How to force HTTPS / SSL using the .htaccess file

It is becoming increasingly popular and in many cases required for websites to have an SSL certificate. One use case would be on a website that collects payments from end users. Payment processing requires an encrypted connection (HTTPS) to keep information safe as it is transferred across the internet. Another important reason to do this is because search engines are actually ranking websites based on this and it can have a negative effect on you SEO to not have one, even if you are not transferring sensitive information.

Once a SSL certificate is installed on your website, it is important that users are directed to pages using the HTTPS protocol like this, https://www.someurl.com. If a user enters www.someurl.com in the browser, your site should direct them to a secure version of that URL automatically.

A module known as mod_rewrite is available within Apache and can be used to redirect all or some of the urls on a website. This modules configuration can be managed in the .htaccess file.

.htaccess is the default name of Apache’s directory-level configuration file. It is used to customize configuration directives defined in the main configuration file.

Your website most likely already has a .htaccess file in the website’s root file directory. If not create a new file in the websites root file directory and name it .htaccess.

To force SSL connections using the mod_rewrite module, you would add the following to the website’s root .htaccess file. Make sure to check if there are existing entries for any of the following settings in your .htaccess file to avoid duplicate or conflicting rewrite rules.

When setting rewrite rules we have several options as to when and how to implement redirects. I am going to outline two very common implementations below:

1: Redirect all traffic for a specific domain.

1: The first line simply turns on the RewriteEngine.

RewriteEngine On

2: The second line tells the rule what domain to redirect.

RewriteCond %{HTTP_HOST} ^someurl.com [NC]

3: The third line will define which port to apply the rewrite to. In this case it is port 80.

RewriteCond %{SERVER_PORT} 80

4: The fourth line tells the server where to redirect the request to.

RewriteRule ^(.*)$ https://www.someurl.com/$1 [R,L]

All together it should look like this.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^someurl.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.someurl.com/$1 [R,L]

2: Redirect all traffic for a specific folder. This time instead of adding the below to the root .htaccess file, we will add it to a .htaccess file in the folder that we are applying the redirect to. Again, if the file doesn’t exists, simply create a new .htaccess and add the lines described below.

1: Just like before , the first line simply turns on the RewriteEngine.

RewriteEngine On

2: The second line will tell the rule which port to apply the rewrite to. In this case it is port 80.

RewriteCond %{SERVER_PORT} 80

3: The third line tells the will determine which folder to apply the rule to.

RewriteCond %{REQUEST_URI} folder_name

4: The fourth line tells the server where to redirect the request to.

RewriteRule ^(.*)$ https://www.someurl.com/folder/$1 [R,L]

5: All together it should look like this.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^someurl.com [NC]
RewriteCond %{REQUEST_URI} folder_name
RewriteRule ^(.*)$ https://www.someurl.com/$1 [R,L]

Thank you for reading. I hope you find this article helpful and please comment below with any questions. Happy coding! 🙂