[SOLVED] Force SSL and WWW on Sub Domain with .htaccess

January 20, 2016

I had someone today who was having some issues with their financial site and the SSL cert so I solved the main issue but noticed that visitors could navigate to https://www.{subdomain}.{domain}.com (with www).

Ideally, to keep things clean, they need to go to https://{subdomain}.{domain}.com (without www).

So after scrambling around for a bit trying various methods I settled on the solution below which you can place in your root .htaccess file and this will detect requests trying to access www on the subdomain and redirect them to the sub domain without www but maintaining/forcing SSL.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{ENV:HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]

Basically with this script, all roads lead to SSL on subdomain.