Site5 - Built For Designers & Developers MENU
Home  ›  Apache  ›  Apache: How to Redirect HTTP Requests to HTTPS

Apache: How to Redirect HTTP Requests to HTTPS

21 Comments

Below we are going to show you how to redirect all non-https request to use https. Why would you do this? This depends on what kind of site you are hosting. For example, if you are running a billing site, and you want to ensure that all trafic is secure, you can use the following code in your htaccess file to make sure that happens.

1) Edit/Create a htaccess file in the folder your site is being served from (normally public_html).

2) Add the following code to the htaccess file.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

3) Save the file and check the results in your web browser by trying to access your site using standard http rather than https. If it is working correctly, you should be automatically redirected to https.

Please Note: If you do not have a SSL certificate on your site, this could cause errors. Please make sure that you have a SSL certificate installed and properly working before attempting this.

If you have any questions, please feel free to leave a comment below. You can also contact our support team directly through the support tab in Backstage.

Still have a question? Or need help?
If you need technical support with your account, please email us or chat live with a representative.

21 Comments

  • Excellent explanation

  • your post is informative.

    In case if the moodle site is not a root site and a subsite then how should the redirect code look like.

    Thanks

    • Hello Das,

      The code would be exactly the same, but would be placed in the .htaccess file in the Moodle site’s folder, rather than the one in public_html.

  • Thanks for posting this, very helpful.

    I found I needed the addition of:

    RewriteOptions Inherit

    This made sure that all subdirectories accessed would go through https

    Also, I noticed this on the Apache wiki:
    https://wiki.apache.org/httpd/RewriteHTTPToHTTPS

    “Using mod_rewrite to do this isn’t the recommended behavior. See RedirectSSL”

    https://wiki.apache.org/httpd/RedirectSSL

    • Hello Daniel,

      Thanks for adding that. The Inherit flag is not always needed, but it certainly is useful.

      As for the RedirectSSL method you link to, that requires editing the VirtualHost entries in Apache, which requires root access. As such, it is not possible to use this method on our managed servers.

      • Thanks for pointing that out.

      • Yep, you are right, the site5 code did’nt work for me.

        But this one found on your link work perfectly ! Thank you!

        RewriteEngine On
        # This will enable the Rewrite capabilities

        RewriteCond %{HTTPS} !=on
        # This checks to make sure the connection is not already HTTPS
        RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
        # This rule will redirect users from their original location, to the same location but using HTTPS.
        # i.e. http://www.example.com/foo/ to https://www.example.com/foo/
        # The leading slash is made optional so that this will work either in httpd.conf
        # or .htaccess context

  • Where in this code do I put the additional code needed?

    # BEGIN WordPress

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    # END WordPress

    • Hi Scott,

      You can put this either above the # BEGIN WordPress line or below the # END WordPress line, and it should work fine. I would recommend putting it above # BEGIN WordPress.

  • I want to redirect my primary domain to https (http://www.website.com to https://www.website.com) and exclude all sub domains. (http://xyz.website.com to remain as http://xyz.website.com)

    I have been searching for a solution for too long and couldnt find the right solution, please help

    My .htaccess file

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

    • Hello Slax,

      Something like this should do the trick:

      RewriteEngine on

      # redirect to https www
      RewriteCond %{HTTPS} off
      RewriteCond %{HTTP_HOST} ^(?:www\.)(domain\.com)$ [NC]
      RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L]

      # redirect to http subdomain
      RewriteCond %{HTTPS} on
      RewriteCond %{HTTP_HOST} ^((?!www).+\.domain\.com)$ [NC]
      RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]

  • When I add the code to my htaccess file the site domain works fine but I find links to other websites now having a trusted link issue. Firefox puts up a warning that my certificate is unsigned, and that my images are not secure. Any help would be greatly appreciated

    • Hello Patrick,

      That sounds like two issues, really. The first, that the certificate is unsigned, is likely just that – the cert is not signed by a trusted authority. Where did you buy the certificate? Or was this a self-signed one?

      The second, regarding the images, is a little more complex. When you load your site under https, all images on the page need to be coded for that. If you are using basic HTML, for example, you would need to call the images using https:// in the code, rather than http://.

  • Hi,

    My SSL just got installed on my website, I used the above code in my .htaccess file,
    my website is not showing properly and the SSL claims some images are not served over a secured connection, i’m using Magento 1.9.1.1. I’ve checked all my base url and they are all secured.
    Secondly only the frontend homepage is showing the padlock with a warning sign, other pages including customer login is still served over unsecure connection.

    Any assistance would be appreciated.

    • Hi Tolu!

      I’m sorry to hear about the issues you are seeing on your site after the SSL certificate was installed. Based on your description, it sounds as if there is still some content on your site that is being pulled via http URL which would cause the insecure content error. However, if you would please open a ticket through your backstage panel, our customer service staff will be glad to do a full investigation and locate the cause of these errors!

      • Hello Corey,

        I was able to check my site with https://www.whynopadlock.com/, i got the images and fonts switched to https except for a javascript line of code (http://s7.addthis.com/js/250/addthis_widget.js) which I can’t locate in my source folders.

        Thanks

        • Hi Tolu!

          That is odd indeed that you can’t locate the javascript in your code. If you would please open a ticket through your backstage panel, our customer service staff will be glad to dig in and take a look and see if we can help find that line for you and get this issue totally resolved!

  • Hi, after ading it to my .htaccess, it works but it redirect all pages to the homepage and help would be much appreciated. regards,

    • Hello Danny,

      You can redirect only specific pages; just use the full address in your .htaccess. If you like, our support team can help refine this.

  • Hi all,
    I tried but not working with file: js, css, jpg,…

    http://uslucky.com => https://uslucky.com

    BUT: http://uslucky.com/css/app.css no redirect https://uslucky.com/css/app.css

    Please help me!!!

    • That is odd indeed. If you would please open a ticket with our support team through your backstage panel, we’ll be glad to dig in and find out why the redirects are not working and get them fixed up for you!

Money Back Guarantees