I have been using:
RedirectMatch /(.*) https://www.website.com/$1
to enforce redirection from virtualhost 80 to 443 in apache.
My reasoning is that it makes sense to grab anything that the user puts in and translate it directly to https. Yet, I have seen this used quite often as well:
Redirect permanent / https://www.website.com/
Which I have not been using because I am assuming it would not be an exact translation of the addressed typed by the user to https.
Which one is best to enforce encryption for the whole site together with using Strict Transport Security?
Either a Redirect or a RedirectMatch can be 301 or 302, depending on how you invoke it, so that is not the difference between the two.
DIFFERENCES & MEANINGS:
The difference is that
Redirectonly matches a simple URL-PATH, whileRedirectMatchallows you to use regex pattern matching.Also, a 301 is a permanent redirect, and a 302 is a temporary redirect.
SEARCHING FOR GODOT
To preserve search engine ranking you should always use 301 redirects. Ideally for SEO you want some consistency in protocol and FQDN, so it goes well beyond just enforcing SSL/TLS.
So let's say your "complete" URL for your home page is:
Though you may have a server that is not case sensitivity, and that aliases all subdomains to the root domain, and that will use the file 'index' if it is not implicit in the path, such that you get to the same location by entering only example.com into the browser's location field. While that certainly makes it easy for a user to directly type in just
example.comit creates potential problems for SEO. If this is how your sever is set up then ALL of these URLs resolve to the exact same content:But even though your server may think these are all the same, and the content served is identical, Google considers them all to be unique URLs, and when they determine that these 12 URLs serve duplicate content, you will be penalized in search rankings.
And it's not enough to just ensure all your internal links are specified as the preferred URL — some fan of your site is undoubtedly going to post a link, and write the link as
http://example.comwhen you'd preferhttps://www.example.comso you need Google to know thathttp://example.comshould be interpreted as your preferred, and the way to do this is with PERMANENT redirects.Now you can make a
Redirector aRedirectMatchpermanent (301) just by adding 301 to the line:Also, for a permanent redirection these variations:
all mean exactly the same thing.
a ROSE is not a Rose is not a rose is not a RoSe
I haven't even gotten into trailing slashes and case sensitivity on directories or parameters, but these make a difference too. The only time Google does not care about case or trailing slash is in the root domain.
All of these are identical to google:
This is because the spec for domain names is case insensitive. But these:
Are all considered DIFFERENT even if your system or server considers them to be the same. While trailing slashes are not required on the TLD, they ARE required on all paths.
le.com/mypath/impliesle.com/mypath/index.htmlandle.com/mypathimpliesle.com/mypath.html.BEST PRACTICES
The solution to this is:
1) Make a house standard that all paths and file names be lower case ONLY.
2) Setup rewrite rules to make permanent 301 redirects for all variations in scheme, subdomain, trailing path slash, and file extension.
Because the possibilities are practically endless, and
Redirectrequires case sensitive paths,RedirectMatchorRewriteare better choices, so that every possible variation in:is shown to the Google crawlers exactly that way, and not
I'm not going to post a specific example of a rewrite rule because there are too many variables (including HSTS issues) and ways to create problems. Instead I'll refer you to Dan Morell's pretty excellent tutorials for NON HSTS sites and a separate link for HSTS sites.
The
Redirectwill be an exact translation. As written theRedirectis preferred because it is sending HTTP status code 302 whereas theRedirectMatchis sending 301.