HTTPS is a must requirement for the website and web applications as the internet community is starting to make the internet a secure place. Let’s review some of the options to make your domain, server, or individual web application secure with HTTPS protocols.
To start, you will need an SSL certificate for your website. An SSL certificate encrypts the data communication between website users and your hosting server. Some of the hosting server companies allow users to configure this out of the box using their admin system. For that, you need to follow their documentation. In this tutorial will discuss the options when you do not have access to the server or prefer to use an easy and quick way to force HTTPS using the '.htaccess' file.
How to force HTTPS on all traffic?
- Open your ‘.htaccess’ file using a code editor or your choice.
- If you don’t have a ‘.htaccess’ file, first create it.
- Go to the end of your .htaccess file and enter the following lines of codes.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.domain.com/$1 [L,R=301]
- Save the '.htaccess' file.
- Test the changes.
Explanation of the code:
RewriteEngline On => This checks if your server is configured to accept Rewrite Rules.
RewriteCond %{HTTPS} off => Checks if HTTPS is off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] => if True, this line takes action and redirects the request to HTTPS with 301 Redirect code.
How to force HTTPS with ‘www’ on all traffic?
- Open your ‘.htaccess’ file using a code editor or your choice.
- If you don’t have a ‘.htaccess’ file, first create it.
- Go to the end of your .htaccess file and enter the following lines of codes.
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.domain\.com$ [NC]
RewriteRule ^(.*)$ https://www.domain.com/$1 [L,R=301]
- Save the '.htaccess' file.
- Test the changes.
How to force HTTPS on a Specific Domain only?
If you have a multisite setup and hosted multiple domains (http://myPublicDomain.com, http://myAdminDomain/, http://myDevelopmentDomain.com/), and you only like to like to force HTTPS on a specific domain URL, let’s say http://myPublicDomain.com/. In this case, use the following lines of code for proper HTTPS redirection.
- Open your ‘.htaccess’ file using a code editor or your choice.
- If you don’t have a ‘.htaccess’ file, first create it.
- Go to the end of your .htaccess file and enter the following lines of codes.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^myPublicDomain\.com$ [NC]
RewriteCond %{HTTPS} off [OR]
RewriteRule ^(.*)$ https://www.domain.com/$1 [L,R=301]
- Save the '.htaccess' file.
- Test the changes.
How to force HTTPS on a Specific Folder or multiple Folders?
The ‘.htaccess’ file can also be used to force HTTPS for more variations and types. One example can be forcing the HTTPS on a specific folder. See the code below on how to force HTTPS to one or more folders.
- Open your ‘.htaccess’ file using a code editor or your choice.
- If you don’t have a ‘.htaccess’ file, first create it.
- Go to the end of your .htaccess file and enter the following lines of codes.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(myfolder1|myfolder2|myfolder3)$ https://www.domain.com/$1 [L,R=301]
- Save the '.htaccess' file.
- Test the changes.
The ‘.htaccess’ file is a powerful tool that developers use when they don’t have direct access to the server. Also, it is quick and specific to the setup, whereas the server configuration file change applies to the entire server and all hosted domains. The codes used in this tutorial are common and applicable to Apache & Nginx webservers.