Force SSL using .htaccess file

Posted on 2006-05-03
Last Modified: 2008-01-09

Here is what I have my .htaccess file set at, but if I type in, it still will not force to https://

I also need it so when a user types in, it forces to

any help?  thank you.

# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
order deny,allow
deny from all
AuthUserFile service.pwd
AuthGroupFile service.grp
rewriteEngine on
rewriteCond %{HTTP_HOST} !^mydomain\.com
rewriterule (.*)$1 [R=301,L]
Question by:jpegvarn
    LVL 4

    Accepted Solution

    According to the Apache SSL man page, you need to use SSLRequireSSL

    Syntax: SSLRequireSSL
    Context: server config, virtual host, .htaccess, directory
    Override: FileInfo
    Status: Extension
    Module: Apache-SSL
    Compatibility: ??

    Require SSL. This can be used in sections (and elsewhere) to protect against inadvertantly disabling SSL. If SSL is not in use when this directive applies, access will be refused. This is a useful belt-and-braces measure for critical information. Conversely, deny SSL connections with SSLDenySSL.


    <Directory /some/where/important>

    Another example I found was:

    The following snippet can be put in your .htaccess file to force access to go through an encrypted connection:

    <IfModule !mod_ssl.c>
      RedirectMatch /(.*)$$1
    Observe the https in the redirect.

    (Note: if you are using a Personal Domain or CGI Scripts with a password, you will need to change www to username.web or cgi respectively).

    Got that info from:  (which, btw, is a GREAT page for all kinds of useful methods for securing a page)

    LVL 5

    Assisted Solution

    LVL 51

    Assisted Solution

    RewriteEngine On
    RewriteCond %{Server_Name} ^www\.
    RewriteRule (.*)  https://%{REQUEST_URI} [L]
    RewriteCond %{HTTPS} !^on$
    RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [L]
    # feel free to use R, P flag as you like

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
    Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now