How do I force SSL using .htaccess

There are many ways to force SSL for your site depending on your content. The following tutorial shows one of the most common methods to force SSL by using mod_rewrite within your .htaccess file.

Insert the code given below into the .htaccess file in the root folder of your site to force all web traffic to use HTTPS [SSL].  It is important that you insert this above any pre-existing mod_rewrite code.

[alert] Note: Insert the code above any pre-existing mod_rewrite code.[/alert]

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]

If you want to force only a specific domain to HTTPS use the following code. In addition, be sure to replace “example\.com” with your “actual domain” name.  The backslash

[alert] Note: The backslash “\” before the period is important.[/alert]

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]

If you force SSL using these .htaccess rules and you end up with an “endless redirection” or similar. It is quite likely your script/software is trying to re-direct back to non-ssl which is then being re-directed by .htaccess back to SSL.  In this case, you will likely need to configure SSL usage within your script/software directly.

Powered by BetterDocs

Leave a Reply

Your email address will not be published. Required fields are marked *

en_USEnglish