Force https using an .htaccess file


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » Apache Related Information

Force https using an .htaccess fileLast Modified: Mar 10, 2017, 8:21 pm
If you want to force a given website or path to use https, redirected from http, you can create an .htaccess file in the DocumentRoot for that domain or hostname, and add the following code:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

which will redirect any non-https connections to https using the same request and GET variables.

If your site is running through CloudFlare, your https requests to it may actually hit your server in plaintext (http), which is confusing.
For that case, you might need something like this for an http to https redirect:

RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

where the only usable header is X-Forwarded-Proto, because the %{HTTPS} variable is "off" for requests from the CloudFlare network.



If you're running nginx, go to:

Admin Level -> Custom Httpd Config -> domain.com

and in token |CUSTOM4|, add:

|*if SSL_TEMPLATE="0"|
       return 301 https://$host$request_uri;
|*endif|

2003 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST