How to force a dedicated SSL using the .htaccess file Open


Sometimes it's necessary to make sure your website’s visitors use the SSL/TLS encrypted connection. If you’re not familiar with SSL/TLS and would like to know more please review our article “What is SSL and Why is it important?”

Forcing visitors to use SSL/TLS can be accomplished through your .htaccess file using mod_rewrite and will invoke HTTPS (HTTP Secure) protocol.

Important:If you have existing code in your .htacess, add this above where there are already rules with a similar starting prefix.

1) To force all web traffic to use HTTPS insert the following lines of code in the .htaccess file in your website’s root folder.
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$$1 [R,L]
Be sure to replace with your actual domain name.

2) To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website's root folder:
RewriteEngine On 
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$$1 [R,L]
Make sure to replace example\.com with the domain name you're trying force to https. Additionally, you need to replace with your actual domain name.

3) If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} folder 
RewriteRule ^(.*)$$1 [R,L]

Make sure you change the folder reference to the actual folder name. Then be sure to replace with your actual domain name and folder you want to force the SSL on.

When preparing for SSL, ensure that your site does not use absolute paths. For example, if you call an image called 'logo_full_animation.gif', then it should just be called with a relative path. This means in your code, you just have to place the part of the path from where the calling file is. If the image is in a folder named images, and your page is in the primary folder, then you only have to place '/images/site/company_logo/gif/logo_full_animation.gif' as opposed to ''. You can use to test and check that your site has installed and is using the SSL/TSL certificates correctly.
Posted 3 years agoby peter
#82903 viewsEdited 1 year ago

Please login to post an answer

Mon - Fri: 09:00-17:30 EAT
Weekends: Closed

Public Holidays: Closed

Uganda: +256-(0)392-733784
Uganda: +256-(0)414-533784
Rwanda: +250-(0)786-304817


Ours is a rich history providing holistic ICT support services; by designing, developing, implementing reliable and effective solutions, over the years we’ve learnt a thing or two about helping our customers getting IT right, the first time.

East Africa (Uganda, Rwanda, Kenya, Tanzania, Sudan) and DRC