www.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Redirecting all traffic to the bare SSL domain
Acquia Cloud Enterprise customers with dedicated load balancers or who have purchased a slot on the UCC certificate on our shared load balancers have the option of redirecting all traffic to the bare domain using the HTTPS protocol:
# Redirecting http://www.domain.com and https://www.domain.com to https://domain.com
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [L,R=301]
# Redirecting http://domain.com to https://domain.com
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Excluding Acquia domains and non-production environments
To exclude the default Acquia domains from your redirects, or specific environments (such as Dev and Stage), add one or more of the following conditionals to the top of any group of rewrite rules:
RewriteCond %{ENV:AH_SITE_ENVIRONMENT} prod [NC] # only prod
RewriteCond %{ENV:AH_SITE_ENVIRONMENT} !prod [NC] # not prod
RewriteCond %{HTTP_HOST} !\.acquia-sites\.com [NC] # exclude Acquia domains
As an example, if you wanted to ensure that all the domains were redirected to https://www. except for Acquia domains, you would use something like this:
# ensure www.
RewriteCond %{HTTP_HOST} !prod\.acquia-sites\.com [NC] # exclude Acquia domains
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Source