Our Help Portal

Troubleshooting Support Articles
Searchable Help Information Repository
Self-Service Resources How-Tos
Technical Customer Walkthroughs   Browse All Knowledge ! ....

Get Prices Learn More

Breaking

HZMFR

Find Out Our Knowledge Base Portal Help Guide

Knowledge Base Portal Help
< All Topics
Print

Force your site to load securely code for a .htaccess

Posted6 January 2024
Updated6 January 2024
ByHZMFR
Views2

To force your site to load securely (over HTTPS), you can use the following .htaccess code. This code redirects all HTTP traffic to HTTPS:

apache
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

Explanation of the code:

  • RewriteEngine On: Enables the Apache mod_rewrite engine.
  • RewriteCond %{HTTPS} off: Checks if the current connection is not using HTTPS.
  • RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]: Redirects the request to the equivalent HTTPS URL. The [L] flag means this is the last rule, and the [R=301] flag specifies a 301 (permanent) redirect.

Place this code in the .htaccess file in the root directory of your website.

Important Notes:

  1. SSL/TLS Certificate:
    • Ensure that you have a valid SSL/TLS certificate installed on your server. Most hosting providers offer free SSL certificates through Let’s Encrypt.
  2. Testing:
    • After implementing the redirection, test your website thoroughly to make sure that all resources are loading securely.
  3. Backup:
    • Always make a backup of your .htaccess file before making changes to avoid accidental misconfigurations.
  4. Update Base URLs (if necessary):
    • If your website relies on absolute URLs, make sure to update any hardcoded HTTP URLs to HTTPS in your website’s code and configuration.
  5. Mixed Content Issues:
    • Check for mixed content issues, where some resources are still loaded over HTTP. This can lead to warnings in browsers. Ensure that all resources are loaded securely.
  6. HSTS Header (Optional):
    • For additional security, you may consider adding the HTTP Strict Transport Security (HSTS) header. This header informs browsers to always load your site over HTTPS. Add the following lines to your .htaccess file:

apache
Header always set Strict-Transport-Security “max-age=31536000” env=HTTPS

  • This should only be added after you’ve thoroughly tested your HTTPS setup.

By implementing this .htaccess code, you enforce the use of HTTPS on your site, contributing to a more secure browsing experience for your users.

Categories