Donnerstag, 7. August 2014

How to redirect HTTPS to HTTP without certificate

Redirect HTTPS to HTTP without certificate
Today we all got to know from Google officially, that HTTPS secured connection till now is a ranking signal for Google. Some of us run to buy one. Some other will try to get one for free, e.g. by StartSSL. While we don't know at the moment, how much weighs the secured connection as the ranking signal for Google, another issue exists for all website owners:  what if somebody tries to reach your site with HTTPS, but you haven't any certificate installed? Any browser will rise an error, something like ERR_SSL_PROTOCOL_ERROR. and the visitor will not see your site. What to do? If you will search for an answer, you will mostly get an answer, any redirection isn't possible, cause the SSL handshake happens before the whole connection, so any redirection will not work. But there is a little mighty thing named htaccess, which will allow us to make our sites visible for any visitor independently of with which URL the visitor tries to reach your sites. The trick is
that we will not try to perform a redirection on basis of names or characters, like we do it e.g. on redirecting from www to no-www URLs. Instead of this htaccess allows to catch ... a connection port! Secured connections are performed on port 443, and this number is catchable:
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
This code in your htaccess file will perform a 301 redirect to the HTTP-ed URL of the site, in which root directory is the htaccess file located. If you get any 500 error, comment the first line out.

However on permanent basis, specially if you count a notable number of visitors, who tries to come in with HTTPS address, i would recommend to get a SSL certificate.

Enjoy the summer!