Using .htaccess to force redirection of all traffic to HTTPS

If you have implemented an SSL certificate on your site and want to easily redirect ALL requests to HTTPS (which is security best practice and easily avoids unsightly protocol mismatch errors within a users browser), you can use a very simple addition to your .htaccess file to complete this.

How to

Simply add the following to your .htaccess file:

RewriteEngine On 
 RewriteCond %{HTTPS} !on 
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

You will then be forced by Apache to load resources using HTTPS.

Troubleshooting

If this does not take effect, you will need to examine whether your host is disabling .htaccess files within your environment (which is fairly rare).

You will also need to spend some time confirming that all resources are either being loaded using relative links from your code or are not being called from external services on HTTP to avoid any content protocol mismatch errors for your users.

Leave a Reply

Your email address will not be published.