Sometimes you may need to make sure that the user is browsing your site over securte connection. An easy to way to always redirect the user to secure connection (https://) can be accomplished with a .htaccess file containing the following lines:
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Please, note that the .htaccess should be located in the web site main folder.
In case you wish to force HTTPS for a particular folder you can use:
http://www.domain.com/somefolder/ (note the slash at the end) is redirected to the original URL with https as expected, but http://www.domain.com/somefolder (without the slash at the end) is redirected to an invalid URL: https://www.domain.com/somefolder//{physical path in the file system}. Any guess why?
I am having the same problem that Martin is having with this. Is there a way to either add or remove the slash mark at the end of the URL if it is not going directly to a page other than index.php or index.html? Other than that this is the code I have been looking for... thanks for the help!
I tested this on several of my servers and did not experience this problem.
May be you should contact your webhosting provider on this matter. Most probably it is some apache config option.
My best guess is that the problem comes from the UseCanonicalName directive. So if you do not have control over the apache httpd.conf file you should contact your webhosting provider for assistance.
But I was not able to figure out how to do this with a specific folder. For those of you that understand htaccess code MUCH BETTER than me... can you figure out the work around that would allow me to force SSL/https on a folder without a trailing slash?
Fixing double-login problem and making sure authorization usernames/passwords are not sent in cleartext unencrypted.
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "google.com"
ErrorDocument 403 https://google.com
http://www.askapache.com/2006/htaccess/apache-ssl-in-htaccess-examples.html