In some cases you would want to have your site use SSL (https://) at all times you can do this by using:
1.) Using Htaccess/mod_rewrite. You only need to create a .htaccess file on your home directory and add the codes below:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
The above codes may not work on other Apache/php setup but i’m not sure what’s the exact configuration variable for that.
Anyway, here are my alternatives. Either of them is fine if you’re running http and https on standard ports (http=80, https=443), otherwise change the value to your custom http or https port. Change domain.com to your domain.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://domain.tld/$1 [R,L]
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://domain.tld/$1 [L,R]
</IfModule>
2.) PHP function. If your site use PHP you can redirect the url to SSL/https using this function:
<?php
function ForceHTTPS(){
if( $_SERVER['HTTPS'] != "on") {
//if( $_SERVER['SERVER_PORT'] == 80 ) { <<-- use this line if the above will not work.
$new_url = "https://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
header("Location: $new_url");
exit; }
}
?>
If you are using an application/script wherein you can enter the settings for site url (either from database or config file), it is better to use that settings.
Let me know if you run into issues, maybe i can help. 
Gerold: it is a good policy to wrap such commands inside:
<IfModule mod_rewrite.c>...
</IfModule>
as this will prevent the htaccess rules to break the site completely if for some reason the module is not available or disabled.
thanks!!!!
I knew this was fairly simple to implement–for a personal site that is.
But all I could ever find thru google was complicated gargles of configs, financial costs, and other headaches. Guess I just wasn’t coming up with the right google query.
This was super easy! Took me 5 minute! thanks again…….
you could also use the RedirectPermanent inside a directive:
Servername secure.foobar.com
RedirectPermanent / https://secure.foobar.com/
@Marius – thank you, i updated the post.
@Mattias – i agree, we can use this RedirectPermanent if we have access to Apache/virtualhost config. Thanks for the addition.
Bookmark: 301 (etc…) Redirect Cheatsheet - mod_rewrite, javascript, cfm, perl, php, refresh, python | Tech Space // Apr 13, 2009 at 9:00 am
[...] .Force url to use SSL/https Related Posts:.htaccess redirect guideClassic Blogger and PHP?Redirect stdout output elsewhere in a Java AppletRip page to new window in firefoxUbiquity for Mozilla web browser Share and Enjoy: [...]
Hey Gerold ,
I am bit confused, do you mean i can have https url even i dont have SSL installed for my domain ? also what about the security issues ?
Sorry for being noob
Thanks
Harry.
@Harry – it is assumed that SSL is installed on your domain – it could be dedicated, wildcard, shared, etc. What you mean by security issues?
Thanks for your positive feedback Gerold, well, if we install dedicated certificate for our domain then I think there’s no need to set redirect for the urls.
if( $_SERVER['HTTPS'] != “on”) {
causes “PHP Notice: Undefined index: HTTPS…” error.
I tried adding isset and !isset but it does not work. How can this resolved without altering my level of error reporting?
Hi, could any of you great developers show us a way or make some code or add-ins(exstension) that force our local PC browsers like Firefox,Opera,Chrome and IE to use SSL/https on pages like Facebook where SSL/https is possible but not the default options.
I think there are some add-ins for Firefox and Chrome which is not the best options, but for Opera and IE I cant find anthing ???!!!
Thank you in advance