Introduction

Removing the “www” from your URL and enforcing SSL may seem like a daunting task to you, but it isn’t. It’s pretty simple. Whether you’re on shared hosting with limited access to configuration or have full control because you’re hosting your site on a VPS (from an excellent place like Digital Ocean), you can do both of these things quickly and painlessly.

Here’s a sample config that will remove the “www” from the URL of your website and force your site to use SSL (HTTPS).

<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on [NC,OR]
RewriteCond %{HTTP_HOST} ^www.
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
</IfModule>

Understanding the Config

<IfModule> is an Apache directive used to check to see if a particular Apache module is installed. In this case, we’re checking for the rewrite module.

RewriteCond is a directive provided by the rewrite module that defines conditions under which rewriting should take place.

RewriteCond %{HTTPS} !=on [NC,OR]

Here we’re checking to see if HTTPS is not on. The things surrounded by brackets are called flags. The NC flag means no case (or case-insensitive). The OR flag represents the OR logical gate. It checks to see if one or more conditions are true. We will discuss the OR flag in more detail later in this post.

RewriteCond %{HTTP_HOST} ^www.

%{HTTP_HOST} is a variable in Apache configuration that represents a web host. You already know what an HTTP host is even if you don’t realize it. The HTTP host is part of the URL, specifically the www.example.com or example.com part.

We’re using a regular expression (regex) in this Rewrite Condition to check the HTTP_HOST for the “www.” string. Think of it as a question. Does www.example.com contain www.? Yes! Does example.com contain www.? No!

Back to our logical gate OR! Here’s the cool part. We’re essentially asking Apache to rewrite the URL if HTTPS is off OR if “www” is in the URL.

Let’s review the final piece and put everything together.

RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]

The rewrite module provides the RewriteRule Apache directive. The rule describes how the URL will be rewritten as long as it meets the condition(s) provided. The R flag means redirect. 301 is the HTTP response that’s returned by the redirect. (It means permanent redirect). The L flag means last. This flag tells Apache to stop processing rules if this rule has been executed.

The Rewrite Rule uses a regular expression that captures a piece of the URL in a capture group and then applies it at the end of the new, rewritten URL.

In Action

If I typed http://www.example.com/contact into my browser:

The check to see if HTTPS is off returns true. Apache skips the next condition. The /contact portion of the URL is captured in the regular expression capture group. Then the URL is transformed into https://example.com/contact

If I typed https://www.example.com/faq into my browser:

The check to see if HTTPS is off returns false. Apache uses the next condition to determine if “www.” is in the URL. It is! Apache captures the /faq portion of the URL and stores it in $1 (because of the capture group). Then the URL is transformed into https://example.com/faq