Force SSL/https using .htaccess and mod_rewrite

by

For Apache, you can use mod_ssl to force SSL with the SSLRequireSSL Directive:

This directive forbids access unless HTTP over SSL (i.e. HTTPS) is enabled for the current connection. This is very handy inside the SSL-enabled virtual host or directories for defending against configuration errors that expose stuff that should be protected. When this directive is present all requests are denied which are not using SSL.

This will not do a redirect to https though. To redirect, try the following with mod_rewrite in your .htaccess file

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

or any of the various approaches given at

You can also solve this from within PHP in case your provider has disabled .htaccess (which is unlikely since you asked for it, but anyway)

if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on') {
    if(!headers_sent()) {
        header("Status: 301 Moved Permanently");
        header(sprintf(
            'Location: https://%s%s',
            $_SERVER['HTTP_HOST'],
            $_SERVER['REQUEST_URI']
        ));
        exit();
    }
}

More Related Contents:

  1. URL rewrite with .htaccess for wildcard domain
  2. URL rewriting with PHP
  3. Redirect all to index.php using htaccess
  4. deny direct access to a folder and file by htaccess
  5. Htaccess: add/remove trailing slash from URL
  6. How to check whether mod_rewrite is enable on server?
  7. URL rewriting : css, js, and images not loading
  8. .htaccess rewrite GET variables
  9. No input file specified
  10. Pretty URLs with .htaccess
  11. Yii2 htaccess – How to hide frontend/web and backend/web COMPLETELY
  12. Session lost when switching from HTTP to HTTPS in PHP
  13. A problem occurred somewhere in the SSL/TLS handshake
  14. Remove .php extension (explicitly written) for friendly URL [closed]
  15. How to get SSL certificate info with CURL in PHP?
  16. Getting a 500 Internal Server Error (require() failed opening required path) on Laravel 5+ Ubuntu 14.04
  17. How can I use .htaccess to hide .php URL extensions?
  18. PHP CURL CURLOPT_SSL_VERIFYPEER ignored
  19. Setting up SSL on a local xampp/apache server
  20. mod_rewrite, php and the .htaccess file
  21. laravel trailing Slashes redirect to localhost
  22. How to force Laravel Project to use HTTPS for all routes?
  23. Switching between HTTP and HTTPS pages with secure session-cookie
  24. cURL requires CURLOPT_SSL_VERIFYPEER=FALSE
  25. How to create clean url using .htaccess
  26. .htaccess mod_rewrite > 500 Internal Server Error
  27. Permission denied: /var/www/abc/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable?
  28. Pretty URLs without mod_rewrite, without .htaccess
  29. .htaccess Redirect non-WWW to WWW preserving URI string
  30. How can I have CodeIgniter load specific pages using SSL?

Leave a Comment