www.webdeveloper.com
Results 1 to 6 of 6

Thread: HTTPS redirect MULTIPLE domain names

  1. #1
    Join Date
    Sep 2013
    Location
    Earth
    Posts
    5

    HTTPS redirect MULTIPLE domain names

    Here is the situation. I have a website that has two domain names. Each domain name points to the same server. Each domain may access http and https and serves the same content. Some users use one domain and others use the other domain. They each serve the same content.

    I am looking for a means to redirect each domain request on http to its corosponding https page.

    http://domain1.com ---> https://domain1.com
    http://domain2.com ---> https://domain2.com

    Typically this action could be performed for a single url with a .htaccess modification using:
    Code:
    RewriteEngine On
    RewriteCond %{HTTPS} on
    RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
    Due to the technical setup of the server, I am unable to use {HTTP_HOST} When called it returns "example.subsite" and contains neither of the two domain names.

    I'm thinking using a php redirect in the header might be a means to accomplish this.

    Anyone able to offer any ideas?

    I've done tons of searching but not been able to find any means to do this other than using HTTP_HOST.

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,246
    The PHP redirect thing could probably be made to work, with the exception possibly being if POST data is involved, in which case I'm not sure if a redirect would pass that along or not. (I guess it wouldn't be too hard to test that?)

    You can look at $_SERVER['HTTPS'] to figure out if it needs to be redirected or not (see notes on this page if using IIS). I'd probably just do a couple tests outputting all of $_SERVER to figure out which other elements have the info needed to build your redirected URL:
    PHP Code:
    <?php
    echo "<pre>".print_r($_SERVER,1)."</pre>";
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Sep 2013
    Posts
    221
    I have used the below code and it works quite well. But i have used it with cookie.

    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^example1\.com$ [NC]
    RewriteCond %{SERVER_PORT} !443
    RewriteCond %{HTTP_COOKIE} !disable_ssl [NC]
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [L,QSA,R=301]

    Hope this helps you.
    strad solutionswww.stradsolutions.com

  4. #4
    Join Date
    Sep 2013
    Location
    Earth
    Posts
    5
    Using your advice I've managed to construct the following solution:

    Code:
    if (($_SERVER[HTTP_X_FORWARDED_PROTO] == "http") && ($_SERVER[HTTP_HOST] == "www.domain1.com"))
    {header("Location: https://www.domain1.com$_SERVER[PHP_SELF]"); die();}
    elseif (($_SERVER[HTTP_X_FORWARDED_PROTO] == "http") && ($_SERVER[HTTP_HOST] == "www.domain2.com"))
    {header("Location: https://www.domain2.com$_SERVER[PHP_SELF]"); die();}
    I'm really new to php. Any advice or other ways to improve the code?

  5. #5
    Join Date
    Sep 2013
    Location
    Earth
    Posts
    5
    The line:
    Code:
    "Location: https://www.domain2.com$_SERVER[PHP_SELF]"
    Is vunerable to a HTTP response splitting attack.
    Currently looking for a means to sanitize.

  6. #6
    Join Date
    Sep 2013
    Location
    Earth
    Posts
    5
    It seems that using $_SERVER[SCRIPT_NAME] rather than $_SERVER[PHP_SELF] will sanatizes the input.

    Code:
    if (($_SERVER[HTTP_X_FORWARDED_PROTO] == "http") && ($_SERVER[HTTP_HOST] == "www.domain1.com"))
    {header("Location: https://www.domain1.com$_SERVER[SCRIPT_NAME]"); die();}
    elseif (($_SERVER[HTTP_X_FORWARDED_PROTO] == "http") && ($_SERVER[HTTP_HOST] == "www.domain2.com"))
    {header("Location: https://www.domain2.com$_SERVER[SCRIPT_NAME]"); die();}

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles