Need help adding code to .htaccess to force SSL / HTTPS


#1

I want this secure version of my website to load when someone goes to the unsecured site which has been indexed by Google.

The site is www.accesscontrolforum.com

I believe this is the code

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://accesscontrolforum.com/$1 [R=301,L]

Here is a link that I think answers my question just cant do it my self.

https://my.bluehost.com/hosting/help/599

I will pay a qualified person to do this. Thanks Brooks


#2

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

I like Porters and/or Dunkelweizen. :slight_smile:


#3

@zmetzing

Thanks for looking and amending this. There are several .htaccess files and I have no idea which one is it. I am willing to pay someone to do it.


#4

Note that this will pass the path/file portion of the URL, but not any CGI parameters (which would appear after the question mark). If you need that, more code would be needed to regurgitate that info in the URL.

Thus, a URL like this:
    http://www.somesite.com/path/path2/page.html

will resolve to:
    https://www.somesite.com/path/path2/page.html

but one with CGI parameters like this:
    http://www.somesite.com/path/path2/page.html?item=1234

will resolve to:
    https://www.somesite.com/path/path2/page.html

(dropping the parameters).
Looking at your site, I didn’t see any CGI parameters being used ,so you’re probably OK there.

Handling URL Fragments

URL fragments (the part after the “#”, used to direct someone to a specific area within a web page) do NOT get passed to the server, so URLs with fragments won’t get redirected to the specific content on the page. Your site DOES use these, however this is a minor issue unless someone shares a link to a specific comment on a page. For example:

    http://www.accesscontrolforum.com/forum/automatic-gates-overhead-doors/programming-a-multicode-wireless-keypad/msg54/#msg54

will be redirected to the TOP of the page
    https://www.accesscontrolforum.com/forum/automatic-gates-overhead-doors/programming-a-multicode-wireless-keypad/msg54

(without the #msg54 fragment)
Unfortunately, since the fragment isn’t passed to the server, the .htaccess can’t address this on rewrite.

Handling non-www to www, and Avoiding Double Redirects

FWIW, I would recommend explicitly handling the server name hardwired, so that you can also handle the non-www to www redirection (or if you prefer, the www to non-www redirection) as a single redirect. Then you can handle the secure non-www to secure redirection and avoid any double redirects.

#handle ALL non-secure redirections, with or without www. subdomain
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://www.mysite.com/$1 [R,L]

#if here, then HTTPS - handle secure, non-www requests
RewriteCond %{HTTP_HOST} ^mysite\.com$
RewriteRule ^(.*)$ https://www.mysite.com/$1 [R=permanent,L]

Note that the second rule can be written to generically handle ANY 2nd level domain, but readability suffers:

#if http_host has only one '.', must not be a www subdomain
rewritecond %{http_host} ^[^.]+\.[^.]+$ [nc]
rewriterule ^(.*)$ http://www.%{http_host}/$1 [r=301,nc]

Which htaccess to modify?

Note also that if there are multiple .htaccess files at different levely in the file heirarchy, they will ALL execute in descending order down the the file in which the page’s content exists. If you make these changes in the domain root (e.g. the topmost public_html, public, html, www, et al, folder where you home page is located), then this will execute for every page.

If your server setup also has a separate directory for secure pages (not always done this way, but often called “secure”), you’d need a separate .htaccess file there to handle the non-www to www redirection I am recommending.

If you get stuck, PM me and we can set up a screenshare to look at your configuration and figure it out.


#5

Thanks Hank! I’ll take a look at this. I’ll probably get someone to do it for me.

Thanks for all the info.