In some cases you would want to have your site use SSL (https://) at all times you can do this by using:
1.) Using Htaccess/mod_rewrite. You only need to create a .htaccess file on your home directory and add the codes below:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
The above codes may not work on other Apache/php setup but i’m not sure what’s the exact configuration variable for that.
Anyway, here are my alternatives. Either of them is fine if you’re running http and https on standard ports (http=80, https=443), otherwise change the value to your custom http or https port. Change domain.com to your domain.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://domain.tld/$1 [R,L]
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://domain.tld/$1 [L,R]
</IfModule>
2.) PHP function. If your site use PHP you can redirect the url to SSL/https using this function:
<?php
function ForceHTTPS(){
if( $_SERVER['HTTPS'] != "on") {
//if( $_SERVER['SERVER_PORT'] == 80 ) { <<-- use this line if the above will not work.
$new_url = "https://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
header("Location: $new_url");
exit; }
}
?>
If you are using an application/script wherein you can enter the settings for site url (either from database or config file), it is better to use that settings.
Let me know if you run into issues, maybe i can help. 
9 responses so far ↓
1 marius // Mar 10, 2009 at 4:27 am
Gerold: it is a good policy to wrap such commands inside:
<IfModule mod_rewrite.c>...
</IfModule>
as this will prevent the htaccess rules to break the site completely if for some reason the module is not available or disabled.
2 teelah // Mar 12, 2009 at 9:43 am
thanks!!!!
I knew this was fairly simple to implement–for a personal site that is.
But all I could ever find thru google was complicated gargles of configs, financial costs, and other headaches. Guess I just wasn’t coming up with the right google query.
This was super easy! Took me 5 minute! thanks again…….
3 Mattias Berge // Mar 31, 2009 at 5:08 am
you could also use the RedirectPermanent inside a directive:
Servername secure.foobar.com
RedirectPermanent / https://secure.foobar.com/
4 gerold // Apr 1, 2009 at 6:29 pm
@Marius – thank you, i updated the post.
@Mattias – i agree, we can use this RedirectPermanent if we have access to Apache/virtualhost config. Thanks for the addition.
5 Bookmark: 301 (etc…) Redirect Cheatsheet - mod_rewrite, javascript, cfm, perl, php, refresh, python | Tech Space // Apr 13, 2009 at 9:00 am
[...] .Force url to use SSL/https Related Posts:.htaccess redirect guideClassic Blogger and PHP?Redirect stdout output elsewhere in a Java AppletRip page to new window in firefoxUbiquity for Mozilla web browser Share and Enjoy: [...]
6 Harry // Jun 9, 2009 at 2:20 pm
Hey Gerold ,
I am bit confused, do you mean i can have https url even i dont have SSL installed for my domain ? also what about the security issues ?
Sorry for being noob
Thanks
Harry.
7 gerold // Jun 9, 2009 at 5:30 pm
@Harry – it is assumed that SSL is installed on your domain – it could be dedicated, wildcard, shared, etc. What you mean by security issues?
8 harry // Aug 3, 2009 at 10:08 am
Thanks for your positive feedback Gerold, well, if we install dedicated certificate for our domain then I think there’s no need to set redirect for the urls.
9 Jeff // Jan 16, 2010 at 8:38 am
if( $_SERVER['HTTPS'] != “on”) {
causes “PHP Notice: Undefined index: HTTPS…” error.
I tried adding isset and !isset but it does not work. How can this resolved without altering my level of error reporting?
Leave a Comment