Hypertext Transfer Protocol Secure (HTTPS) is the secure version of HTTP (Hypertext Transfer Protocol).
HTTP is the protocol over which data is sent between a browser and a website or a web application. The “S” in HTTPS stands for SECURE. HTTPS encrypts all communications between a browser and a website.
Sometimes it’s necessary to make sure your website’s visitors use the SSL encrypted connection.
To force all your website visitors to use HTTPS insert the following lines of code in the .htaccess file in your website’s root folder.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]
Be sure to replace www.yoursite.com with your actual domain name.
To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website’s root folder:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^yoursite\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]
Make sure to replace yoursite.com with the domain name you’re trying force to https. Additionally, you need to replace www.example.com with your actual domain name.
If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://www.yoursite.com/folder/$1 [R,L]
Make sure you change the folder reference to the actual folder name. Then be sure to replace www.yoursite.com/folder with your actual domain name and folder you want to force the SSL on.
2 thoughts on - How to force HTTPS using the .htaccess file
That is what I’ve been looking for. Thanks
You’re welcome. I’m glad you found it helpful.