Forcing HTTPS Connectivity

Once you have an SSL certificate installed, it is good standard practice to make sure that all requests on your website use HTTPS. Our last post concerning mixed content covered one aspect of this. One other important element, which we’ll discuss here, is to force HTTP requests to use HTTPS instead. This way, if someone tries to visit your site via http://domain.com the request will be redirected to https://domain.com.

There are many different ways to accomplish this but if you’re using something like WordPress, for example, you might want to see if the functionality is built-in or if a plugin is available that could make this process easier. In this case, the Really Simple SSL plugin for WordPress is a great option and can even correct mixed content issues automatically.

Another common but easy way to handle this is by adding a simple mod_rewrite rule to your site’s .htaccess file. There are a lot of perfectly valid variations of these rules to get the desired result. A good generic option is:

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

With this particular rule, you don’t have to worry about changing a domain or anything else in it. It will simply rewrite the exact request from HTTP to HTTPS. A slightly different rule would be needed if you wanted to only redirect a certain domain or redirect to a specific domain. Another example is:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]

This rule uses a slightly different condition to determine if the original request was made via HTTPS by checking to see if the request was made via port 80, which is the standard HTTP port. As such, in standard configurations this will have the same result. It also rewrites the HTTP request to a specific domain instead of just rewriting it to the domain of the original request. This can be helpful if you have parked (alias) domains on an account but ultimately want all requests redirected to a single specific domain.

There are many other variations of these rules that can be used to meet other specific needs but these two cover the most common requirements. If you need any assistance with setting this up please feel free to submit a ticket and we’ll be happy to help.

Leave a Reply