Apache: How to Redirect HTTP Requests to HTTPS
Below we are going to show you how to redirect all non-https request to use https. Why would you do this? This depends on what kind of site you are hosting. For example, if you are running a billing site, and you want to ensure that all trafic is secure, you can use the following code in your htaccess file to make sure that happens.
1) Edit/Create a htaccess file in the folder your site is being served from (normally public_html).
2) Add the following code to the htaccess file.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} |
3) Save the file and check the results in your web browser by trying to access your site using standard http rather than https. If it is working correctly, you should be automatically redirected to https.
Please Note: If you do not have a SSL certificate on your site, this could cause errors. Please make sure that you have a SSL certificate installed and properly working before attempting this.
If you have any questions, please feel free to leave a comment below. You can also contact our support team directly through the support tab in Backstage.
search best web hosting January 23, 2014 at 5:08 pm
Excellent explanation
Das August 21, 2014 at 2:32 am
your post is informative.
In case if the moodle site is not a root site and a subsite then how should the redirect code look like.
Thanks
James Davey August 21, 2014 at 7:31 am
Hello Das,
The code would be exactly the same, but would be placed in the .htaccess file in the Moodle site’s folder, rather than the one in public_html.
Daniel Phillips February 25, 2015 at 7:46 am
Thanks for posting this, very helpful.
I found I needed the addition of:
RewriteOptions Inherit
This made sure that all subdirectories accessed would go through https
Also, I noticed this on the Apache wiki:
https://wiki.apache.org/httpd/RewriteHTTPToHTTPS
“Using mod_rewrite to do this isn’t the recommended behavior. See RedirectSSL”
https://wiki.apache.org/httpd/RedirectSSL
James Davey February 25, 2015 at 10:54 am
Hello Daniel,
Thanks for adding that. The Inherit flag is not always needed, but it certainly is useful.
As for the RedirectSSL method you link to, that requires editing the VirtualHost entries in Apache, which requires root access. As such, it is not possible to use this method on our managed servers.
Daniel Phillips February 26, 2015 at 3:22 am
Thanks for pointing that out.
Etienne July 22, 2016 at 3:25 pm
Yep, you are right, the site5 code did’nt work for me.
But this one found on your link work perfectly ! Thank you!
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e. http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context
Scott Trick September 9, 2015 at 11:25 am
Where in this code do I put the additional code needed?
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
James Davey September 9, 2015 at 12:07 pm
Hi Scott,
You can put this either above the # BEGIN WordPress line or below the # END WordPress line, and it should work fine. I would recommend putting it above # BEGIN WordPress.
slax September 9, 2015 at 1:05 pm
I want to redirect my primary domain to https (http://www.website.com to https://www.website.com) and exclude all sub domains. (http://xyz.website.com to remain as http://xyz.website.com)
I have been searching for a solution for too long and couldnt find the right solution, please help
My .htaccess file
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
James Davey September 10, 2015 at 4:55 am
Hello Slax,
Something like this should do the trick:
RewriteEngine on
# redirect to https www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)(domain\.com)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L]
# redirect to http subdomain
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^((?!www).+\.domain\.com)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
Patrick Hoffmann September 21, 2015 at 3:02 pm
When I add the code to my htaccess file the site domain works fine but I find links to other websites now having a trusted link issue. Firefox puts up a warning that my certificate is unsigned, and that my images are not secure. Any help would be greatly appreciated
James Davey September 22, 2015 at 5:09 am
Hello Patrick,
That sounds like two issues, really. The first, that the certificate is unsigned, is likely just that – the cert is not signed by a trusted authority. Where did you buy the certificate? Or was this a self-signed one?
The second, regarding the images, is a little more complex. When you load your site under https, all images on the page need to be coded for that. If you are using basic HTML, for example, you would need to call the images using https:// in the code, rather than http://.
Tolu November 17, 2015 at 10:37 am
Hi,
My SSL just got installed on my website, I used the above code in my .htaccess file,
my website is not showing properly and the SSL claims some images are not served over a secured connection, i’m using Magento 1.9.1.1. I’ve checked all my base url and they are all secured.
Secondly only the frontend homepage is showing the padlock with a warning sign, other pages including customer login is still served over unsecure connection.
Any assistance would be appreciated.
Corey Mahon November 17, 2015 at 12:07 pm
Hi Tolu!
I’m sorry to hear about the issues you are seeing on your site after the SSL certificate was installed. Based on your description, it sounds as if there is still some content on your site that is being pulled via http URL which would cause the insecure content error. However, if you would please open a ticket through your backstage panel, our customer service staff will be glad to do a full investigation and locate the cause of these errors!
Tolu November 18, 2015 at 5:55 am
Hello Corey,
I was able to check my site with https://www.whynopadlock.com/, i got the images and fonts switched to https except for a javascript line of code (http://s7.addthis.com/js/250/addthis_widget.js) which I can’t locate in my source folders.
Thanks
Corey Mahon November 18, 2015 at 10:09 am
Hi Tolu!
That is odd indeed that you can’t locate the javascript in your code. If you would please open a ticket through your backstage panel, our customer service staff will be glad to dig in and take a look and see if we can help find that line for you and get this issue totally resolved!
danny December 12, 2015 at 8:41 am
Hi, after ading it to my .htaccess, it works but it redirect all pages to the homepage and help would be much appreciated. regards,
James Davey December 15, 2015 at 5:16 am
Hello Danny,
You can redirect only specific pages; just use the full address in your .htaccess. If you like, our support team can help refine this.
tronghiep92 April 24, 2016 at 1:07 am
Hi all,
I tried but not working with file: js, css, jpg,…
http://uslucky.com => https://uslucky.com
BUT: http://uslucky.com/css/app.css no redirect https://uslucky.com/css/app.css
Please help me!!!
Corey Mahon April 28, 2016 at 9:49 am
That is odd indeed. If you would please open a ticket with our support team through your backstage panel, we’ll be glad to dig in and find out why the redirects are not working and get them fixed up for you!