Force SSL using .htaccess file

Hello,

Here is what I have my .htaccess file set at, but if I type in http://mydomain.com, it still will not force to https:// 

I also need it so when a user types in http://www.mydomain.com, it forces to https://mydomain.com 

any help?  thank you.

# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName mydomain.com
AuthUserFile service.pwd
AuthGroupFile service.grp
rewriteEngine on
rewriteCond %{HTTP_HOST} !^mydomain\.com
rewriterule (.*) https://mydomain.com/$1 [R=301,L]
jpegvarnAsked:
Who is Participating?
 
MalleusMaleficarumCommented:
According to the Apache SSL man page, you need to use SSLRequireSSL

SSLRequireSSL
Syntax: SSLRequireSSL
Context: server config, virtual host, .htaccess, directory
Override: FileInfo
Status: Extension
Module: Apache-SSL
Compatibility: ??

Require SSL. This can be used in sections (and elsewhere) to protect against inadvertantly disabling SSL. If SSL is not in use when this directive applies, access will be refused. This is a useful belt-and-braces measure for critical information. Conversely, deny SSL connections with SSLDenySSL.

Example:

<Directory /some/where/important>
  SSLRequireSSL
</Directory>

http://www.apache-ssl.org/docs.html


Another example I found was:

The following snippet can be put in your .htaccess file to force access to go through an encrypted connection:


<IfModule !mod_ssl.c>
  RedirectMatch /(.*)$ https://www.cse.unsw.edu.au/$1
</IfModule>
Observe the https in the redirect.

(Note: if you are using a Personal Domain or CGI Scripts with a password, you will need to change www to username.web or cgi respectively).

Got that info from: https://cgi.cse.unsw.edu.au/~csg/twiki/bin/view/FAQ/RestrictingWebAccess#Requiring_an_Encrypted_Connectio  (which, btw, is a GREAT page for all kinds of useful methods for securing a page)




0
 
ahoffmannCommented:
RewriteEngine On
RewriteCond %{Server_Name} ^www\.
RewriteRule (.*)  https://%{REQUEST_URI} [L]
RewriteCond %{HTTPS} !^on$
RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [L]
# feel free to use R, P flag as you like
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.