Solved

force https on all http pages in .htaccess file

Posted on 2012-04-11
11
967 Views
Last Modified: 2012-04-11
I have the following code in my wordpress .htaccess file:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /dev/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /dev/index.php [L]
</IfModule>

# END WordPress

However, I need to force all of these pages to be over https.  What lines do I add?  So if a user does navigate to any page on my site over port 80, it should automatically serve up that same page but over 443.

Any ideas experts?
0
Comment
Question by:COwebmaster
11 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
Comment Utility
In case you wish to force HTTPS for a particular folder you can use:

RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} somefolder RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]


http://stackoverflow.com/questions/1108706/correctly-switching-between-http-and-https-using-htaccess


http://www.besthostratings.com/articles/force-ssl-htaccess.html
0
 
LVL 17

Accepted Solution

by:
Anuroopsundd earned 500 total points
Comment Utility
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain.com/$1 [R,L]

http://davidwalsh.name/force-secure-ssl-htaccess
0
 
LVL 8

Expert Comment

by:X-treem
Comment Utility
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
0
 

Author Comment

by:COwebmaster
Comment Utility
Okay, I tried the following:

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

However, if type in www.domain.com, it does not redirect to https://www.domain.com

I also tried this:

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain.com/$1 [R,L]

And the page just hangs in the browser.

So, I don't want the user to redirect to any folder or page.  if the user types into the browser to www.domain.com/page-1 or http://www.domain.com/page-1, I want to redirect them to https://www.domain.com/page-1

So whichever page they are on, it converts to https.  Any ideas?
0
 
LVL 17

Expert Comment

by:Anuroopsundd
Comment Utility
RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://www.example.com/[R]
0
Easy Project Management (No User Manual Required)

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:COwebmaster
Comment Utility
Sorry, that didn't work either.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
Comment Utility
have you restarted apache after changes?
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
You may be able to do this in PHP, as well.
<?php // RAY_https_only.php
error_reporting(E_ALL);

// DEMONSTRATE HOW TO RESTRICT A SCRIPT SO THAT IT ONLY RUNS BEHIND HTTPS

// IF NOT HTTPS
if (empty($_SERVER["HTTPS"]))
{
    // CONSTRUCT THE HTTPS URL WE WANT, PRESERVING GET VARS
    $my_uri
    = 'https://'
    . $_SERVER["HTTP_HOST"]
    . $_SERVER["REQUEST_URI"]
    ;

    // BAIL OUT WITH 301 AND LOCATION
    header("HTTP/1.1 301 Moved Permanently");
    header("Location: $my_uri");
    exit;
}

// ELSE WE ARE ALREADY IN HTTPS - START SESSION FOR HTTPS ONLY IN ALL SUBDIRECTORIES AND ALL SUBDOMAINS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
if ($y == 1) // MAYBE 'localhost'?
{
    $cookie_domain = $x[0];
}
else // SOMETHING LIKE 'www2.atf70.whitehouse.gov'?
{
    // USE THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN
    $cookie_domain = '.' . $x[$y-2] . '.' . $x[$y-1];
}

$sess_name = session_name();
if (session_start())
{
    // MAN PAGE: http://us2.php.net/manual/en/function.setcookie.php
    setcookie($sess_name, session_id(), NULL, '/', $cookie_domain, TRUE, TRUE);
}

Open in new window

0
 

Author Comment

by:COwebmaster
Comment Utility
okay, and where would that php page go?

I didn't restart apache.  Do I need to  after making a change to the htaccess file?  So my file is like this:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /dev/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /dev/index.php [L]
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://www.domain.com/dev/ [R]
</IfModule>

Is that correct?
0
 

Author Comment

by:COwebmaster
Comment Utility
Okay, I got it to work.  I placed the following in my functions.php page:

//force redirect to secure page
if($_SERVER['SERVER_PORT'] != '443') { header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); exit(); }

That forced every page to https.
0
 

Author Closing Comment

by:COwebmaster
Comment Utility
I got my php solution on David Walsh's site.  Thanks Anuroopsundd!
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
This article discusses how to create an extensible mechanism for linked drop downs.
This video teaches users how to migrate an existing Wordpress website to a new domain.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now