How to Force HTTPS using .htaccess
In the event that you introduced a SSL authentication for your space, your subsequent stage ought to be to design the application to serve all web traffic over HTTPS.
In contrast to HTTP, where solicitations and reactions are sent and returned in plaintext, HTTPS utilizes TLS/SSL to scramble the correspondence between the customer and the worker.
There are a few favorable circumstances of utilizing HTTPS over HTTP, for example,
- All the information is scrambled in the two ways. Subsequently, touchy data can't be perused whenever caught.
- Chrome, Firefox, and all other famous programs will check your site as protected.
- HTTPS permits you to utilize the HTTP/2 convention, which fundamentally improves the site execution.
- Google favors HTTPS sites. Your site will rank better whenever served by means of HTTPS.
The redirection can be set either on the application or worker level. This article discloses how to divert the HTTP traffic to HTTPS utilizing the .htaccess record.
In the event that you have SSH root admittance to the Linux worker where Apache runs, the favored path is to set up the redirection in the area's virtual host setup document. Else, you can arrange the redirection in the space's .htaccess record. Apache worker peruses the .htaccess document on each page demand, which eases back down the webserver.
Most control boards, for example, cPanel permits you to compel HTTPS redirection utilizing a graphical UI.
Redirect HTTP to HTTPS using .htaccess
.htaccess is a design record on a for every index reason for the Apache webserver. This document is utilized to characterize how Apache serves records from the registry where it is put and empower/handicap extra highlights.
By and large, the .htaccess record is situated in the space root registry, yet you can have other .htaccess documents in the subdirectories.
You can alter the .htaccess record (or make another one) either by means of SSH or FTP.
To divert the HTTP solicitations to HTTPS, open the .htaccess record, and include the accompanying code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Here is the thing that each line of code does:
- RewriteEngine On - Enables the Rewrite capacities and permits us to utilize modify rules.
- RewriteCond %{HTTPS} off - Checks if the association is of the HTTP demand type. At the point when the condition is met, the following line is executed. We just need to divert HTTP demands. In the event that you exclude this condition, you'll get a divert circle.
- RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] - Redirect all HTTP solicitations to HTTPS, with status code 301 (Moved Permanently). This standard will revise http://example.com/going to http://example.com/about or http://www.example.com/going to https://www.example.com/about
In the event that there are different standards in the record include the modify code at the head of the document.
That is it! In the wake of including these lines, spare the document and revive your program. All HTTP solicitations ought to be diverted to HTTPS.
When altering the .htaccess record, you don't have to restart the worker since Apache peruses the document on each solicitation.
Here is another, more nonexclusive standard to divert from HTTP to HTTPS:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
- HTTP_HOST is the hostname the guest demands while getting to the site. This variable speaks to your area name.
- REQUEST_URI is the URI that is utilized to get to the page.
Redirect HTTP to HTTPS and WWW to Non-WWW
Any site can be gotten to on two URLs: with the www prefix, (for example, www.example.com) and without www, (for example, example.com). Most site proprietors are picking one adaptation as a favored area and divert to it.
To divert from HTTP to HTTPS and from www to the non-www adaptation of your site, add the accompanying lines to the .htaccess record:
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]
Here we have two conditions. The first checks if the association isn't HTTPS, and the second checks whether the solicitation starts with www. On the off chance that one of the conditions is valid (the [OR] administrator), the rework rule is executed.
Redirect HTTP to HTTPS and Non-WWW to WWW
On the off chance that you favor the www form of your site utilize the accompanying standard to divert from HTTP to HTTPS and from non-www to the www
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
Conclusion
We have told you the best way to alter your .htaccess document to diverted all HTTP traffic to HTTPS.
On the off chance that you approach the Apache setup records, for better execution, you should constrain HTTPS by making a 301 divert in the area's virtual host.
On the off chance that you have any inquiries or criticism, don't hesitate to leave a remark.