How do you force an HTTPS connection?

How do I ensure that when you switch to a webpage that it is HTTPS?

Debbie

The web host sets that up. Contact them to make it happen.

WHAT???

Noooooooooo…

You set it in the .htaccess file

Debbie


Options +Symlinks
RewriteEngine On
RewriteCond %{REQUEST_URI} ^(path1|path2|path3)
RewriteCond %{SERVER_PORT} ^80$
RewriteRule .? https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

That will 301 redirect all requests to URLs that start with either “path1”, “path2” or “path3” to its https:// counterpart if requested over http://

Change (path1|path2|path3) to suit your needs :slight_smile:

Of course the reverse is


Options +Symlinks
RewriteEngine On
RewriteCond %{REQUEST_URI} !^(path1|path2|path3)
RewriteCond %{SERVER_PORT} ^443$
RewriteRule .? http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

So that any request that is not for “path1”, “path2”, “path3” but is requested over https will be redirected to http.

Well I could of swore that’s what I did when I client asked for it. But from the sounds of it they prob just put that in the .htaccess themselves then. If you new that it was just some htaccess code then why not just google it?

Why not Google it?

Same reason thousands of other people don’t “Google it” and instead come to SitePoint… To get quicker and better answers that you can trust.

Debbie

What exactly is mod_rewrite and how does it relate to the .htaccess file?

Is there a better strategy to use for a larger website?

For instance, I think some people have recommended putting all pages that must be HTTPS in a “secure” directory and then just applying a rule to that entire directory?!

Your code above would do what I want, but if I need to do this for 100 pages, it would be a maintenance nightmare.

Thanks,

Debbie

mod_rewrite is a plugin for Apache that allows you to rewrite (hence the name! ;)) URLs.

You can use its directives in .htaccess files, or in httpd.conf if you have access to that.
It’s faster if you can put it in the httpd.conf because then it’s only loaded and parsed once (when Apache is start up) instead of for every request which is what happens for .htaccess files.

Yes, you could sure do that!

I have a VPS but don’t know Linux.

How hard would it be to edit that file?

Would I have to bring down the server?

Yes, you could sure do that!

Can you help me figure out how to do that?

Maybe I could have a folder called “secure” and put things like “login.php” and “checkout.php” and “account_view.php” in that directory.

So if you ever go to any of those pages, it is 100% guaranteed you will be switched from HTTP to HTTPS even if you typed in the URL yourself.

Help with that would be, well… helpful!! :smiley:

Thanks,

Debbie

No, Sitepoint is for asking questions to answers you couldn’t find on your own. Googling https .htaccess throws up many relavent answers.

It’s not very hard. First you have to know where it is (it’s different for different distro’s), but that’s where the find command comes in handy


find / -name httpd.conf

When you’ve found it (let’s say it’s in /etc/httpd.conf) edit it, using something like vim


vim /etc/httpd.conf

You should google a manual for vim, I’m not going to walk you through that (too much to type and I’m not looking for carpel tunnel at the moment ;))

Yup sounds good, but isn’t that what you suggested in your earlier post?

Yes indeed!

I second that.

So does EVERY topic discussed on SitePoint…

Since you didn’t know what a .htaccess file was, maybe YOU should go read up on it yourself?

I just came here to see different opinions and approaches on the topic posted above. (Not to argue.)

Debbie

DD,

There is a series of sticky posts at the top of this forum AND I still have my tutorial online (linked by my signature). BOTH will tell you all you need to know about mod_rewrite.

Regards,

DK