I have been wanting to change My Book It from a default of HTTP to a default of HTTPS. While doing this I also wanted to ensure that everything kept working for the users to prevent issues. (or at least minimize them).
For this to run smoothly I needed to do a number of things with the URI to get it to the correct final destination which included
- Remove any www’s from before the sub domian – People like to use www in front of everything, the use of www.demo.mybookit.com.au was not uncommon.
- Accommodate both .com.au and .com addresses. – While not heavily used, some people do use just the .com
- We only hold a SSL certificate for the .com.au domains. So everyone needs to end up there without being promoted by a security warning in the process.
In essence there is two tasks that need to be performed
- remove the www if they are there
- redirect the domain to the .com.au on HTTPS
At first I thought, oh this should be easy to do with the .htaccess file. (I have fairly limited regular expression experience) so that is what I set out to do.
The removal of the www was easy. I quickly found how to do this and ended up with a .htaccess file that looked like this.
# remove www from host RewriteEngine On RewriteCond %{HTTP_HOST} ^www\.(.+) RewriteCond %{HTTPS}s/%1 ^(on(s)|offs)/(.+) RewriteRule ^ http%2://%3%{REQUEST_URI} [L,R=301]
That was the easy part. It all worked well. The next part was to redirect the site from HTTP to HTTPS. In terms of the second part I attempted to do this using the .htaccess file aswell. With my limited knowledge of regular expression I was having a difficult time performing the redirect. The main reason for this is that I didn’t want to re-direct everything over to HTTPS as this may break some of the sites features. (features which are being moved over to HTTPS). There was also the issue of having two different domains redirecting to the same site. (which I found that some are using the .com and some are using the .com.au)
Instead. I just wanted to redirect the root of the site over to HTTPS as the rest of the site would remain on HTTPS for the duration of the interaction. In the end I found that I could do this using PHP on the index.php page itself rather then via the .htaccess file.
The last thing I wanted to do was to skip one particular domain which is used for the development and test domain. I dont have an SSL certificate on that site as it should contain no private data (the sign in details are available on the website) In the end, my code ended up looking like this.
//Place the URI into an array. $data = explode('.',$_SERVER['SERVER_NAME']); // Create the subdomain variable from the first array value $subdomain = $data[0]; //Get the URI $server_host = $_SERVER["SERVER_NAME"]; ##Check if it is the development site. if($server_host != "demo.mybookit.com") { //Check if HTTPS is enabled. if (!isset($_SERVER['HTTPS']) || !$_SERVER['HTTPS']) { //HTTP Site so perform redirect header("HTTP/1.1 301 Moved Permanently"); header("Location: https://$subdomain.mybookit.com.au"); //Exit as the page is HTTP exit(); } //HTTPS Check } //Check if development
The code gets all the information it needs before checking that it is working on a valid domain. Once it is ready it then checks to see if the page is HTTP or HTTPS if HTTP performs a redirect to the domain that contains the valid certificate (i.e. the .com redirects to the .com.au)
So far this code has worked well and now we have all traffic over HTTPS to improve privacy and security.