web hosting reviews


Force SSL/https using .htaccess and mod_rewrite

Web Hosting Articles \ A simple guide to .htaccess \ Force SSL/https using .htaccess and mod_rewrite

Sometimes you may need to make sure that the user is browsing your site over securte connection. An easy to way to always redirect the user to secure connection (https://) can be accomplished with a .htaccess file containing the following lines:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Please, note that the .htaccess should be located in the web site main folder.

In case you wish to force HTTPS for a particular folder you can use:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} somefolder 
RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]

The .htaccess file should be placed in the folder where you need to force HTTPS.


  1. How to block users from accessing your site based on their IP address
  2. How to prevent or allow directory listing?
  3. How to change the error documents – 404 Page Not Found, etc
  4. Using .htaccess for password protecting your folders
  5. Using .htaccess to block referrer spam
  6. Disable Hot-Linking of images and other files
  7. Redirect URLs using .htaccess
  8. Introduction to mod_rewrite and some basic examples
  9. Force SSL/https using .htaccess and mod_rewrite
  10. 301 Permanent redirects for parked domain names
  11. Enable CGI, SSI with .htaccess
  12. How to add Mime-Types using .htaccess
  13. Change default directory page
  14. Block Bad robots, spiders, crawlers and harvesters
  15. Make PHP to work in your HTML files with .htacess
  16. Change PHP variables using .htaccess
  17. HTTP Authentication with PHP running as CGI/SuExec
  18. Force www vs non-www to avoid duplicate content on Google
  19. Duplicate content fix index.html vs / (slash only)

Comments 10 >>

Yoni Varbos Said,
Jan 08, 2007 @ 01:50

Nice htaccess article! Here is a more indepth SSL article.

Fixing double-login problem and making sure authorization usernames/passwords are not sent in cleartext unencrypted.

SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "google.com"
ErrorDocument 403 https://google.com


http://www.askapache.com/2006/htaccess/apache-ssl-in-htaccess-examples.html
Ilias Said,
Mar 06, 2007 @ 05:07

Thank you very much. I quickly found what I was looking for!

Ilias
PHP MySql Programmer / Developer Said,
Sep 17, 2007 @ 18:56

Thank you for the htaccess information. This is a cool tutorial.
AK Said,
Mar 07, 2008 @ 12:52

Thanks! This was exactly what i was looking for... :-)
Martin Said,
Apr 24, 2008 @ 04:35

http://www.domain.com/somefolder/ (note the slash at the end) is redirected to the original URL with https as expected, but http://www.domain.com/somefolder (without the slash at the end) is redirected to an invalid URL: https://www.domain.com/somefolder//{physical path in the file system}. Any guess why?
Colin Said,
May 06, 2008 @ 18:35

I am having the same problem that Martin is having with this. Is there a way to either add or remove the slash mark at the end of the URL if it is not going directly to a page other than index.php or index.html? Other than that this is the code I have been looking for... thanks for the help!
vine Said,
May 09, 2008 @ 03:01

@Colin

I tested this on several of my servers and did not experience this problem.

May be you should contact your webhosting provider on this matter. Most probably it is some apache config option.

My best guess is that the problem comes from the UseCanonicalName directive. So if you do not have control over the apache httpd.conf file you should contact your webhosting provider for assistance.
Colin Said,
May 12, 2008 @ 12:24

Thanks for the reply Vine... but I was not able to get that to work. I did find this reference to the issue here:

http://www.askapache.com/htaccess/commonly-used-htaccess-code-examples.html

But I was not able to figure out how to do this with a specific folder. For those of you that understand htaccess code MUCH BETTER than me... can you figure out the work around that would allow me to force SSL/https on a folder without a trailing slash?

Thanks SO MUCH for the help!
vince Said,
May 12, 2008 @ 13:21

@Colin

You may try the following:

# add trailing slash to directories and force SSL
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_URI} !(/$)
RewriteCond %{SERVER_PORT} 80
RewriteRule (.*) https://www.example.com/$1/ [R=301,L]

# And for the files
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
AION Said,
Jul 13, 2008 @ 06:11

Works like a charm
Your comments on this article

(required)

(required but never displayed)



security code


Previous: Introduction to mod_rewrite and some basic examples Next: 301 Permanent redirects for parked domain names

Back to Web Hosting Articles list

Web hosting companies A-Z:
All web hosting companies

About - Terms of Use - Privacy Policy -
Web Hosting Reviews