You can redirect all traffic for your domain, or traffic for a particular directory to use SSL. To do this for the whole domain add the following to your .htaccess file, replacing example.com with your domain name:
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
To do this for a particular folder you can add this, substituting in your domain and directory name:
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule ^directory/(.*)$ https://example.com/directory/$1 [R,L]
Force HTTPS: When Behind a Load Balancer or Proxy (CloudFlare/Sucuri/etc.)
Sometimes you may be using a proxy, like a load balancer or a web firewall, like CloudFlare or Sucuri. These can be configured to use SSL on the front end, but not use SSL on the back end. To allow this to work correctly, you need to check not just for HTTPS in the request, but also if the proxy passed the original HTTPS request to the server using just HTTP. This following rule checks if the request was forwarded from HTTPS, and if so does not try to redirect an additional time.
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Comments
0 comments
Article is closed for comments.