Using .htaccess to force https

Forcing HTTPS on All Traffic

One of the many functions you can perform via .htaccess is the 301 redirects, which permanently redirects an old URL to a new one. You can activate the feature to force HTTPS on all incoming traffic by using the following inside the document root folder:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

IMPORTANT: Make sure that the line RewriteEngine On is not repeated twice. In case the line already exists, simply copy the rest of the code without it.

Forcing HTTPS on a Specific Domain

Let’s say that you have two domains: http://yourdomain1.com and http://yourdomain2.com. Both domains access the same website, but you only want the first one to be redirected to the HTTPS version. In this case, you need to use the following code:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain1.com [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Forcing HTTPS on a Specific Folder

The .htaccess file can also be used to force HTTPS on specific folders. However, the file should be placed in the folder that will have the HTTPS connection.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(folder1|folder2|folder3) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

After making the changes, clear your browser’s cache and try to connect to your site via HTTP. If everything was added correctly, the browser will redirect you to the HTTPS version.

2 comments

Leave a Reply

Your email address will not be published. Required fields are marked *