Rewriterule HTTP_HOST in Apache

We had to rewrite some specific domain names in our WordPress multisite.

Most of our domains are on this form:

In our case that is nice, because we also have a valid ssl certificate which supports *

But in addition we have other domain names on the form:

which we don’t have a valid ssl cerificate. When a wordpress administrator tries to log in to:


he/she is met with a scary ssl certificate warning. (Because we don’t have SSL certificates for these domain-names)

Our solution was to redirect this request with some Apache rewrite rules:

RewriteEngine On
RewriteCond %{REQUEST_URI} ^/wp-login\.php [or]
Rewritecond %{REQUEST_URI} ^/wp-admin$
RewriteCond %{HTTP_HOST} !^(([^.])+\.b\.uib\.no)$
RewriteCond %{HTTP_HOST} ^([a-z.]+)?uib\.no$ [NC]
RewriteRule .?{REQUEST_URI} [R=301,L]

which says something like:
If REQUEST_URI starts with wp-login.php OR wp-admin, AND the HTTP_HOST (domainname) is NOT LIKE AND HTTP_HOST IS, THEN
rewrite the whole thing to a new URL with  301 (permanently moved). The %1, which is the match in the regular expression above is part of the new URL.

In this way we could make sure that the users of wordpress instances with, would be redirected to a proper domain name, and thus with a valid SSL certificate.

See also: (se: RewriteCond backreferences)

You might ask “Why not just order and install the SSL certificates as needed?”.

The answer is that ordering SSL certificates is a very manual process and takes a lot of administration and time, involving a lot of people. We want to avoid such and make things as simple as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *