HTTPS and WWW Redirect

Provides a simple configuration interface to enforce HTTPS and WWW prefix redirects without modifying Drupal core or server configuration files.

httpswww
4,251 sites
20
drupal.org
gui utility
url redirect https ssl SEO www security canonical domain
Drupal 8 Drupal 9 Drupal 10 Drupal 11

Install

Drupal 11, 10, 9, 8 v2.1.3
composer require 'drupal/httpswww:^2.1'

Overview

The HTTPS and WWW Redirect module offers a straightforward method for configuring your preferred URL format with or without the "www" prefix, including the option to enforce HTTPS redirects. This eliminates the need to modify .htaccess files, Drupal core code, or server configuration.

The module uses an event subscriber to intercept incoming requests and perform 301 permanent redirects when the URL doesn't match the configured preferred format. It supports excluding specific subdomains from WWW prefix redirects, which is useful for sites with multiple subdomains like forum.example.com or mail.example.com.

Security is enhanced through a bypass permission that allows trusted users to access the site without being redirected, preventing lockout scenarios during configuration changes.

Features

  • Enforce HTTPS-only access by redirecting all HTTP requests to HTTPS
  • Add or remove WWW prefix from domain URLs with 301 permanent redirects
  • Exclude specific subdomains from WWW prefix redirects (e.g., forum, mail, shop)
  • Permission-based bypass system allowing administrators to access the site without redirects
  • Emergency override via settings.php to regain access if accidentally locked out
  • SEO-friendly 301 permanent redirects to consolidate URLs and avoid duplicate content
  • Proper cache handling with cache tags and contexts for optimal performance

Use Cases

Enforcing HTTPS for security compliance

E-commerce sites handling payment information must use HTTPS. Enable the 'Redirect to HTTPS' option to ensure all traffic is encrypted, which helps with PCI DSS compliance and protects customer data.

SEO URL canonicalization

Search engines treat www.example.com and example.com as different sites, which can split your SEO ranking. Configure the module to redirect to your preferred format (with or without www) to consolidate all links to a single canonical URL.

Multi-subdomain site with WWW on main domain

A company site with forum.example.com and shop.example.com subdomains wants www on the main site. Set 'Add WWW prefix' and enter 'forum, shop' in the exclude subdomains field to redirect example.com to www.example.com while leaving subdomains unchanged.

Development and staging environment testing

Grant developers the 'Bypass HTTPS and WWW Redirects' permission so they can test the site on various URLs without being redirected, while production users experience the enforced redirects.

Tips

  • Always grant yourself the 'Bypass HTTPS and WWW Redirects' permission before enabling redirects to avoid lockout
  • Test your site is accessible via HTTPS and both www/non-www URLs before enabling redirects
  • The module uses 301 (permanent) redirects which are cached by browsers - clear browser cache when testing
  • Once configured for production, avoid making additional changes as frequent redirect changes can negatively impact SEO
  • The exclude subdomains feature only applies when adding WWW prefix - subdomains are automatically handled correctly when removing WWW

Technical Details

Admin Pages 1
HTTPS and WWW Redirect settings /admin/config/system/httpswww

Configure the preferred URL format for your site, including HTTPS enforcement and WWW prefix handling. Changes take effect immediately after saving.

Permissions 2
Administer HTTPS and WWW Redirects

Allows users to access and modify the redirect configuration settings. This permission should only be granted to trusted administrators as misconfiguration can lock users out of the site.

Bypass HTTPS and WWW Redirects

Allows users to access the site without being redirected to the configured URL format. Useful for administrators during configuration changes and for testing different URL variants.

Hooks 1
hook_help

Provides help text for the module on the help page

Troubleshooting 4
Endless redirect loop occurs after saving settings

Clear all caches using drush cr or via the admin UI. If that doesn't work, add $config['httpswww.settings']['enabled'] = FALSE; to settings.php to temporarily disable redirects.

Locked out of the site after enabling redirects

Add the following line to your settings.php file: $config['httpswww.settings']['enabled'] = FALSE; This overrides the configuration and disables all redirects, allowing you to access the site and correct the settings.

Logged out when saving configuration

This happens when you don't have the 'Bypass HTTPS and WWW Redirects' permission and are accessing the site from a different URL than configured. The redirect to a different domain logs you out. Grant yourself the bypass permission before making changes.

HTTPS redirect not working

Verify that a valid SSL certificate is installed and your server is configured to serve HTTPS requests. Test by manually accessing https://yoursite.com before enabling the redirect.

Security Notes 3
  • Both permissions are marked as 'restrict access' meaning they should only be granted to trusted roles
  • The 'Administer HTTPS and WWW Redirects' permission allows users to potentially lock others out of the site
  • Configuration override via settings.php provides an emergency recovery mechanism but requires server file access