In this guide, we will walk you through the process of redirecting HTTP to HTTPS using the .htaccess file, the powerful configuration file for Apache servers. To successfully redirect HTTP to HTTPS using .htaccess, ensure your server has an SSL certificate installed. Without an SSL certificate, browsers will display a security warning to users, which can deter them from visiting your site.
Navigate to the document root of your domain and create a .htaccess
file. In this file, add the redirection code based on your specific requirements, referring to the relevant sections from the Table of Contents above.
How to Force All URLs to Use HTTPS?
To force redirect HTTP to HTTPS on all traffic using .htaccess
, you need to add the following rules to your .htaccess
file. This file is usually located in the root directory of your website. Open the .htaccess
file in a text editor and add the following code to it:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This code does the following:
RewriteEngine On
: Enables the runtime rewriting engine.RewriteCond %{HTTPS} off
: Checks if the HTTPS is off (i.e., the request is not secure).RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
: Redirects all HTTP requests to HTTPS. The R=301
flag specifies a permanent redirection.
How to Force Only a Specific URL to Use HTTPS?
To force redirect HTTP to HTTPS only a specific URL using .htaccess
, you can use the following code snippet. This snippet will redirect only the specified URL from HTTP to HTTPS. Open the .htaccess
file in a text editor and add the following code to it:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/your-specific-url$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Replace /your-specific-url$
with the path of the specific URL you want to force to HTTPS. For example, if you want to force http://www.yourwebsite.com/specific-page
to use HTTPS, you would replace /your-specific-url$
with /specific-page$
.
How to Force HTTPS on a Specific Folder?
To force redirect HTTP to HTTPS on all traffic within a specific folder using .htaccess
, you can use a similar approach to the one used for a specific URL, but instead, you target a directory. Open the .htaccess
file in a text editor and add the following code to it:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/your-folder/
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Replace /your-folder/
with the path to the folder you want to secure with HTTPS. Here make sure the .htaccess file is created and placed in the same folder you wish to set redirection rule.
How to Force HTTPS on a Subdomain?
To force HTTPS on a specific subdomain, such as subdomain.yourwebsite.com
, you can use the following code in your .htaccess
file. For that open the .htaccess file with a text editor and add the lines:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^subdomain.yourwebsite.com$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
For example, if your subdomain is blog
and your domain is example.com
, you would update the lines as follows:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^blog.example.com$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
By following this guide, you’ll successfully redirect HTTP to HTTPS using .htaccess, ensuring a secure and trustworthy experience for your users.
It’s crucial to test the redirection after configuring the .htaccess file to verify that it functions correctly. Additionally, regularly reviewing and updating the .htaccess file is recommended to adapt to any changes in your website structure or redirection requirements.
Also Read:
What Is .htaccess In WordPress?