htaccess HTTPS / SSL Tips, Tricks, and Hacks
« Security with Apache htaccess TutorialApache Variable Fun in htaccess »
Apache has the best SSL/HTTPS support and can be controlled by the httpd.conf file or other HTTPD server configuration file. This htaccess tutorial has htaccess example code to make it easy to secure and use HTTPS and SSL with Apache.
« Security with Apache htaccess | .htaccess Tutorial Index | » Apache Variable fun (mod_env)
- Redirect non-https requests to https server
- Rewrite non-https to HTTPS without mod_ssl!
- Redirect everything served on port 80 to HTTPS URI
- Redirect particular URLs to a secure version in an SSL SEO method
- Check to see whether the HTTPS environment variable is set
- Rewrite to SSL or NON-SSL using relative URL!
Redirect non-https requests to https server
Fixes double-login problem and guarantees that htpasswd basic authorization can only be entered using HTTPS.
NOTE: You will only find this method on this site and it is the most secure way to do this.
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "askapache.com"
ErrorDocument 403 https://askapache.com
Rewrite non-https to HTTPS without mod_ssl!
NOTE:The HTTPS variable is always present,evenif mod_ssl isn’t loaded!
Based on HTTPS variable (best)
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Based on SERVER_PORT
RewriteCond %{SERVER_PORT} !^443$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Redirect everything served on port 80 to HTTPS URI
RewriteCond %{SERVER_PORT} ^80$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Redirect particular URLs to a secure version in an SSL SEO method
RewriteRule "^/normal/secure(/.*)" "https://%{HTTP_HOST}$1" [R=301,L]
Check to see whether the HTTPS environment variable is set
RewriteCond %{HTTPS} !=on
RewriteRule "^(/secure/.*)" "https://%{HTTP_HOST}$1" [R=301,L]
Rewrite to SSL or NON-SSL using relative URL!
This lets you use hyperlinks like this
/doc.html:SSL -- > https://google.com/doc.html /doc.html:NOSSL --> http://google.com/doc.html
RewriteRule ^/(.*):SSL$ https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1 [R,L]
MORE: Apache SSL in htaccess examples and https/ssl forum
htaccess Guide Sections
- htaccess tricks for Webmasters
- HTTP Header control with htaccess
- PHP on Apache tips and tricks
- SEO Redirects without mod_rewrite
- mod_rewrite examples, tips, and tricks
- HTTP Caching and Site Speedups
- Authentication on Apache
- htaccess Security Tricks and Tips
- SSL tips and examples
- Variable Fun (mod_env) Section
- .htaccess Security with MOD_SECURITY
- SetEnvIf and SetEnvIfNoCase Examples
« Security with Apache htaccess | .htaccess Tutorial Index | » Apache Variable fun (mod_env)
« Security with Apache htaccess Tutorial
Apache Variable Fun in htaccess »
Similar Reads
- Smart HTTP and HTTPS .htaccess Rewrite
- Mixed SSL Content Warning Secure Fixed
- PHP htaccess tips and tricks
- Troubleshooting Apache .htaccess Authentication
- Manipulating HTTP Headers with htaccess
- htaccess Tricks for Webmasters
- Apache HTTPD Google CSE
- SEO Redirects without mod_rewrite
- WordPress Plugin for Apache .htaccess Security
- Speed up your site with Caching and cache-control
- Apache HTTPD and Module API Versions
- Commonly Used htaccess Code
- Update: AskApache Password Protect Plugin
My Picks
- THE Mod_Rewrite Cheatsheet
- AskApache .bash_profile
- Elite Log Viewing
- THE Ultimate Htaccess
- Intense Windows Speed
- DNS: Round Robin Speed
- Fsockopen: Nuts
Related Articles
- Smart HTTP and HTTPS .htaccess Rewrit
- Mixed SSL Content Warning Secure Fixe
- PHP htaccess tips and tricks
- Troubleshooting Apache .htaccess Auth
- Manipulating HTTP Headers with htacce
- htaccess Tricks for Webmasters
- Apache HTTPD Google CSE
- SEO Redirects without mod_rewrite
- WordPress Plugin for Apache .htaccess
- Apache HTTPD and Module API Versions
- Commonly Used htaccess Code
Newest Posts
- Update: Best Free Online Banking
- Firefox Add-ons for Web Developers
- Optimizing Servers and Processes for Speed with ionice, nice, ulimit
Random
Donate
Please consider donating to support active development of the free software and articles here.
Good Causes
The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect. Tim Berners-Lee
Reader Comments
It's very simple - you read the protocol and write the code. -Bill Joy
HTML | DCMI | GRDDL | XOXO | XDMP | XFN | DOM | XML | XHTML 1.1 Strict | CSS 2.1 | W3C | TLDP | WAI | DISA | ICSI | GIAC | SANS RR | GHOST | DEFCON | NIST | DHS CYBER | NIST | .:: Phrack Magazine ::.
↑ TOPExcept where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. HTTPD based on NCSA HTTPd
thank you! The amount of times I’ve looked up .htaccess issues in Google and your site has come up with the answer – life saver.