Link to home
Create AccountLog in
Avatar of Tolga Inci
Tolga InciFlag for Türkiye

asked on

Why is my .htaccess redirect returning 200 instead of 301 during testing?

We have a Wordpress site, and it was changed from non-www to www several times due to some problems. The main issue is that Google indexed both versions which is not good. Finally we settled for www, and want to make sure non-www is not directly accesible from now on. Here is the code we used in .htaccess:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Open in new window

This mostly works except for some weird behaviour and mixed test results. When I test with Google Chrome incognito mode, I type https://theaksesuar.com and first it just connects and shows some distorted version of our site. When I refresh the page then it redirects to https://www.theaksesuar.com and displays the page correctly.
Redirect Checker and most other redirect checkers reports 200 instead of 301: https://www.redirect-checker.org
https://theaksesuar.com 200 OK
HTTP Headers
>>> https://theaksesuar.com

> --------------------------------------------
> 200 OK
> --------------------------------------------

Status: 200 OK
Code:   200
Server: openresty
Date:   Fri, 14 May 2021 07:50:51 GMT
Content-Type:   text/html; charset=UTF-8
Connection: close
Accept-Ranges:  bytes
Age:    153515
Cache-Control:  max-age=2592000
Content-Security-Policy:    upgrade-insecure-requests
Expires:    Fri, 11 Jun 2021 13:12:16 GMT
Last-Modified:  Wed, 12 May 2021 09:57:00 GMT
Strict-Transport-Security:  max-age=31536000; includeSubDomains
Vary:   Accept-Encoding, User-Agent
X-Backend:  local
X-Cache:    cached
X-Cache-Hit:    HIT
X-Cacheable:    YES
X-Content-Type-Options: nosniff
X-Xss-Protection:   1; mode=block

Open in new window

https://redirectdetective.com/ reports 301 fine. I will be glad if anyone can help.
Best Regards,
Avatar of David Favor
David Favor
Flag of United States of America image

Use curl to test this.

And you're correct, something's broken, as your redirect is failing.

Suggestions...

1) Till you get this resolve, change your 301 to 302, as 301s cache in browsers forever, which can be impossible to resolve.

2) Use this command to debug your setup...

imac> realurl --debug https://www.theaksesuar.com/
# DEBUG: realurl(): cmd: curl -s -I -L https://www.theaksesuar.com/ 2>&1
# DEBUG: realurl(): HTTP/1.1 200 OK
https://www.theaksesuar.com/

imac> realurl --debug https://theaksesuar.com/
# DEBUG: realurl(): cmd: curl -s -I -L https://theaksesuar.com/ 2>&1
# DEBUG: realurl(): HTTP/1.1 200 

Open in new window

OK
https://theaksesuar.com/

3) Running commands in #2 shows your redirect is failing.

4) Real fix.

a) Determine whether you require serving www or bare domain.

b) Delete other indexing data from Google.

c) Get your redirect working, so all HTTP + HTTPS requests land on one version of site - www or bare domain - makes no real difference, so long as you adhere... to the... Highlander Rule...

"There can be only one".

So all HTTP + HTTPS drive/redirect/terminate at exactly 1x URL.
I guess, the first rewrite rule should be
RewriteCond %{HTTP_HOST} !^www\.domain\.tld$
Avatar of Tolga Inci

ASKER

a) Determine whether you require serving www or bare domain.

b) Delete other indexing data from Google.

c) Get your redirect working, so all HTTP + HTTPS requests land on one version of site - www or bare domain

Hello, we definitely want to keep the www, since there is some old traffic coming only to www. When we switched to bare domain we lost traffic. How can we delete other indexing data from Google? How can we get the redirect working and move bare domain to www permanently?

Thanks in advance
According Google:
https://search.google.com/search-console/removals

Redirect as I said:
RewriteCond %{HTTP_HOST} !^www\.domain\.tld$

1) Hello, we definitely want to keep the www, since there is some old traffic coming only to www. When we switched to bare domain we lost traffic.

This is a complex issue.

No way to comment on this without having full access to your entire infrastructure + doing an SEO study.

Generally though, this only occurs when there's some misunderstanding about what's being indexed + how SEO works.

I'm guessing I've switched maybe... several 100s of sites from www -> bare domain with no SEO penalty.

So... file this away... as this can be done... just requires... care...

2)  How can we delete other indexing data from Google?

In search console, delete all except 1x URL to index.

3) How can we get the redirect working and move bare domain to www permanently?

In your case it appears something in your infrastructure config... is... very odd...

Running a scan of your site shows...

sudo nmap -sV -p 22,25,587,80,443,993,995 theaksesuar.com
theaksesuar.com: Starting Nmap 7.91 ( https://nmap.org ) at 2021-05-15 08:56 CDT
theaksesuar.com: Nmap scan report for theaksesuar.com (160.153.138.163)
theaksesuar.com: Host is up (0.18s latency).
theaksesuar.com: rDNS record for 160.153.138.163: ip-160-153-138-163.ip.secureserver.net
theaksesuar.com: 
theaksesuar.com: PORT    STATE    SERVICE    VERSION
theaksesuar.com: 22/tcp  open     ssh        OpenSSH 7.5 (protocol 2.0)
theaksesuar.com: 80/tcp  open     daap       mt-daapd DAAP
theaksesuar.com: 443/tcp open     ssl/http   OpenResty web app server
theaksesuar.com: 
theaksesuar.com: Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
theaksesuar.com: Nmap done: 1 IP address (1 host up) scanned in 19.21 seconds

Open in new window


3) Notice port 80 + port 443 suggests 2x different Web servers running.

Fix this first.

Determine what 1x Webserver you'll be using, then destroy all other Webservers (deinstall packages) + configs.

Then add the correct redirects to your config.

4) Note: You're running NGINX + you reference Apache config info above RewriteEngine directives.

NGINX != Apache

So no RewriteEngine directives will ever effect your HTTP/HTTPS request processing.

Whoever is doing this work inside your company... be sure they... understand exactly what they're doing...

5) To answer the question "How can we get the redirect working and move bare domain to www permanently?" correctly requires knowing exactly what Webserver you're using.

Likely once you remove all but 1x Webserver + related config, the problems you're seeing will likely be straight forward to fix.
Super odd.

For nmap to probe port 80 + discover a daap (Digital Audio Access Protocol) fingerprint running is truly odd.

Suggestion: If you can't figure out how to solve this, might be time to hire someone for assistance... as this is the oddest port 80 scan I've seen in decades + can only be solved via root ssh into the machine/container/VM where this site is running.
Hello,

I have some more info, let's see if we can figure this out :)

First this is a Godaddy Managed Wordpress hosting. We have very little control, we have SFTP and SSH access and that's it. And there is no company and dedicated workers maintaining the server, it's just me and Godaddy :) Godaddy also is not very helpful, they are more interested if the hosting is working or not. I had a hard time explaining ./htaccess file to them on the phone. Perhaps if I knew exactly what was wrong I could file a ticket, and hopefully an engineer could fix it.

The good news is that my ./htaccess file is working. Godaddy replaced the ./htaccess file with a default one, and https://theaksesuar.com stopped redirecting to www. So I added the below code, this time slightly changing it as Bembi suggested and it works fine.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^theaksesuar\.com$
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Open in new window


If I test this in Chrome with developer tools, the redirect works, and I see 301 reply from https://theaksesuar.com. However with curl I get this interesting reply, I think the answer lies here somewhere.

HTTP/2 200 
server: openresty
date: Mon, 17 May 2021 13:40:22 GMT
content-type: text/html; charset=UTF-8
content-length: 200874
accept-ranges: bytes
age: 433686
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests
expires: Fri, 11 Jun 2021 13:12:16 GMT
last-modified: Wed, 12 May 2021 09:57:00 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding, User-Agent
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains

Open in new window

Altough Chrome and other browsers I tested see and honor the redirect, curl gets 200 reply. I guess this is also what happens with Googlebot. I almost forgot, it's also not possible to delete URL https://theakesuar.com from Google search Console, since it says it will delete all www, non-www, http and https versions. Not good :)

 I think the interesting part about the curl reply is x-cache: cached and expires: Fri, 11 Jun 2021. So I guess Godaddy is using something like Cloudflare that sits in between our server and the internet. So I'm thinking, in the curl example this caching server replies, when using a browser we get the redirect correctly from the actual server.

Any ideas?

Thanks in advance

ASKER CERTIFIED SOLUTION
Avatar of David Favor
David Favor
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Thank you for your reply. When I use curl on http:// versions of the site, I get correct results.

Tolgas-MacBook-Pro:~ tolgainci$ curl -I http://theaksesuar.com
HTTP/1.1 301 Moved Permanently
Age: 0
Cache-Control: max-age=2592000
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 18 May 2021 06:07:05 GMT
Expires: Thu, 17 Jun 2021 06:07:05 GMT
Location: https://www.theaksesuar.com/
Vary: User-Agent, Accept-Encoding
X-Backend: local
X-Cache: uncached
X-Cache-Hit: MISS
X-Cacheable: NO:HTTPS Redirect


Tolgas-MacBook-Pro:~ tolgainci$ curl -I http://www.theaksesuar.com
HTTP/1.1 301 Moved Permanently
Age: 0
Cache-Control: max-age=2592000
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 18 May 2021 06:07:34 GMT
Expires: Thu, 17 Jun 2021 06:07:34 GMT
Location: https://www.theaksesuar.com/
Vary: User-Agent, Accept-Encoding
X-Backend: local
X-Cache: uncached
X-Cache-Hit: MISS
X-Cacheable: NO:HTTPS Redirect

Open in new window



Perhaps nmap is getting a reply that it doesn't recognize and it falsely classifies it as daap? If it's not a web server, how come we are getting a correct curl replies? And also the http:// redirects work fine from the browser.

I will contact Godaddy about the frontend openresty nginx server.
Hello,

The issue is resolved, here is the current curl output:

Tolgas-MacBook-Pro:~ tolgainci$ curl -I https://theaksesuar.com
HTTP/2 301 
server: openresty
date: Wed, 19 May 2021 14:29:45 GMT
content-type: text/html; charset=iso-8859-1
age: 0
cache-control: max-age=2592000
expires: Fri, 18 Jun 2021 14:29:45 GMT
location: https://www.theaksesuar.com/
vary: User-Agent, Accept-Encoding
x-backend: local
x-cache: uncached
x-cache-hit: MISS
x-cacheable: NO:HTTPS Redirect
strict-transport-security: max-age=31536000; includeSubDomains

Open in new window

Unfortunately I'm not sure how it got fixed. The server seems to be not caching now, and honored the 301. By the way SSH'ed into my server and used curl on the localhost and got the same server:openresty result. So indeed it was my server replying not some front end server, and also CDN is off in Godaddy panel. After my tests in SSH the problem was suddenly solved, probably coincedence.

I marked David's last comment as solution as he contributed the most. Thank you!
You're welcome!

Glad this is working for you now!