Home / Blog / Post
Force Website To Http Or Https
Added on 29th April 2019 in Snippet

Why Redirect to HTTPS?

It is generally best practice to enable https on websites to prevent third parties intercepting communications between the website and the visitor, but even if https is enabled, its not forced enabling visitors to browse a website in a non protected manner.

To prevent this being an issue, we can make use of the ModRewrite within apache to detect if a website is using http rather than https and redrect to https.

Force HTTP to HTTPS

Just add the following to the .htaccess file

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

HTTPS to HTTP

You can also direct the other way, although this is not advised.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

-

Hi there, I am christopher shaw, a software developer form South Yorkshire, England.

I love tinkering with all things tech, and opened this website as a web presence for myself and a place to keep my notes and snippets. Hopefully you will find something here to help

Christopher Shaw