LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

How to Force and Redirect HTTPS with .htaccess

This article was contributed by Dustin Cisneros at RackNerd, a web hosting and infrastructure as a service provider which was recently voted #1 by the LowEndTalk community! If you are looking for a Linux VPS, Ryzen VPS, Windows VPS, or shared and reseller hosting services, be sure to take a look at RackNerd’s latest special offers here.

Currently, most of the websites today run through SSL. Once you have installed the SSL certificate, proceed with the configuration of the application to serve all the web traffic over HTTPS. HTTP adds encryption to communication that occurs between a server and the client. HTTPS does this by using TLS/SSL. This encryption option isn’t possible with HTTP. There are several other points that make HTTPS stand out compared to HTTP:

  • It is said that ranking system of search engines prefers HTTPS, so if you use it, there are more chances for your site to rank higher:
  • Most of the commonly used browsers mark the websites that use HTTPS as safe.
  • The information going from both server to client or client to server is encrypted, hence, greater security is provided.

Let’s see how we can force all web traffic to HTTPS from HTTP using .htaccess

How to redirect HTTP to HTTPS via .htaccess

The .htaccess is basically a configuration file that is used on Apache’s server. The dot in front represents that the file cannot be viewed, as it is hidden by default. .htaccess file defines how Apaches serve the files from the directory.  .htaccess is usually placed in the domain root directory but the subdirectories can contain other .htaccess as well

SSH or FTP can be used to either create a new file or edit the .htaccess file.

Now for redirecting to HTTPS as discussed before, the code below should be used:

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Let us discuss one by one what the above codes represent

RewriteEngine On

The code above makes it possible to rewrite the rules

RewriteCond %{HTTPS} off

The code above is used to find out whether the connection is of HTTP request type or not and if it is then the next command is executed

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This rule is able to rewrite http://example.com/about to http://example.com/about or http://www.example.com/about to https://www.example.com/about

Once these lines are added you should save your file and check after refreshing, this step will lead to all HTTP files being redirected to HTTPS

There are other rules for redirecting HTTP to HTTPS for example:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

REQUEST_URI Page is accessed by using this URI

HTTP_HOST Represents the hostname that is requested when visitor accesses the site.

Redirecting non-WWW to WWW and HTTP to HTTPS 

As we know, either WWW or non WWW Url is used for accessing any site. The lines below can be added to .htaccess to achieve the redirection above:

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]

 Two conditions should be fulfilled in order to make it possible to redirect:

  1. If the request starts with WWW or not.
  2. Connection should not be HTTPS

Even one of the conditions is enough to execute the rewrite rule.

Redirecting non-WWW to WWW and HTTP to HTTPS

Run the code :

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

If you have any questions or feedback, we would love to hear it in the comments section below! We hope you found this tutorial on how to redirect your website to HTTPS helpful.

raindog308

5 Comments

  1. It seemed difficult to do, but I did it thanks to this detailed and specific guide. Thank you very much for this useful sharing.

    July 1, 2021 @ 3:06 am | Reply
    • Hi drift boss, awesome to hear! Happy to see you were able to accomplish this. Good work!

      If you have any content ideas, we’re happy to contribute more. Just let us know here :)

      July 1, 2021 @ 8:41 pm | Reply
  2. Rhinox:

    I’m not sure this is the most effective way, as it needs to read top server directory. IMHO, using “Redirect permanent” in “VirtualHost” declaration is much faster.

    Generally, I’d recommend using .htaccess only in cases where VirtualHost user wants to do it on his own, and change it from time to time…

    July 1, 2021 @ 2:45 pm | Reply
    • Hi Rhinox, Thanks for the feedback – that’s certainly another approach to doing it as well.

      This particular method is also useful for those who are within shared hosting environments whereby the user does not receive escalated SSH privileges.

      July 1, 2021 @ 8:40 pm | Reply
  3. Your article is very good and useful, thank you for sharing, bk8 hopes that next time you will have more good articles to send to all readers.

    April 10, 2022 @ 3:35 pm | Reply

Leave a Reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published. Required fields are marked *