Redirect http to https on home page only

Question

I read many similar questions but I did not find a solution. I want to redirect HTTP to HTTPS on the home page only.

• http://example.com to https://example.com

I don't know anything about .htacces .

Here you can see how it looks now, it contains code to hide .php extensions, expires caching and redirect www to non-www. I found these examples online:

## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType text/html "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 1 month"
</IfModule>
## EXPIRES CACHING ##


#AddHandler application/x-httpd-php54  .php54 .php
AddHandler application/x-httpd-php70 .php

RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]
RewriteRule ^ %1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.*?)/?$ $1.php [NC,L]

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

Answer 1

To redirect only the homepage to HTTPS (and canonicalise the www subdomain) then add the following at the top of your .htaccess file:

RewriteEngine On

RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+) [NC]
RewriteRule ^$ https://%1/ [R=302,L]

Note that this is a 302 (temporary) redirect. Only change it to a 301 (permanent) when you are sure it's working OK to avoid browser caching issues.

 RewriteCond %{HTTP_HOST} ^www\\.(.*)$ [NC] RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

Your existing www to non-www redirect at the end of the file also needs to be modified, otherwise it will redirect the homepage back to HTTP . This should also be moved to the top of your .htaccess file, immediately after the HTTP to HTTPS redirect.

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.+)$ http://%1/$1 [R=301,L]

Note that I changed ^(.*)$ to ^(.+)$ to match 1 or more characters - thus avoiding the homepage. You can also simplify this to (.+) (ie. remove the anchors) if you wish. Regex is greedy by default, the anchors are superfluous.

Summary

RewriteEngine On

# Only redirect homepage to HTTPS (and remove www subdomain)
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+) [NC]
RewriteRule ^$ https://%1/ [R=302,L]

# Remove www subdomain on other pages (HTTP only)
# >>> This is moved from the end of the htaccess file
RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
RewriteRule (.+) http://%1/$1 [R=302,L]

# Remainder of htaccess file....
:
:

Clear your browser cache and change 302 to 301 only once you have confirmed it's working OK.

---

Aside: You can remove the RewriteEngine directive that appears later in the file if you wish. This is optional, it only needs to occur once. Being at the top, before the mod_rewrite directives, is logical (but not strictly required).