Tips & Tricks for Technologists & System Administrators | About & Contact

Force HTTPS SSL Access for a URL with Apache



The situation is: you have an web application or URL that you would like to force your users (or yourself) to use the secure https protocol rather than the unencrypted http protocol. This is easy to do with Apache and .htaccess.

Create or add to the .htaccess file in the root of the web directory you would like to force redirect for. Add the following lines:

1
2
3
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

This says that if https is off, reload the page at the same location using HTTPS instead.


Originally posted 20070806 and last touched 20070806
Dave Drager+ is the Chief Technology Officer at XDA-Developers, where he keeps the server farm running efficiently for millions of visitors per day. He has written previously for the technology blogs Lifehacker and MakeUseOf.


  • barf

    Thanks, worked a treat. I’d tried lots of RewriteCond using server-port but couldn’t get it to work.

  • barf

    Thanks, worked a treat. I’d tried lots of RewriteCond using server-port but couldn’t get it to work.

  • Jim

    This is just the tip I needed. Thanks!

  • Jim

    This is just the tip I needed. Thanks!

  • damupi

    tks 4 the code

  • damupi

    tks 4 the code

  • gloryforixseal

    I found lots of interesting information here. The post was professionally written and I feel like the author has extensive knowledge in the subject. Keep it that way.

  • gloryforixseal

    I found lots of interesting information here. The post was professionally written and I feel like the author has extensive knowledge in the subject. Keep it that way.