Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
157 views
in Technique[技术] by (71.8m points)

Simple .htaccess question (www to https gives error)

My .htaccess file does EXACTLY what I need it to do. The only problem is, if I try to surf to my website adding www then it gives me a "Warning: Potential Security Risk Ahead" error.

If I type the content in the left column, it goes to:

If I type any of the urls below, they all go to: https://mywebsite.com/folder/index.html

mywebsite.com/folder/index.html
http://mywebsite.com/folder/index.html
http://www.mywebsite.com/folder/index.html
https://mywebsite.com/folder/index.html

Which is perfect. But when I add www to https:

https://www.mywebsite.com/folder/index.html

I GET the security issue it doesn't remove the www.

Any ideas what I can add or remove? Below is my current code which works perfectly for everything else I need:

Options -MultiViews

RewriteEngine On

# HTTP to HTTPS canonical redirect
RewriteCond %{HTTP_HOST} mywebsite.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule (.*) https://mywebsite.com/$1 [R=301,L]

# Abort early if the request already maps to (or looks like) a file or directory
RewriteCond %{REQUEST_URI} .w{2,4}$ [OR]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]

RewriteRule ^(products/view)/([^/]*)/?(.*) $1.php?id=$1&cat=$2&cat2=$3 [L]

RewriteRule ^(products)/([^/]*)/?(.*) $1/index.php?id=$2&cat=$3 [L]

# 3. Extensionless URLs for other requests
RewriteCond %{DOCUMENT_ROOT}/$1.php -f
RewriteRule (.*) $1.php [L]

Thank you so much in advance!

question from:https://stackoverflow.com/questions/65913464/simple-htaccess-question-www-to-https-gives-error

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Your SSL certificate is not valid for www.mywebsite.com because you have not issued it with it included. That means that, you did not enter www.mywebsite.com when issuing your SSL certificate.

How to solve this:

If you are using a service like LetsEncrypt, you can just reissue it with www.mydomain.com included.


If using self-signed cert:

If you have issued a self-signed cert, you have to reissue it with the Subject Alternative Name included.

To issue a self signed cert with the Subject Alternative Name included, do this:

  1. Create a file named req.conf, and add the following to it:
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = Two letter country code
ST = SomeState
L = SomeCity
O = MyCompany
CN = mywebsite.com
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = mywebsite.com
DNS.2 = www.mywebsite.com

And run:

openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout cert.pem -out cert.pem -config req.conf -extensions 'v3_req'

And use those certs.

BTW, if still not working:

Btw, change:

# HTTP to HTTPS canonical redirect
RewriteCond %{HTTP_HOST} mywebsite.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule (.*) https://mywebsite.com/$1 [R=301,L]

To:

# HTTP to HTTPS canonical redirect
RewriteCond %{HTTP_HOST} !mywebsite.com [NC,OR]
RewriteCond %{SERVER_PORT} 80
RewriteRule (.*) https://mywebsite.com/$1 [R=301,L]

To redirect everything that is not https://example.com


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...