htaccess file to redirect traffic to https

I've got a security certificate installed and I want to direct all online traffic to the https: version of my site.

How do I configure my htaccess file to do that?

Also, do I need to be sensitive to anything as far as my directories are concerned? It seems like in the past any images coming from a folder that wasn't considered "secure" wouldn't show up. Is there anything I need to do before flipping the switch to ensure that all my accessories (images, mp3 files, etc.) are showing up the way they need to?
brucegustPHP DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Amar BardoliwalaCommented:
Hello brucegust,

for entire site you can set your .htaccess file to something like following

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Hope this will help you.

Thank you.

Amar Bardoliwala
0
Ray PaseurCommented:
In your PHP scripts you can look for HTTPS in the $_SERVER array.

<?php // RAY_https_only.php
error_reporting(E_ALL);


// DEMONSTRATE HOW TO RESTRICT A SCRIPT SO THAT IT ONLY RUNS BEHIND HTTPS


// IF NOT HTTPS
if (empty($_SERVER["HTTPS"]))
{
    // CONSTRUCT THE HTTPS URL WE WANT, PRESERVING GET VARS
    $my_uri
    = 'https://'
    . $_SERVER["HTTP_HOST"]
    . $_SERVER["REQUEST_URI"]
    ;

    // BAIL OUT WITH 301 AND LOCATION
    header("HTTP/1.1 301 Moved Permanently");
    header("Location: $my_uri");
    exit;
}

// ELSE WE ARE ALREADY IN HTTPS - START SESSION FOR HTTPS ONLY IN ALL SUBDIRECTORIES AND ALL SUBDOMAINS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
if ($y == 1) // MAYBE 'localhost'?
{
    $cookie_domain = $x[0];
}
else // SOMETHING LIKE 'www2.atf70.whitehouse.gov'?
{
    // USE THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN
    $cookie_domain = '.' . $x[$y-2] . '.' . $x[$y-1];
}

$sess_name = session_name();
if (session_start())
{
    // MAN PAGE: http://php.net/manual/en/function.setcookie.php
    setcookie($sess_name, session_id(), NULL, '/', $cookie_domain, TRUE, TRUE);
}

Open in new window

0
brucegustPHP DeveloperAuthor Commented:
Guys, I've already got this in place:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule ([0-9]+)$ qr/contestant.php?id=$1 [L,NC,QSA]

How do I implement your counsel, while still preserving this dynamic?
0
arober11Commented:
Just combine them into one block e.g.

RewriteEngine On 

RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ([0-9]+)$ qr/contestant.php?id=$1 [L,NC,QSA]

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.