{"id":22546,"date":"2021-07-19T17:25:02","date_gmt":"2021-07-19T17:25:02","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=22546"},"modified":"2022-03-07T18:28:27","modified_gmt":"2022-03-07T18:28:27","slug":"how-to-force-redirect-from-http-to-https-using-htaccess","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/how-to-force-redirect-from-http-to-https-using-htaccess\/","title":{"rendered":"How to force\/redirect from http to https using .htaccess"},"content":{"rendered":"\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">This is the best for www and for HTTPS, for proxy and no proxy users<\/h2>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">RewriteEngine On\r\n\r\n<span class=\"hljs-comment\">### WWW &amp; HTTPS<\/span>\r\n\r\n<span class=\"hljs-comment\"># ensure www.<\/span>\r\nRewriteCond %{HTTP_HOST} !^www\\. &#91;NC]\r\nRewriteRule ^ https:<span class=\"hljs-comment\">\/\/www.%{HTTP_HOST}%{REQUEST_URI} &#91;L,R=301]<\/span>\r\n\r\n<span class=\"hljs-comment\"># ensure https<\/span>\r\nRewriteCond %{HTTP:X-Forwarded-Proto} !https\r\nRewriteCond %{HTTPS} off\r\nRewriteRule ^ https:<span class=\"hljs-comment\">\/\/%{HTTP_HOST}%{REQUEST_URI} &#91;L,R=301]<\/span>\r\n\r\n<span class=\"hljs-comment\">### WWW &amp; HTTPS<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n<pre class=\"wp-block-code\"><span><code class=\"hljs\"><\/code><\/span><\/pre>\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">Forcing HTTPS with WordPress\n<span class=\"hljs-comment\"># If your .htaccess file already contains some default WordPress code, enter the following above or below that code. Never enter code inside of the comment tags that start and end with:<\/span>\n\n<span class=\"hljs-comment\"># BEGIN WordPress<\/span>\n<span class=\"hljs-comment\"># END WordPress<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-3\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">RewriteEngine On\nRewriteCond %{HTTPS} !=on\nRewriteRule ^(.*)$ https:<span class=\"hljs-comment\">\/\/%{HTTP_HOST}%{REQUEST_URI} &#91;L,R=301,NE]<\/span>\nHeader always set Content-Security-Policy <span class=\"hljs-string\">\"upgrade-insecure-requests;\"<\/span>\n\n<span class=\"hljs-comment\"># BEGIN WordPress<\/span>\n<span class=\"hljs-comment\"># The directives (lines) between `BEGIN WordPress` and `END WordPress` are<\/span>\n<span class=\"hljs-comment\"># dynamically generated, and should only be modified via WordPress filters.<\/span>\n<span class=\"hljs-comment\"># Any changes to the directives between these markers will be overwritten.<\/span>\n&lt;IfModule mod_rewrite.c&gt;\nRewriteEngine On\nRewriteBase \/\nRewriteRule ^index\\.php$ - &#91;L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule . \/index.php &#91;L]\n&lt;\/IfModule&gt;\n<span class=\"hljs-comment\"># END WordPress<\/span>\n\n<span class=\"hljs-keyword\">or<\/span>\n\nRewriteEngine On \nRewriteCond %{SERVER_PORT} <span class=\"hljs-number\">80<\/span> \nRewriteRule ^(.*)$ https:<span class=\"hljs-comment\">\/\/www.example.com\/$1 &#91;R=301,L,NE]<\/span>\nHeader always set Content-Security-Policy <span class=\"hljs-string\">\"upgrade-insecure-requests;\"<\/span>\n\n<span class=\"hljs-comment\"># BEGIN WordPress<\/span>\n<span class=\"hljs-comment\"># The directives (lines) between `BEGIN WordPress` and `END WordPress` are<\/span>\n<span class=\"hljs-comment\"># dynamically generated, and should only be modified via WordPress filters.<\/span>\n<span class=\"hljs-comment\"># Any changes to the directives between these markers will be overwritten.<\/span>\n&lt;IfModule mod_rewrite.c&gt;\nRewriteEngine On\nRewriteBase \/\nRewriteRule ^index\\.php$ - &#91;L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule . \/index.php &#91;L]\n&lt;\/IfModule&gt;\n<span class=\"hljs-comment\"># END WordPress<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-3\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"example-code-1-forcing-the-domain-to-serve-securely-using-https-for-any-site\">Example Code &#8211; 1 &#8211; Forcing the domain to serve securely using HTTPS (for any site)<\/h2>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-4\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">Example Code - <span class=\"hljs-number\">1<\/span> - Forcing the domain to serve securely using HTTPS (<span class=\"hljs-keyword\">for<\/span> any site)<span class=\"hljs-comment\"># The following forces any http request to be rewritten using https. For example, the following code forces a request to http:\/\/example.com to load https:\/\/example.com. It also forces directly linked resources (images, css, etc.) to use https:<\/span>\n\nRewriteEngine On\nRewriteCond %{HTTPS} !=on\nRewriteRule ^.*$ https:<span class=\"hljs-comment\">\/\/%{SERVER_NAME}%{REQUEST_URI} &#91;R,L]<\/span>\n\n<span class=\"hljs-keyword\">or<\/span>\n\nRewriteEngine On\nRewriteCond %{HTTPS} !=on\nRewriteRule ^(.*)$ https:<span class=\"hljs-comment\">\/\/%{HTTP_HOST}%{REQUEST_URI} &#91;L,R=301,NE]<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-4\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"example-code-2-redirect-all-web-traffic\">Example Code &#8211; 2 &#8211; Redirect All Web Traffic<\/h2>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-5\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">RewriteEngine On\nRewriteCond %{SERVER_PORT} <span class=\"hljs-number\">80<\/span>\nRewriteRule ^(.*)$ https:<span class=\"hljs-comment\">\/\/www.example.com\/$1 &#91;R,L]<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-5\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"example-code-3-redirect-only-a-specific-domain\">Example Code &#8211; 3 &#8211; Redirect Only a Specific Domain<\/h2>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-6\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-comment\"># For redirecting a specific domain to use HTTPS, add the following:<\/span>\nRewriteEngine On\nRewriteCond %{HTTP_HOST} ^yourdomain\\.com &#91;NC]\nRewriteCond %{SERVER_PORT} <span class=\"hljs-number\">80<\/span>\nRewriteRule ^(.*)$ https:<span class=\"hljs-comment\">\/\/www.yourdomain.com\/$1 &#91;R,L]<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-6\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"example-code-4-redirect-only-a-specific-folder\">Example Code &#8211; 4 &#8211; Redirect Only a Specific Folder<\/h2>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-7\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-comment\"># Redirecting to HTTPS on a specific folder, add the following:<\/span>\n\nRewriteEngine On\nRewriteCond %{SERVER_PORT} <span class=\"hljs-number\">80<\/span>\nRewriteCond %{REQUEST_URI} folder\nRewriteRule ^(.*)$ https:<span class=\"hljs-comment\">\/\/www.yourdomain.com\/folder\/$1 &#91;R,L]<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-7\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<hr class=\"wp-block-separator\"\/>\n","protected":false},"excerpt":{"rendered":"<p>This is the best for www and for HTTPS, for proxy and no proxy users Example Code &#8211; 1 &#8211; Forcing the domain to serve securely using HTTPS (for any&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-22546","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/22546","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=22546"}],"version-history":[{"count":4,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/22546\/revisions"}],"predecessor-version":[{"id":28368,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/22546\/revisions\/28368"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=22546"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=22546"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=22546"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}