What's the best way to force HTTPS and WWW but allow localhost?

What's the best way to force HTTPS and WWW but allow localhost?

HTACCESS force HTTPS and WWW but allow localhost

It is important to force HTTPS and WWW for several reasons: earn the trust of your visitors by showing the connection is secure, and, if you are using a subdomain such as www, keeping consistency with your visitors and your reporting, on your cheap web hosting for example.

It can easily become complicated in reporting engines like Google Search Console to have different views for the exact same site and pages. One with secure HTTPS connection, one without, and one of each with Web subdomain www and another one without, and even become a nightmare leading you to have to setup a Google Analytics subdomain filter to have consistent reporting.

There are actually some easy ways to ensure that all visitors will be redirected to the secure in HTACCESS force HTTPS version of the site and the Web subdomain, without impacting the visits, and itcan also be used to redirect website to another website with this simple and elegant method.

And, on top of that, and to make it complete, to make sure that the localhost subdomain can be accessed without the Web subdomain or the redirect to HTTPS, and that pages ending with slash will be redirected to normal page, in order to avoid double count of the same pages in reports.

Let's get rid of all these duplicate pages, which make it difficult at the end to properly agregate analytics:

  • http://mywebsite.com/page

  • http://mywebsite.com/page/

  • https://mywebsite.com/page

  • https://mywebsite.com/page/

  • http://www.mywebsite.com/page

  • http://www.mywebsite.com/page/

  • https://www.mywebsite.com/page

  • https://www.mywebsite.com/page/

  • All this will be done by updating the .htaccess file, which is a hidden file used on Apache servers, usually stored on website's root folder.

Redirect page ending with slash

To remove the ending slash from the URL ending with one of them, and to have the requests redirected to the standard page without the slash, simply match URLs starting and ending with a slash, make sure it is not a directory being requested, and redirect to the whole request URI without the ending slash.

Also, redirect the page to the secure Web URL that should be correct - this will solve directly all of your potential issues, including ending slash, non secure request, or non Web subdomain.

We need also then an additional piece of code to make sure that any request to a directory ends with a slash, as normal website directories URLs will end up with one of them.

# Remove trailing slash from non-filepath urls
RewriteCond %{REQUEST_URI} /(.+)/$
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ https://www.mywebsite.com/%1 [R=301,L]
# Include trailing slash on directory
RewriteCond %{REQUEST_URI} !(.+)/$
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.+)$ https://www.mywebsite.com/$1/ [R=301,L]

HTACCESS force HTTPS and force WWW htaccess

Now that the ending slash issue is solved, let's focus on the missing HTTPS or missing Web subdomain that can happen, with an htaccess redirect http to https with force www.

The easiest and most stylish way to make it happen, is to have both of them identified in the exact same htaccess condition.

This is done easily by matching URLs not starting with Web subdomain, or any request not including the HTTPS, and redirecting the the correct URL of our website, which includes both the secure connection and the Web subdomain www.

# HTACCESS force HTTPS and force WWW htaccess 
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [OR,NC]
RewriteCond %{https} off
RewriteRule ^(.*)$ https://www.mywebsite.com/$1 [R=301,L]

Force HTTPS and WWW but allow localhost

Now, this is all good, but what happens when we actually try to reach our Website in development mode on XAMPP local server, but all our requests to http://localhost now get redirected to https://www.mysite.com - our production version?

Well the solution is to reuse the previous piece of code that enforces HTTPS and WWW version of the URL request, but start it by excluding from the check requests that are either adressed to localhost or to our local IP address, which is 127.0.0.1.

And that's it, we now have a beautiful piece of code that will solve all our problems!

# HTACCESS force HTTPS and force WWW htaccess 
RewriteCond %{HTTP_HOST} !^localhost [NC]
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [OR,NC]
RewriteCond %{https} off
RewriteRule ^(.*)$ https://www.mywebsite.com/$1 [R=301,L]

Redirect HTTP to HTTPS htaccess, force WWW and remove ending slash

The whole piece of code below can be used in the HTACCESS file to achieve all the following:

Redirect HTTP to HTTPS in htacces,

Force WWW in htaccess,

Remove ending slash in URL.

Of course, do not forget to change the website URL for the one applying to you.

It can even be used to redirect website to another website by simply changing the destination URLs to your other best cheap web hosting website:

#--------------------------------------------------
# Force WWW htaccess : /
#--------------------------------------------------
#### Force HTTPS://WWW and remove trailing / from files ####
## Turn on rewrite engine
RewriteEngine on

# Remove trailing slash from non-filepath urls
RewriteCond %{REQUEST_URI} /(.+)/$
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ https://www.mywebsite.com/%1 [R=301,L]

# Include trailing slash on directory
RewriteCond %{REQUEST_URI} !(.+)/$
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.+)$ https://www.mywebsite.com/$1/ [R=301,L]

# HTACCESS force HTTPS and force WWW htaccess
RewriteCond %{HTTP_HOST} !^localhost [NC]
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [OR,NC]
RewriteCond %{https} off
RewriteRule ^(.*)$ https://www.mywebsite.com/$1 [R=301,L]

Similar articles

Comments (0)

Leave a comment

Find the perfect Freelance Services for your business from fiverr.com!
Find the perfect Freelance Services for your business from fiverr.com!