apache tutorial - Force HTTPS - apache - apache web server - apache server - apache2




Force HTTPS in Apache

.htaccess can be used to force your HTTP site to redirect to HTTPS.

Here's a quick way that doesn't require editing the code for your domain:

RewriteEngine On
RewriteCond %{HTTPS} =off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
click below button to copy the code. By Apache tutorial team

Warning: The code above assumes that you can trust %{HTTP_HOST} to point to your domain.
If you need to be sure that the redirect location is your domain, replace %{HTTP_HOST} with your domain.

The code above does this:

  • Enable RewriteEngine.
  • Continue if the current request is not using HTTPS.
  • Do a HTTP 301 redirect to https://%{HTTP_HOST}%{REQUEST_URI}, where
  • %{HTTP_HOST} is the host requested by the browser and
  • %{REQUEST_URI} is the URI requested by the browser (everything after the domain).

Warning: Your web application must be able to handle, HTTPS requests, and Apache for your host should be configured with a valid site certificate.

Note that it is significantly more efficient to simply do a Redirect in the http vhost than to do these multiple per-request comparisons in a .htaccess file. See http://wiki.apache.org/httpd/RedirectSSL for further discussion of this technique.


Related Searches to Force HTTPS in Apache