Force SSL https using htaccess and mod rewrite

Question

How can I force to SSL https using  htaccess and mod rewrite page specific in PHP

User · Accepted Answer

For Apache  you can use mod ssl to force SSL with the SSLRequireSSL Directive      This directive forbids access unless HTTP over SSL  i e  HTTPS  is enabled for the current connection  This is very handy inside the SSL-enabled virtual host or directories for defending against configuration errors that expose stuff that should be protected  When this directive is present all requests are denied which are not using SSL    This will not do a redirect to https though  To redirect  try the following with mod rewrite in your  htaccess file  RewriteEngine On RewriteCond   HTTPS    on RewriteRule   https     HTTP HOST   REQUEST URI   L R 301    or any of the various approaches given at   http   www askapache com htaccess http-https-rewriterule-redirect html   You can also solve this from within PHP in case your provider has disabled  htaccess  which is unlikely since you asked for it  but anyway   if   isset   SERVER  HTTPS         SERVER  HTTPS        on         if  headers sent              header  Status  301 Moved Permanently            header sprintf               Location  https    s s                 SERVER  HTTP HOST                  SERVER  REQUEST URI                       exit

User · Answer

Simple one    RewriteEngine on RewriteCond   HTTP HOST    www  example  com   80    NC  RewriteRule       https   example com  1  R 301 L  order deny allow   replace your url with example com

User · Answer

Mod-rewrite based solution    Using the following code in htaccess automatically forwards all http requests to https   RewriteEngine on  RewriteCond   HTTPS     HTTP HOST   off     www          RewriteRule   https   www  1  REQUEST URI   NE L R    This will redirect your non-www and www http requests to www version of https   Another solution  Apache 2 4    RewriteEngine on  RewriteCond   REQUEST SCHEME     HTTP HOST   http     www          RewriteRule   https   www  1  REQUEST URI   NE L R    This doesn t work on lower versions of apache as   REQUEST SCHEME  variable was added to mod-rewrite since 2 4

User · Answer

This code works for me  RewriteEngine On RewriteBase   RewriteCond   HTTP X-HTTPS   1 RewriteRule        https     HTTP HOST   1  R 301 L

User · Answer

try this code  it will work for all version of URLs like   website com www website com http   website com http   www website com  RewriteCond   HTTPS  off RewriteCond   HTTPS HOST    www website com   NC  RewriteRule        https   www website com  1  L R 301

User · Answer

I found a mod rewrite solution that works well for both proxied and unproxied servers   If you are using CloudFlare  AWS Elastic Load Balancing  Heroku  OpenShift or any other Cloud PaaS solution and you are experiencing redirect loops with normal HTTPS redirects  try the following snippet instead   RewriteEngine On    If we receive a forwarded http request from a proxy    RewriteCond   HTTP X-Forwarded-Proto   http  OR        or just a plain old http request directly from the client RewriteCond   HTTP X-Forwarded-Proto      RewriteCond   HTTPS    on    Redirect to https version RewriteRule   https     HTTP HOST   REQUEST URI   L R 301

User · Answer

I d just like to point out that Apache has the worst inheritance rules when using multiple  htaccess files across directory depths  Two key pitfalls    Only the rules contained in the deepest  htaccess file will be performed by default  You must specify the RewriteOptions InheritDownBefore directive  or similar  to change this   see question  The pattern is applied to the file path relative to the subdirectory and not the upper directory containing the  htaccess file with the given rule   see discussion    This means the suggested global solution on the Apache Wiki does not work if you use any other  htaccess files in subdirectories  I wrote a modified version that does   RewriteEngine On   This will enable the Rewrite capabilities  RewriteOptions InheritDownBefore   This prevents the rule from being overrided by  htaccess files in subdirectories   RewriteCond   HTTPS    on   This checks to make sure the connection is not already HTTPS  RewriteRule   https     SERVER NAME   REQUEST URI   QSA R L    This rule will redirect users from their original location  to the same location but using HTTPS    i e   http   www example com foo  to https   www example com foo

User · Answer

PHP Solution  Borrowing directly from Gordon s very comprehensive answer  I note that your question mentions being page-specific in forcing HTTPS SSL connections   function forceHTTPS       httpsURL    https       SERVER  HTTP HOST     SERVER  REQUEST URI      if  count    POST   gt 0       die   Page should be accessed with HTTPS  but a POST Submission has been sent here  Adjust the form to point to    httpsURL      if   isset    SERVER  HTTPS          SERVER  HTTPS      on         if   headers sent            header   Status  301 Moved Permanently           header   Location   httpsURL           exit         else        die    lt script type  javascript  gt document location href     httpsURL     lt  script gt                    Then  as close to the top of these pages which you want to force to connect via PHP  you can require   a centralised file containing this  and any other  custom functions  and then simply run the forceHTTPS   function   HTACCESS   mod rewrite Solution  I have not implemented this kind of solution personally  I have tended to use the PHP solution  like the one above  for it s simplicity   but the following may be  at least  a good start   RewriteEngine on    Check for POST Submission RewriteCond   REQUEST METHOD    POST     Forcing HTTPS RewriteCond   HTTPS    on  OR  RewriteCond   SERVER PORT  80   Pages to Apply RewriteCond   REQUEST URI   something secure  OR  RewriteCond   REQUEST URI   something else secure RewriteRule    https     SERVER NAME   REQUEST URI   R 301 L     Forcing HTTP RewriteCond   HTTPS   on  OR  RewriteCond   SERVER PORT  443   Pages to Apply RewriteCond   REQUEST URI   something public  OR  RewriteCond   REQUEST URI   something else public RewriteRule    http     SERVER NAME   REQUEST URI   R 301 L

User · Answer

Simple and Easy   just add following  RewriteEngine On RewriteCond   HTTPS  off RewriteRule        https     HTTP HOST   REQUEST URI   L R 301

[php] Force SSL/https using .htaccess and mod_rewrite

Examples related to php

Examples related to .htaccess

Examples related to mod-rewrite

Examples related to ssl

Examples related to https