Force HTTPS SSL Access for a URL with Apache

The situation is: you have an web application or URL that you would like to force your users (or yourself) to use the [tag]secure[/tag] [tag]https[/tag] protocol rather than the unencrypted http protocol. This is easy to do with [tag]Apache[/tag] and [tag].htaccess[/tag].

Create or add to the .htaccess file in the root of the web directory you would like to force redirect for. Add the following lines:

RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

This says that if https is off, reload the page at the same location using HTTPS instead.

Tagged: apache, http, http protocol, SSL, web application, web directory

No Trackbacks

4 Comments

barf

Thanks, worked a treat. I’d tried lots of RewriteCond using server-port but couldn’t get it to work.

Posted June 16, 2008 at 10:09 pm | Permalink
Jim

This is just the tip I needed. Thanks!

Posted August 22, 2008 at 9:46 am | Permalink
damupi

tks 4 the code

Posted December 3, 2008 at 5:47 am | Permalink
gloryforixseal

I found lots of interesting information here. The post was professionally written and I feel like the author has extensive knowledge in the subject. Keep it that way.

Posted June 24, 2009 at 9:02 pm | Permalink