htaccess HTTPS / SSL Tips, Tricks, and Hacks

Apache has the best SSL/HTTPS support and can be controlled by the httpd.conf file or other HTTPD server configuration file. This htaccess tutorial has htaccess example code to make it easy to secure and use HTTPS and SSL with Apache.

| .htaccess Tutorial Index |

Redirect non-https requests to https server

Fixes double-login problem and guarantees that htpasswd basic authorization can only be entered using HTTPS.

NOTE: You will only find this method on this site and it is the most secure way to do this.

SSLOptions +StrictRequire
SSLRequire %{HTTP_HOST} eq ""
ErrorDocument 403

Rewrite non-https to HTTPS without mod_ssl!

NOTE:The HTTPS variable is always present,evenif mod_ssl isn't loaded!

Based on HTTPS variable (best)

RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]


RewriteCond %{SERVER_PORT} !^443$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Redirect everything served on port 80 to HTTPS URI

RewriteCond %{SERVER_PORT} ^80$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Redirect particular URLs to a secure version in an SSL SEO method

RewriteRule "^/normal/secure(/.*)" "https://%{HTTP_HOST}$1" [R=301,L]

Check to see whether the HTTPS environment variable is set

RewriteCond %{HTTPS} !=on
RewriteRule "^(/secure/.*)" "https://%{HTTP_HOST}$1" [R=301,L]

Rewrite to SSL or NON-SSL using relative URL!

This lets you use hyperlinks like this

/doc.html:SSL      --    >
/doc.html:NOSSL  -->
RewriteRule ^/(.*):SSL$   https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1 [R,L]

MORE: Apache SSL in htaccess examples and https/ssl forum

htaccess Guide Sections

| .htaccess Tutorial Index |