I have an old url (www1.test.net) and I would like to redirect it to
I have implemented and installed our SSL certificate on my site.
This is my old file .htaccess:
RewriteEngine On RewriteRule !\.(js|gif|jpg|png|css|txt)$ public/index.php [L] RewriteCond %{REQUEST_URI} !^/public/ RewriteRule ^(.*)$ public/$1 [L] How can I configure my .htaccess file so that url auto redirect to https?
Thanks!
16 Answers
I use the following to successfully redirect all pages of my domain from http to https:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) [R=301,L] Note this will redirect using the 301 'permanently moved' redirect, which will help transfer your SEO rankings.
To redirect using the 302 'temporarily moved' change [R=302,L]
Update 2016
As this answer receives some attention, I want to hint to a more recommended way on doing this using Virtual Hosts: Apache: Redirect SSL
<VirtualHost *:80> ServerName mysite.example.com Redirect permanent / </VirtualHost> <VirtualHost _default_:443> ServerName mysite.example.com DocumentRoot /usr/local/apache2/htdocs SSLEngine On # etc... </VirtualHost> Old answer, hacky thing given that your ssl-port is not set to 80, this will work:
RewriteEngine on # force ssl RewriteCond %{SERVER_PORT} ^80$ RewriteRule ^(.*)$ [L,R] Note that this should be your first rewrite rule.
Edit: This code does the following. The RewriteCond(ition) checks wether the ServerPort of the request is 80 (which is the default http-port, if you specified another port, you would have to adjust the condition to it). If so, we match the whole url (.*) and redirect it to a https-url. %{SERVER_NAME} may be replaced with a specific url, but this way you don't have to alter the code for other projects. %{REQUEST_URI} is the portion of the url after the TLD (top-level-domain), so you will be redirected to where you came from, but as https.
This is the best for www and for HTTPS, for proxy and no proxy users.
RewriteEngine On ### WWW & HTTPS # ensure www. RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule ^ [L,R=301] # ensure https RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteCond %{HTTPS} off RewriteRule ^ [L,R=301] ### WWW & HTTPS 2I force the https with following code:
RewriteEngine on RewriteCond %{HTTPS} off RewriteRule ^(.*)$ [R=301,L] 1In cases where the HTTPS/SSL connection is ended at the load balancer and all traffic is sent to instances on port 80, the following rule works to redirect non-secure traffic.
RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule (.*) [R=301,L] Ensure the mod_rewrite module is loaded.
Add this code at the end of your .htaccess file
RewriteEngine on RewriteCond %{HTTPS} off RewriteRule (.*) 2Searching for the best way to redirect, i've found this (coming from html5boilerplate) :
# ---------------------------------------------------------------------- # | HTTP Strict Transport Security (HSTS) | # ---------------------------------------------------------------------- # Force client-side SSL redirection. # # If a user types `example.com` in their browser, even if the server # redirects them to the secure version of the website, that still leaves # a window of opportunity (the initial HTTP connection) for an attacker # to downgrade or redirect the request. # # The following header ensures that browser will ONLY connect to your # server via HTTPS, regardless of what the users type in the browser's # address bar. # # (!) Remove the `includeSubDomains` optional directive if the website's # subdomains are not using HTTPS. # # # # Header set Strict-Transport-Security "max-age=16070400; includeSubDomains" Maybe it will help someone in 2017 ! :)
4Insert this code in your .htaccess file. And it should work
RewriteCond %{HTTP_HOST} yourDomainName\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ [R,L] 0This makes sure that redirects work for all combinations of intransparent proxies.
This includes the case client <http> proxy <https> webserver.
# behind proxy RewriteCond %{HTTP:X-FORWARDED-PROTO} ^http$ RewriteRule (.*) [R=301,L] # plain RewriteCond %{HTTP:X-FORWARDED-PROTO} ^$ RewriteCond %{REQUEST_SCHEME} ^http$ [NC,OR] RewriteCond %{HTTPS} off RewriteRule (.*) [R=301,L] Use the following code or you can read more in detail on this topic. How to redirect HTTP to HTTPS Using .htaccess?
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) [R=301,L] I had a problem with redirection also. I tried everything that was proposed on Stackoverflow. The one case I found by myself is:
RewriteEngine on RewriteBase / RewriteCond %{HTTP:SSL} !=1 [NC] RewriteCond %{HTTPS} off RewriteRule ^(.*)$ [R=301,L] Adding the following to the top of the .htaccess
RewriteEngine On RewriteCond %{ENV:HTTPS} !=on RewriteRule ^.*$ [R,L] RewriteEngine on RewriteCond %{HTTPS} off RewriteRule (.*) 1This is what ended up working for me
<IfModule mod_rewrite.c> RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] </IfModule> Forcing HTTPS with the .htaccess File
==> Redirect All Web Traffic :-
To force all web traffic to use HTTPS, insert the following lines of code in the .htaccess file in your website’s root folder.
RewriteEngine On RewriteCond %{HTTPS} !on RewriteRule (.*) [L,R=301] ==> Redirect Only Specified Domain :-
To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website’s root folder:
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteEngine On RewriteCond %{HTTP_HOST} ^example\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ [R=301,L] If this doesn’t work, try removing the first two lines.
RewriteEngine On RewriteCond %{HTTP_HOST} ^example\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ [R=301,L] Make sure to replace example.com with the domain name you’re trying force to https. Additionally, you need to replace with your actual domain name.
==> Redirect Specified Folder :-
If you want to force SSL on a specific folder, insert the code below into a .htaccess file placed in that specific folder:
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} folder RewriteRule ^(.*)$ [R=301,L] Make sure you change the folder reference to the actual folder name. Then be sure to replace with your actual domain name and folder you want to force the SSL on.
Replace your domain with domainname.com , it's working with me .
RewriteEngine On RewriteCond %{HTTP_HOST} ^domainname\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ [R,L] 1