So, %{HTTPS} is guaranteed to always be
on? I've never seen a host do that, but I suppose it's possible. You would not need the first RewriteCond. Even if I type in
http://xxx.com, you will see it as
https://xxx.com (and it gets a 301 back to my browser)? Normally a host does
not do this, and it's up to you in .htaccess to fix it when people typed in (or used an old bookmark or search engine index) with http:. And don't forget to update your OC configuration files so that https: is used in every link.
Anyway, if you are getting
https://xxx.com changed to
https://www.www.xxx.com, it sounds like your RewriteCond is always triggering, even if on the second pass of the .htaccess file (the [L] flag says to
leave, and start processing .htaccess all over again). At this point, %{HTTP_HOST}
should be
www.xxx.com, so the RewriteCond should not trigger. By the way, all you need is
!^www\., and not the
(.*)$ part. Then, in the RewriteRule, I strongly suggest
not using %{HTTP_HOST} (which should be
www.xxx.com the second time around), but hard coding just
www.xxx.com.
Code: Select all
RewriteCond %{HTTPS} on <<< if it reaches here with http:, it will not be changed to https://www.xxx.com!
<<< that's why I used !on
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.xxx.com/$1 [R=301,L]