How to Force HTTPS with .htaccess in Apache


how to force https .htaccess apache

HTTPS is a secure protocol that encrypts all data transferred between your web server and users’ web browsers. It not only makes your website secure but also improves its credibility. However, once you have installed SSL certificates on your website, it is advisable to force HTTPS for all URLs on your website, so that it is totally secure. Let us look at how to force HTTPS with .htaccess in Apache. This means redirecting all HTTP pages to HTTPS.

 

How to Force HTTPS with .htaccess in Apache

Here are the steps to force HTTPS with .htaccess in Apache. Before you proceed, please ensure that you have enabled .htaccess (mod_rewrite) in Apache. If not, then here are the steps to do it :

 

Open the .htaccess file with a text editor. It is typically placed at the site’s document root folder (/var/www/html)


$ sudo vim /var/www/html/.htaccess

 

If you have placed your site in a subfolder, place your .htaccess file in the subfolder.

 

Add the following rules to .htaccess file


RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

 

The above code checks if HTTPS is off for each requested URL, and if so, then redirects it to the https version of the same URL.

In this case if requested URL starts with www, then it will be redirected to its www version. If it starts without www, then it will be redirected to its non-www version.

 

That’s it! Please remember to restart Apache server to apply the changes. Now Apache server will automatically force HTTPS on all requested HTTP URLs.

 

Redirect to HTTPS and WWW (Optional)

Sometimes, you may want to force non-www HTTP requests to HTTPS and www version URLs. In that case, paste the following code.


<IfModule mod_rewrite.c>
  RewriteCond %{HTTPS} off [OR]
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteCond %{HTTP_HOST} ^(.*)$ [NC]
  RewriteRule (.*) https://www.%1/$1 [R=301,L]
</IfModule>

The above code does 3 things:

  1. Checks if mod_rewrite is installed
  2. Checks if HTTPS is off or www is absent in the URL.
  3. If condition #2 is true, then it will redirect the HTTP request to its HTTPS and www version.

 

Redirect to HTTPS and Non-WWW (Optional)

Sometimes, you may want to force www HTTP requests to HTTPS and non-www version URLs. In that case, paste the following code.


<IfModule mod_rewrite.c>
  RewriteCond %{HTTPS} off [OR]
  RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
  RewriteRule (.*) https://example.com/$1 [L,R=301]
</IfModule>

The above code does 3 things:

  1. Check if mod_rewrite is enabled
  2. Check if URL has HTTPS turned off, or has www
  3. If condition #2 is satisfied, then redirect it to HTTPS and non-www version.

 

 

 

 

About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!