How do you redirect HTTPS to HTTP?
https://stackoverflow.com/questions/8371
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
How do you redirect HTTPS to HTTP?. That is, the opposite of what (seemingly) everyone teaches.
I have a server on HTTPS for which I paid an SSL certification for and a mirror for which I haven't and keep around for just for emergencies so it doesn't merit getting a certification for.
On my client's desktops I have SOME shortcuts which point to http://production_server and https://production_server (both work). However, I know that if my production server goes down, then DNS forwarding kicks in and those clients which have "https" on their shortcut will be staring at https://mirror_server (which doesn't work) and a big fat Internet Explorer 7 red screen of uneasyness for my company.
Unfortunately, I can't just switch this around at the client level. These users are very computer illiterate: and are very likely to freak out from seeing HTTPS "insecurity" errors (especially the way Firefox 3 and Internet Explorer 7 handle it nowadays: FULL STOP, kind of thankfully, but not helping me here LOL).
It's very easy to find Apache solutions for http->https redirection, but for the life of me I can't do the opposite.
Ideas?
Solution
This has not been tested but I think this should work using mod_rewrite
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
OTHER TIPS
Keep in mind that the Rewrite engine only kicks in once the HTTP request has been received - which means you would still need a certificate, in order for the client to set up the connection to send the request over!
However if the backup machine will appear to have the same hostname (as far as the client is concerned), then there should be no reason you can't use the same certificate as the main production machine.
Based on ejunker's answer, this is the solution working for me, not on a single server but on a cloud enviroment
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{ENV:HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
For those that are using a .conf file.
<VirtualHost *:443>
ServerName domain.com
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/domain.crt
SSLCertificateKeyFile /etc/apache2/ssl/domain.key
SSLCACertificateFile /etc/apache2/ssl/domain.crt
</VirtualHost>
If none of the above solutions work for you (they did not for me) here is what worked on my server:
RewriteCond %{HTTPS} =on
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [L,R=301]
all the above did not work when i used cloudflare, this one worked for me:
RewriteCond %{HTTP:X-Forwarded-Proto} =https
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
and this one definitely works without proxies in the way:
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
It is better to avoid using mod_rewrite when you can.
In your case I would replace the Rewrite with this:
<If "%{HTTPS} == 'on'" >
Redirect permanent / http://production_server/
</If>
The <If> directive is only available in Apache 2.4+ as per this blog here.
None of the answer works for me on Wordpress website but following works ( it's similar to other answers but have a little change)
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
this works for me.
<VirtualHost *:443>
ServerName www.example.com
# ... SSL configuration goes here
Redirect "https://www.example.com/" "http://www.example.com/"
</VirtualHost>
<VirtualHost *:80>
ServerName www.example.com
# ...
</VirtualHost>
be sure to listen to both ports 80 and 443.
As far as I'm aware of a simple meta refresh also works without causing errors:
<meta http-equiv="refresh" content="0;URL='http://www.yourdomain.com/path'">
