Force https for entire server/domain
What you have should be fine, this is what I use:
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
The R
signifies it's a redirect instead of a rewrite, and the L
indicates that the rewrite engine should not perform any more rewrites.
I originally found this here: Httpd Wiki
Edit:
I forgot to mention the SSLRequireSSL
directive that forces all requests to be over HTTPS. Details can be found in the Apache Documentation.
Comments
-
da5id almost 2 years
I am developing a number of forms which should only be accessed via https. I have a dedicated server with its own cert and all the good stuff.
So my question is two-fold really:
1). What's the best way to force every request to be https? Is there a better way than this .htacess/mod_rewrite rule:
RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
2). Are there any potential pitfalls or downside to forcing everything to be https that I should be thinking about (other than overhead, which wouldn't seem to be an issue anyway)?
-
da5id about 15 yearsFor some reason, on my configuration, your method doesn't work whereas 'mine' does. Any idea why? Also, thanks or the tip on SSLRequireSSL, but my understanding is that will bounce non-https requests which is not what I want in this case.
-
Summer Sun about 15 yearsInteresting, what version of Apache are you running?