Support

Admin Tools

#22593 non-www to www full URL redirect over HTTPS

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Friday, 08 May 2015 01:41 CDT

Thursday, 07 May 2015 02:23 CDT

user58746
Hi,

Through the htaccess maker we we're able to do non-www to www redirections with full URL.

e.g. our_site/ourwork/ourworkA it goes to our_site/ourwork/ourworkA .

In preparation for a site we will be deploying that will require HTTPS, will the non-www to www
redirection with full URL work over HTTPS?

e.g. https://our_site/ourwork/ourworkA to https://www.our_site/ourwork/ourworkA

Please advise.

Thanks.

Thursday, 07 May 2015 02:56 CDT

nicholas
It depends. The redirection does work, but whether the browser can validate the certificate is another story.

Usually SSL certificates are issued against a specific domain name, e.g. www.example.com. This means that the certificate is not valid for example.com or something.example.com. So while the non-www to www redirection WILL work, your browser will show a certificate warning (typically, a spooky page) upon visiting example.com. If you accept to continue the redirection does work.

The only way around this is a star certificate which validates for *.example.com including example.com and www.example.com. These certificates are much more expensive, though.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 08 May 2015 00:06 CDT

user58746
Hi Nicholas,

Thanks for the speedy reply.

From what I understand from your reply, the non-www to www redirection with full URL
over HTTPs may fail due to browser validation of the certificate?

Also another inquiry, as part of client requirements, we would not be using the htaccess
maker of the Admin Tools as they have already some htaccess rules integrated.

To support the non-www to www with full URL redirection, can we simply copy
the rule below generated by the htaccess maker and copy it to the existing htaccess
of the client?

##### Redirect index.php to / -- BEGIN
RewriteCond %{THE_REQUEST} !^POST
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$
RewriteRule ^index\.php$ http%2://kika.ca/ [R=301,L]
##### Redirect index.php to / -- END
##### Redirect non-www to www -- BEGIN
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
##### Redirect non-www to www -- END

Please advise.

Thanks.

Friday, 08 May 2015 01:41 CDT

nicholas
From what I understand from your reply, the non-www to www redirection with full URL

over HTTPs may fail due to browser validation of the certificate?


No. That's the wrong way to understand it. What happens depends on the user, the browser and the SSL certificate. If the user visits https://example.com (not http://example.com or just type example.com) AND the SSL certificate is tied only to the www domain AND the browser displays a popup / spooky page which blocks the browser from connecting to the server AND the user decides to cancel the request instead of proceeding THEN the redirection will not take place because the browser never connected to the server, NOT because the redirection didn't work.

However, most people will visit a web site only in two ways:
  1. Click on a link. It's reasonable to expect that the link will be in the form https://www.example.com so no problem
  2. Type example.com in the browser. This is also NOT a problem.


The latter case requires some more analysis. When you type akeebabackup.com in your browser's address bar the browser understands http://akeebabackup.com. Upon visiting http://akeebabackup.com the non-www to www redirection kicks in and the browser is redirected to http://www.akeebabackup.com. At this point Joomla! starts to load. Since I've set SSL to Entire Site in our site's Global Configuration, Joomla! redirects you to https://www.akeebabackup.com. Now the browser continues loading normally because the SSL certificate, issued for www.akeebabackup.com, matches the URL you are asking it to visit.

As a result you don't have a problem UNLESS you deliberately visit https://akeebabackup.com. But that makes no sense, right? Why would you deliberately type an invalid URL and get a spooky page?

Also another inquiry, as part of client requirements, we would not be using the htaccess

maker of the Admin Tools as they have already some htaccess rules integrated.


In this case we will not offer any assistance regarding the .htaccess file. It's not that we're bad people or something. It's simply because we can't possibly know how a snippet of our code will work when mixed with third party code we have no control over. That's the reason we offer a .htaccess Maker and not a .htaccess Snippet Maker feature :)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!