1

I'm trying to redirect www.example.com to a hosted blog at https://www.example.wordpress.com. The domain redirect works, but gives me a 403 error because it's redirecting http to https. Example.com is never going to be used beyond the redirect, I don't want to get an ssl cert for it.

There's similar questions (eg., htaccess redirect to https), but these all address one of the two parts of the problem (either www.example1.com to www.example2.com, or http://domain1.com to http://domain1.com).

Here's my current .htacess. How do I add something that actually takes care of the https issue without messing up the domain redirect?

RewriteEngine on RewriteCond %{HTTPS} off RewriteRule (.*) https://www.example.wordpress.com [R=301,L]

Update: My working .htaccess file is this; apparently wordpress.com does the redirect to https itself (which I knew, but wasn't able to make work previously):

Options +FollowSymLinks RewriteEngine on RewriteCond %{HTTP_HOST} ^www.curiouscitytc.com$ [NC] RewriteRule ^(.*)$ http://www.curiouscommute.wordpress.com/$1 [R=301,L]
Improve this question
3
  • Have you tried redirecting to http? WordPress hosted websites redirect http to https. Commented Jun 10, 2015 at 2:54
  • My original .htaccess file was simply RedirectPermanent / http://www.example.wordpress.com; this gives a 403 error same as redirecting to https does. Commented Jun 11, 2015 at 2:00
  • @AWippler: That was my original thought, although apparently that does work if I use RedirectMatch instead of RedirectPermanent. Commented Jun 11, 2015 at 18:14

2 Answers 2

Reset to default
0

Try this:

RewriteEngine on RedirectMatch 301 ^(.*)$ https://www.example.wordpress.com
Improve this answer
1
  • This works ... with the exception that I'm redirecting to http instead of https; apparently wordpress does the redirect to https itself, which was my original plan. Thanks! Commented Jun 11, 2015 at 18:15
1

In short, you can't do what you're attempting to do. If the client is connecting to your server and expecting to talk HTTPS with you, you can't give it a non-HTTPS response. That's the point of "Secure" in HTTPS.

You can either use a self-signed cert, or there are plenty of low-cost (or even free) SSL certificate providers out there.

Improve this answer
7
  • A browser redirect should be fine. Commented Jun 10, 2015 at 0:09
  • @Matt You have to establish a TLS session with the client to be able to issue the redirect. Otherwise it would be trivial for me to MitM your HTTPS traffic and issue a redirect to my insecure site. This is what TLS and HSTS prevents. Commented Jun 10, 2015 at 3:53
  • maybe we're talking cross purposes or the author hasn't explained it well. The browser will establish an insecure or secure session to the original URL, read back 301 - permanent redirect, close the original session then create a new secure https session with www.example.wordpress.com. Perhaps I've misunderstood what he's wanting to do. Commented Jun 10, 2015 at 4:37
  • I believe the OP has that working (on port 80, HTTP), but now wants the same behavior when the client attempts HTTPS/port 443 (ie, add a 301 for https://www.example.com => https://www.example.wordpress.com) Commented Jun 10, 2015 at 5:22
  • @fukawi2 - As far as I know (can you tell this isn't usually in my job description?) my origin domain doesn't have any kind of SSL certificate, since I haven't set that up with the host. Any kind of redirect I try to do returns a 403 error. I did find/try a variant on this help page in the apache wki, but no go. Commented Jun 11, 2015 at 2:19

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.