How To Redirect HTTP To HTTPS Using .Htaccess?

Published August 27, 2024

Problem: Redirecting HTTP to HTTPS

Switching from HTTP to HTTPS improves website security. Redirecting all HTTP traffic to HTTPS can be tricky, especially when using an Apache server with .htaccess configuration.

Implementing HTTP to HTTPS Redirect in .htaccess

Prerequisites for HTTPS Redirection

Before setting up an HTTP to HTTPS redirect, make sure you have:

  • Installed an SSL certificate on your web server
  • Verified that your web server can handle HTTPS connections

Tip: Check SSL Certificate Expiration

Remember to check your SSL certificate's expiration date regularly. Set up reminders to renew it before it expires to avoid any interruption in your website's security.

Steps to Modify .htaccess

  1. Find the .htaccess file in your website's root directory. If it's not there, create one.

  2. Make a backup of your current .htaccess file to keep your existing configuration.

  3. Open the .htaccess file in a text editor and add these redirection rules:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

This code redirects all HTTP requests to HTTPS using a 301 (permanent) redirect.

Testing the Redirection

After making the changes:

  1. Clear your browser cache and try to access your website using HTTP. It should redirect to HTTPS.

  2. Use online redirect checker tools to confirm the redirection works on different browsers and devices.

Example: Using curl to Test Redirection

You can use the curl command in your terminal to test the redirection:

curl -I http://yourdomain.com

This will show you the HTTP headers, including the 301 redirect to the HTTPS version of your site.

Advanced .htaccess Configurations for HTTPS

Handling www and non-www Versions

When setting up HTTPS redirects, you may want to choose between www and non-www versions for your website's URL structure. Here's how to handle both cases:

Redirecting www to non-www:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

Redirecting non-www to www:

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

To combine www/non-www redirection with HTTPS:

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]

Replace "example.com" with your domain name.

Tip: Testing Redirects

After implementing redirects, test them using curl or an online redirect checker to make sure they work correctly. Use the -I flag with curl to see the HTTP headers:

curl -I http://www.example.com

This will show you the redirect status and location.

Redirecting Specific Pages or Directories

You can use .htaccess to redirect individual URLs or entire subdirectories to HTTPS.

Syntax for redirecting individual URLs:

Redirect 301 /old-page.html https://www.example.com/new-page.html

Redirecting entire subdirectories:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^subdirectory/(.*)$ https://%{HTTP_HOST}/subdirectory/$1 [R=301,L]

Replace "subdirectory" with the name of the directory you want to redirect.

These configurations allow you to adjust your HTTPS implementation and keep a consistent URL structure across your website.