htaccess HTTPS / SSL Tips, Tricks, and Hacks

FREE THOUGHT · FREE SOFTWARE · FREE WORLD

HTTPS / SSL Apache Tips, .htaccess Tricks, and Server HacksApril 10th, 2007

« Security with Apache htaccess TutorialApache Variable Fun in htaccess »

Apache has the best SSL/HTTPS support and can be controlled by the httpd.conf file or other HTTPD server configuration file. This htaccess tutorial has htaccess example code to make it easy to secure and use HTTPS and SSL with Apache.

| .htaccess Tutorial Index |

Redirect non-https requests to https server

Fixes double-login problem and guarantees that htpasswd basic authorization can only be entered using HTTPS.

NOTE: You will only find this method on this site and it is the most secure way to do this.

SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "askapache.com"
ErrorDocument 403 https://askapache.com

Rewrite non-https to HTTPS without mod_ssl!

NOTE:The HTTPS variable is always present,evenif mod_ssl isn’t loaded!

Based on HTTPS variable (best)

RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Based on SERVER_PORT

RewriteCond %{SERVER_PORT} !^443$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Redirect everything served on port 80 to HTTPS URI

RewriteCond %{SERVER_PORT} ^80$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Redirect particular URLs to a secure version in an SSL SEO method

RewriteRule "^/normal/secure(/.*)" "https://%{HTTP_HOST}$1" [R=301,L]

Check to see whether the HTTPS environment variable is set

RewriteCond %{HTTPS} !=on
RewriteRule "^(/secure/.*)" "https://%{HTTP_HOST}$1" [R=301,L]

Rewrite to SSL or NON-SSL using relative URL!

This lets you use hyperlinks like this

/doc.html:SSL      --    > https://google.com/doc.html
/doc.html:NOSSL  --> http://google.com/doc.html

RewriteRule ^/(.*):SSL$   https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1 [R,L]

MORE: Apache SSL in htaccess examples and https/ssl forum

htaccess Guide Sections

| .htaccess Tutorial Index |

« Security with Apache htaccess TutorialApache Variable Fun in htaccess »

Reader Comments

  1. askapache.com commenter Jamie Souef says:
    12/03/2008 at 10:56 PM

    thank you! The amount of times I’ve looked up .htaccess issues in Google and your site has come up with the answer – life saver.

  2. HTTP Response and Request Header Manipulation using Apache .htaccess says:
    12/14/2007 at 11:02 AM

    [...] SSL tips and examples [...]

RSS feed for comments on this post.TrackBack URL

Add Your Opinion

Skip to Comments
293

It's very simple -
you read the protocol
and write the code.
-Bill Joy

HTML | DCMI | GRDDL | XOXO | XDMP | XFN | DOM | XML | XHTML 1.1 Strict | CSS 2.1 | W3C | WAI | DISA | ICSI | GIAC | SANS RR | GHOST

Authority: 110

↑ TOP

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed according to these terms. "Apache" is a trademark of The ASF.

Site Map | Contact Webmaster | Glossary | License and Disclaimer | Terms of Service