I suppose technically this is more Apache than html, but Dynamic Drive has no Apache forum, and html seems a bit more descriptive than "other," so I hope y'all will indulge me:

My .htaccess file begins with the following:


ErrorDocument 404 /404.html
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^marainlaw\.com
RewriteRule ^(.*)$ https://www.marainlaw.com/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=301,L]

Might someone be able to indicate exactly what the "RewriteRule ^(.*)$ https://www.marainlaw.com/$1 [R=301,L]" statement does, and what would be the effect of its removal?

A.

See this (https://www.hostinger.com/tutorials/ssl/forcing-https).
You could also use javascript to redirect the visitor to https:// by doing something like
/*HTTP to HTTPS redirect for a site having 'yoursite.com' as its domain name*/
/*Put this on all pages of yoursite:*/
var my_domain='yoursite.com'
if (location.protocol == 'http:' && document.URL.substring(document.URL.indexOf(my_domain), document.URL.length).substring(0, my_domain.length) == my_domain) {location.href = location.href.replace(/^http:/, 'https:')}

RewriteRule ^(.*)$ https://www.marainlaw.com/$1 [R=301,L] was in my .htaccess file. It was forcing all visits to http pages to instead seek an https page, including for subdomains. That is good--I wanted that. NOW, however, I have an additional subdomain that I want excluded from that force. Let's call it xyz subdomain. I am looking for an .htaccess modification that can keep the forced http ---> https for all domains and subdomains except for this xyz subdomain, which should remain http.

Remove the RewriteRule from the .htaccess file , then put

<script>
var my_domain='marainlaw.com'
if (location.protocol == 'http:' && document.URL.substring(document.URL.indexOf(my_domain), document.URL.length).substring(0, my_domain.length) == my_domain) {location.href = location.href.replace(/^http:/, 'https:')}
</script>
in all pages where you want to redirect your visitors to https://. So you should not put the script in the pages of the xyz subdomain.

Molendijk,

First of all, thank you!

Your facility with javascript is two or three orders of magnitude greater than mine. I vaguely follow what you suggest, and assume your solution will work. But (ungrateful wretch that I am), I was hoping for something (a line or two perhaps in .htaccess?) just a bit more elegant.

Regardless, you focused hard on my question, and deserve a thanks. Here it is!

Best,

A.

Marain, thanks.
For now, I'm unsure about how to do it inside the .htaccess file, sorry. Perhaps someone else?
I have a site with a subdomain for one of my children who doesn't want an SSL certificate. So I put the required javascript lines inside my own pages only. It works.

According to new google algorithm rules you should redirect all links to https with a secure SSL certificate.