How to Force and Redirect HTTPS with .htaccess

This article was contributed by Dustin Cisneros at RackNerd, a web hosting and infrastructure as a service provider which was recently voted #1 by the LowEndTalk community! If you are looking for a Linux VPS, Ryzen VPS, Windows VPS, or shared and reseller hosting services, be sure to take a look at RackNerd’s latest special offers here.

Currently, most of the websites today run through SSL. Once you have installed the SSL certificate, proceed with the configuration of the application to serve all the web traffic over HTTPS. HTTP adds encryption to communication that occurs between a server and the client. HTTPS does this by using TLS/SSL. This encryption option isn’t possible with HTTP. There are several other points that make HTTPS stand out compared to HTTP:

  • It is said that ranking system of search engines prefers HTTPS, so if you use it, there are more chances for your site to rank higher:
  • Most of the commonly used browsers mark the websites that use HTTPS as safe.
  • The information going from both server to client or client to server is encrypted, hence, greater security is provided.

Let’s see how we can force all web traffic to HTTPS from HTTP using .htaccess

The .htaccess is basically a configuration file that is used on Apache’s server. The dot in front represents that the file cannot be viewed, as it is hidden by default. .htaccess file defines how Apaches serve the files from the directory.  .htaccess is usually placed in the domain root directory but the subdirectories can contain other .htaccess as well

SSH or FTP can be used to either create a new file or edit the .htaccess file.

Now for redirecting to HTTPS as discussed before, the code below should be used:

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} (L,R=301)

Let us discuss one by one what the above codes represent

RewriteEngine On

The code above makes it possible to rewrite the rules

RewriteCond %{HTTPS} off

The code above is used to find out whether the connection is of HTTP request type or not and if it is then the next command is executed

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} (L,R=301)

This rule is able to rewrite http://example.com/about to http://example.com/about or http://www.example.com/about to https://www.example.com/about

Once these lines are added you should save your file and check after refreshing, this step will lead to all HTTP files being redirected to HTTPS

There are other rules for redirecting HTTP to HTTPS for example:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} (L,R=301)

REQUEST_URI Page is accessed by using this URI

HTTP_HOST Represents the hostname that is requested when visitor accesses the site.

As we know, either WWW or non WWW Url is used for accessing any site. The lines below can be added to .htaccess to achieve the redirection above:

RewriteEngine On
RewriteCond %{HTTPS} off (OR)
RewriteCond %{HTTP_HOST} ^www.example.com (NC)
RewriteRule ^(.*)$ https://example.com/$1 (L,R=301)

 Two conditions should be fulfilled in order to make it possible to redirect:

  1. If the request starts with WWW or not.
  2. Connection should not be HTTPS

Even one of the conditions is enough to execute the rewrite rule.

Run the code :

RewriteEngine On
RewriteCond %{HTTPS} off (OR)
RewriteCond %{HTTP_HOST} ^example.com (NC)
RewriteRule ^(.*)$ https://www.example.com/$1 (R=301,L)

If you have any questions or feedback, we would love to hear it in the comments section below! We hope you found this tutorial on how to redirect your website to HTTPS helpful.

raindog308

I’m Andrew, techno polymath and long-time LowEndTalk community Moderator. My technical interests include all things Unix, perl, python, shell scripting, and relational database systems. I enjoy writing technical articles here on LowEndBox to help people get more out of their VPSes.