We help IT Professionals succeed at work.

Configure an htaccess file with an SSL Certificate

gisvpn
gisvpn asked
on
Hello,

I have an SSL certificate installed on my Apache server where I am doing some WordPress development. I am new to the use and configuration of the SSL certificate however and am looking for help.

I have the certificate installed on the server and I believe that I need to configure the htacess document to define the pages or folders in which I need the browser to be forced to go to its HTTPs address. I have some examples below which I would need a little help with to configure as examples.

Http://www.domain.com/newsletter/signup.html

Http://www.domain.com/portal

I would like to ensure that when users are viewing the Http://www.domain.com/newsletter/signup.html URL they can only ever see Https://www.domain.com/newsletter/signup.html - i.e. they cannot see the HTTP unsecure version.

With the Http://www.domain.com/portal URL I would like to ensure *ALL* the pages and files held within this folder are only ever viewed via HTTPs also.

Also as a general question, is there more than one way of doing this? I have been reading up on the internet to see if I can find out more information about this however it appears that there are different techniques to doing this - is there a standard recommended one at all thats generally accepted as the normal one?

Many thanks in advance.

Regards,

GISVPN
Comment
Watch Question

Commented:
An easy to way to always redirect the user to secure connection (https://) can be accomplished with a .htaccess file containing the following lines:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Please, note that the .htaccess should be located in the web site main folder.

In case you wish to force HTTPS for a particular folder you can use:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} somefolder
RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]
The .htaccess file should be placed in the folder where you need to force HTTPS.

Author

Commented:
Hi vinsvin - thanks for the post.

Can I ask is this the standard way of doing this - i.e. is there only one way to do this? Dose one method cause problems over another method for example?

In the examples you have given I would do the following :

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ Http://www.domain.com/newsletter/signup.html$1 [R,L]

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} portal
RewriteRule ^(.*)$ https://www.domain.com/portal/$1 [R,L]

Many thanks,

Regards,

GISVPN

Commented:
i guess this is the best and easiest way to always redirect the user to secure connection.

Author

Commented:
ok great thanks

Explore More ContentExplore courses, solutions, and other research materials related to this topic.