httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gabriella Pepe <perchiopet...@gmail.com>
Subject [users@httpd] HSTS and double redirect
Date Sun, 09 Sep 2018 15:18:13 GMT
Hello Users, I was testing my website here https://hstspreload.org and I
received this error:

Error: HTTP redirects to www first

http://example (HTTP) should immediately redirect to https://example
(HTTPS) before adding the www subdomain. Right now, the first redirect is
to https://www.example. The extra redirect is required to ensure that any
browser which supports HSTS will record the HSTS entry for the top level
domain, not just the subdomain.

As far as I can understand, the redirect, to be valid, should be done this
way:

   1. http://example (this is what the user enters in the address bar)
   2. https://example (first redirect, to HTTPS)
   3. https://www.example (second redirect, to subdomain www)

At the moment, this is my htaccess code causing the redirect (the htaccess
is the ONLY thing I can edit because I'm in a very restrictive shared
hosting environment):

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Is it possible to insert another redirect here? Is it advisable? How could
I do?

Thanks anybody

Mime
View raw message