Linux Sysadmin Blog

Force Url to Use SSL/https

- | Comments

In some cases you would want to have your site use SSL (https://) at all times you can do this by using:

1.) Using Htaccess/mod_rewrite. You only need to create a .htaccess file on your home directory and add the codes below:

1
2
3
4
5
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>

The above codes may not work on other Apache/php setup but i’m not sure what’s the exact configuration variable for that.

Anyway, here are my alternatives. Either of them is fine if you’re running http and https on standard ports (http=80, https=443), otherwise change the value to your custom http or https port. Change domain.com to your domain.

1
2
3
4
5
6
7
8
9
10
11
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} ^**80**$
RewriteRule ^(.*)$ https://**domain.tld**/$1 [R,L]
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://**domain.tld**/$1 [L,R]
</IfModule>

2.) PHP function. If your site use PHP you can redirect the url to SSL/https using this function:

1
2
3
4
5
6
7
8
9
<?php
function ForceHTTPS(){
if( $_SERVER['HTTPS'] != ``"on")   {
//if( $_SERVER['SERVER_PORT'] == 80 )   {  _**<<-- use this line if the above will not work.**_``
$new_url = "https://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
header(``"``Location: $new_url``"``);
exit; }
}
?>

If you are using an application/script wherein you can enter the settings for site url (either from database or config file), it is better to use that settings.

Let me know if you run into issues, maybe i can help. :)

Comments