.htaccess | force HTTPS for primary domain, HTTP for subdomains | Help?

Howdy WPMUDev,

I got some .htaccess help the other day from WPMUDev in testing out a setup with CloudFlare in this thread from @Ajay and @Tyler Postle and am hoping they weigh in on this one too.

Now I have settled upon my approach and have a few .htaccess needs to work out as the final pieces.

I have just installed WP via my cpanel UI, choosing https://tivism.com as the install location.

My issue is that both HTTP and HTTPS are resolving, which creates a duplicate content situation.

1) At this point, my need is trying to find some simple .htaccess rules which will redirect all primary domain traffic to HTTPS.

However, my next step is to enable a subdomain based multisite and I know from my prior testing at my host that issues exist with having the WP primary setup at HTTPS unless symlinks are created by the server admin (or by me via cpanel cron) to match any subdomains created in WP. Obviously, this isn't ideal, but it works for now.

However, I am waiting for the next release of Domain Mapping and then for MarketPress 3.0 wherein we will be able to use HTTPS subdomains to great advantage - I'm hopeful, but it will likely be awhile before these solutions are ready for live use.

So, in the meantime, my need here is to
2) use .htaccess rules which will redirect ALL subdomain traffic to HTTP.

Recap 1) This would mean that http://tivism.com http://www.tivism.com and https://www.tivism.com always redirect to https://tivism.com

Recap 2) This would mean that any subdomain of tivism.com (except some standardized ones like 'www' ? ) would always redirect to it's HTTP address from HTTPS.

Can you please help me get these rules put together?

I have searched online and experimented for days now and am not really having luck.

From what I've gathered, it seems that these goals should be doable via .htaccess, and that they may even be relatively simple sets of rules. Simple they may be, but they've proven to be well beyond my ability to figure out thus far. :slight_smile:

(Hopefully mapped domains with 'www' would not be affected - eg. http://www.tivism.org --> http://tivismorg.tivism.com)

My host at first suggested doing my redirects in the database.

My understanding of these topics is improving, but still only about two inches deep. :stuck_out_tongue:

I want to do this in .htaccess specifically vs in the database for several reasons:
*I am leery of changing things in the database and causing unintentional consequences, perhaps later on.

*I am hoping to be able to 'roll back' the subdomain redirect rules when Domain Mapping is ready to successfully do SSL admin on 'original' subdomain addresses for mapped domains.

*I have been advised about performance:
"Visitor => DNS => Host => Server => Apache => PHP => MySQL
Apache is faster than MySQL, so if you handle this using your htaccess file you will save a few precious miliseconds making your site load faster."

*I'm thinking that getting the redirects done in .htaccess reduces server load for the basically same reasons that user load times are improved

Please let me know if I have been unclear of my goal here. Thanks :slight_smile:

Best Regards,

  • Patrick

    Hey there @Max

    I hope you're having a great day!

    While I am no htaccess expert, this topic over at StackOverflow appears tp present a workable solution:

    One thing you'd need to work out though is your SSL certificate, and whether or not you need a multi-domain cert.

    Be sure to read through the comments there too for additional tips, like the link to this article:

    I hope this helps! And thanks for being a member :slight_smile:

  • wp.network

    @Patrick Thanks!

    I have a Wildcard SSL, fyi

    I liked the look of the rules supplied at the second link you supplied.

    they are:

    RewriteEngine On
    # This will enable the Rewrite capabilities
    RewriteCond %{HTTPS} !=on
    # This checks to make sure the connection is not already HTTPS
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
    # This rule will redirect users from their original location, to the same location but using HTTPS.
    # i.e.  http://www.example.com/foo/ to https://www.example.com/foo/
    # The leading slash is made optional so that this will work either in httpd.conf
    # or .htaccess context

    I have added these above my WP section and it seems to work nicely. :slight_smile:

    So thats #1 down.

    Now I set the network back up and see where I stand. I'll check back then.


  • wp.network

    Thanks again @Patrick

    I will likely be back for help with the network.

    I did find these on the web and wondered if a) you had any opinions about using such generators generally and/or b) had any specific reactions to these c) other recommendations for versatile htaccess generators, even just as learning tools?



  • Michael Bissett

    Hey @Max, just chiming in here. :slight_smile:

    I can see where these .htaccess generators would be useful, though I will say that the Cooletips one does have a lot of bells and whistles.

    They wouldn't replace the rules that WordPress generates, but it would allow you to learn how to handle certain things with .htaccess. Just make sure you're not using a live site to test this with (and of course, have a backup of the original .htaccess on hand)!

    If you're wanting to do some testing, I'd want to start with that second .htaccess generator you linked to, as that looks easier to use.

    Hope this helps!


  • wp.network

    Hey @Patrick @Michael Bissett

    I am stuck on issue #2, but with a twist

    I am using this plugin to controll HTTPS on the network generally.

    I have it set to force SSL for admin and to redirect all other https traffic http.

    This works great before I use Domain Mapping.

    After I map a domain, it all works as expected (including https for login and admin on original subdomain address) except that https requests for the frontend are no longer redirected to their http equivalents.

    You can test:

    beavertonbike.com --> beavertonbike.tivism.com
    beavertonbikes.com--> beavertonbikes.tivism.com

    My goal is to have requests for the mapped domains made using HTTPS to redirect to the equivalent HTTP URL. This should not effect the use of HTTPS for login and admin on the 'original' subdomain address.

    I believe that htaccess rules are what are needed.

    I have spent the last week doing my best to learn and apply, but this is proving quite a challenge.

    I need help making this happen.

    URL canonicalization is crucial for me, and I believe many other users would benefit from a documented answer on this issue.

    Looking forward to your ideas!


  • wp.network

    additinal notes: I am using WPMS in a 'closed network' model, mostly to manage my own sites.

    Thus, while I appreciate elegant one-time solutions that make things automagical, I am open to solutions that require specific, manual actions when setting up a new site.

    Also, I am using CloudFlare, so the canonical access url for mapped domains should be http://www.*

    beavertonbike.com is currently using CF Free --> https://www.beavertonbike.com
    beavertonbikes.com is NOT currently using CF --> https://www.beavertonbikes.com

    tivism.com is using CF Business, and is set to use HTTPS only --> https://www.tivism.com

    I can of course answer other Qs if needed, and staff access is open if you want to look at anything there.


  • Ash

    Hello @Max

    I hope you are well today.

    Would you please try the following:

    RewriteEngine On
    # This will enable the Rewrite capabilities
    RewriteCond %{HTTPS} !=on
    // if server_name like example.com (case insensitive) OR
    RewriteCond %{SERVER_NAME} =tivism.com [NC,OR]
    // server_name like http://www.example.com (case insensitive)...
    RewriteCond %{SERVER_NAME} =www.tivism.com [NC]
    # This checks to make sure the connection is not already HTTPS
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
    # This rule will redirect users from their original location, to the same location but using HTTPS.
    # i.e.  http://www.example.com/foo/ to https://www.example.com/foo/
    # The leading slash is made optional so that this will work either in httpd.conf
    # or .htaccess context

    Please let us know if it works.

    Hope it helps :slight_smile: Please feel free to ask more question if you have.


  • wp.network

    Hi @Ashok Thanks for your reply and input!

    I have tried your code above (looks like it was adapted from example at http://wiki.apache.org/httpd/RewriteHTTPToHTTPS which I was working with as well :slight_smile:

    (I also have reviewed askapache.com for many many hours now, and have just purchased the awesome htaccess reference book at http://htaccessbook.com)

    Unfortunately, the code above has not met my needs.

    Primarily because it does not address this:

    My goal is to have requests for the mapped domains made using HTTPS to redirect to the equivalent HTTP URL. This should not effect the use of HTTPS for login and admin on the 'original' subdomain address.

    Currently I am able to control the primary site's (tivism.com) HTTPS situation with either the HTTPS plugin or CF settings/page rules.

    I have chosen to use CF rules rather than using the HTTPS plugin's filters section (adding a '/') to mitigate potential spill over effects.

    Using the above code does not seem to work after disabling CF SSL rules for tivism.com... it causes an some kind of loop and errors out.

    I tried to adapt the code above to test on a test network which is NOT using CF at all, but this only threw up 500 server error page.

    The test network site I use is http://dev.tivism.com (after posting this I will add back the single slash '/' to the HTTPS plugin filters field on dev.tivism.com --> reactivating the http to https redirects the plugin provides - though for instance, check http://stage1.dev.tivism.com which has been set to redirect all https to http (including admin))


    So, lets try again! Currently, between WP itself, the HTTPS plugin, and CF pagerules I can control and canonicalize my URLs as I see fit, and it is generally working.

    for the primary: all non-www to www and ALL http to https

    for a subdomain: all www to non-www and https ONLY for admin

    for a mapped TLD: all non-www to www and ALL https to http (except for admin or specific pages, which are ONLY https via 'original' subdomain address)

    all of this is working except for redirecting "ALL https to http (except for admin or specific pages (checkouts, etc.), which are ONLY https via 'original' subdomain address)" in the case of mapped TLDs using Domain Mapping.

    Let me know if I can be more clear about my setup/objectives.

    Thanks again for all your awesome help.


  • wp.network

    I am wondering if I can use something similar to this:

    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC,OR]
    RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
    RewriteCond %{ENV:HTTPS} =on
    RewriteRule .* http://www\.example\.com%{REQUEST_URI} [R=301,L]



    is replaced by


    (this is a adapted from a snippet on the htaccessbook forums, i will be testing shortly)

  • wp.network

    ... update: So, with all CF SSL rules deactivated/removed and CF set to Development Mode for primary (tivism.com)

    tested above code with domain beavertonbikes.com which is NOT setup with CF.

    I used

    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^www\.beavertonbikes\.com$ [NC,OR]
    RewriteCond %{HTTP_HOST} ^beavertonbikes\.com$ [NC]
    RewriteCond %{ENV:HTTPS} =on
    RewriteRule .* http://www\.beavertonbikes\.com%{REQUEST_URI} [R=301,L]

    The code seemed to have no effect. It did not obviously break anything, yet it does not accomplish my aim. Navigating to https://beavertonbikes.com still tries to resolve, and therefore throws an SSL mismatch error (as expected - this is a mapped domain).

    I feel like I'm flailing a little bit, and plan to take a few hours and read the new htaccess book I got while I await an update here. Thanks again.


    Also FYI: I have reinstalled several times since I first opened this thread.
    One significant difference is that originally I had

    installed WP via my cpanel UI, choosing https://tivism.com as the install location.

    Since, I have settled on installing with HTTP and then setting the HOME URL (not SiteURL) in admin settings to use HTTPS prior to Network setup. I then check in the database primary wp_options table: entry 1 is SiteURL and set to HTTP, entry 33 is HomeURL and is set to HTTPS. All this happens before CF setup.

  • wp.network

    Here's what I'm thinking:

    For the Primary:

    RewriteCond %{HTTP_HOST} ^[[www|([w+]{1,2}|[w+]{3,})][\.*]{0,1}]tivism.com [NC]
    RewriteCond %{HTTPS} !=on
    RewriteRule ^(.*)$ https://www.tivism.com/$1 [R=301,L]

    This is meant to match a) www. b) any abnormal numbers of w's [either 1,2, or more than 3] like ww. or wwww. and also just tivism.com with no subdomain.
    Then it checks that https is not already used.
    It is then meant to redirect to the equivalent URL using https://www.

    For subdomain subsites (NOT mapped tlds):

    RewriteCond %{HTTP_HOST} ^[[w*][\.*]{0,1}]([^www].*\.)tivism.com(.*) [NC]
    RewriteCond %{THE_REQUEST} !^[\/wp-admin\/|\/wp-login\/] [NC]
    RewriteCond %{HTTPS} =on
    RewriteRule ^(.*)$ http://$1.tivism.com/$2 [R=301,L]

    This is meant to match a) any number of w's used as sub-sub domains for b) any subdomain of tivism.com except www.
    Then it checks that that the request does not match wp-admin or wp-login.
    Then it checks that HTTPS is being used.
    Then is meant to redirect to the equivalent URL using http://....tivism.com/...

    I'm sure that I'm messing this up though, particularly in dealing with the variables $1 and $2 and so on.

    I learning from the book, but the curve is rather sloped.

    Kind Regards,

  • wp.network

    grrr! no luck yet!

    I think its just over-reach to be trying to write such complex rules.

    I'm going to focus on trying to produce a set of directives that only address one mapped domain's need to redirect HTTPS to HTTP (except for login & admin --> original subdomain).

    My impression is that once I get the basic solution, I can then either repeat the treatment for every domain needed or try and condense it into a generic form that works for all my sites.

    Wish me luck :slight_smile:

    Also, save me with genius code!


  • wp.network


    RewriteEngine On
    RewriteCond %{HTTPS} =on
    RewriteCond %[HTTP_HOST} ^beavertonbikes\.com [NC]
    RewriteRule (.*) http://beavertonbikes.com/$1 [R=301,L]

    did NOT work... I had high hopes... :slight_smile:

    I'm beginning to think that perhaps these htaccess rules are not having an effect because of some unknown way that apache handles an incoming request using HTTPS... its like my attempts either throw up 500 errors or do nothing... am I just on the wrong path here? Should I be asking my host to be making adjustments in httpd.conf or some such? Arrg!/?!

    Anyways, I'll keep trying things for awhile yet as at the least I am getting my hands dirty in htaccess.

    I am definitely hoping for some timely guidance from y'all in using Domain Mapping without creating potential for duplicate content issues and/or security warnings.


  • Michael Bissett

    Hey @TIVISM,

    While I'd like to be able to provide an answer to this, this is outside what I tend to specialize in (that being CSS). To that end, I've called in our SLS guys on this one, as they'd be more qualified to provide insight on this matter.

    In the meantime though, in regards to your testing .htaccess rules, I was informed of a tool that you may find useful:


    Just to be sure though, what you're wanting is a method for:

    redirecting "ALL https to http (except for admin or specific pages (checkouts, etc.), which are ONLY https via 'original' subdomain address)" in the case of mapped TLDs using Domain Mapping.

    As mentioned in this comment:



    Please advise,

  • wp.network

    Hey @Michael Bissett

    Thanks a million for your reply!

    1) Thanks for the link; I'll tear it up :slight_smile:

    2) Your check-in on my goal seems accurate.

    I have tivism.com as primary
    I have beavertonbikes.com mapped to beavertonbikes.tivism.com

    I want to run all admin via HTTPS
    [I would like to also run the primary as HTTPS only (this is 'optional')]

    For CloudFlare compatibility tivism.com has been set to use www -
    (tivism.com is currently using CloudFlare Business w/SSL rules OFF).

    I am NOT trying to run my subdomains through CloudFlare other than DNS resolution on my Wildcard record.

    I am trying to run my mapped TLDs through CloudFlare Free and therefore use www in my mapped addresses (like http://beavertonbikes.com --> http://www.beavertonbikes.com).

    The remaining issue that I have is, in the case of mapped TLDs using Domain Mapping:

    redirecting ALL https to http except for admin (or specific pages like checkouts, etc.), which are ONLY https via 'original' subdomain address)

    as in:
    https://beavertonbikes.com and https://www.beavertonbikes.com redirected to http://www.beavertonbikes.com
    - except for login/admin, which is at https://beavertonbikes.tivism.com

    Thanks again @Michael Bissett... its great to have your help.

    I'm told that htaccess is the kinda the CSS of apache servers, perhaps you'd have a knack for it? Looking forward to the SLS brigade to set me straight... I'll keep hacking at it till then, maybe I'll get lucky :slight_smile:


  • wp.network

    Thanks @Ashok

    I appreciate that this is not an *easy* fix :slight_smile:

    @Jack Kitterhing tells me that htaccess rules are perhaps not the way to go on this and that waiting for the next Domain Mapping release is likely a more effective use of time.

    If @Jose any other ideas, I'm totally game to try them; otherwise I feel good moving forward as-is, assuming the DM release is indeed nigh :slight_smile:

    I know that there are several other users who are awaiting the same or similar functionality (@Gabe @Jetmac and @Bob come to mind).
    I'm confident that folks will increasingly be seeking HTTPS Solutions (be that using Wildcard SSLs, UCCs, SNI, or CloudFlare/etc) and that control or canonicalization of urls will also be of increasing concern.

    Kind Regards,

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.