Apache Redirect HTTP to HTTPS using mod_rewrite

Apache’s mod_rewrite makes it easy to require SSL to be used on your site and to gently redirect users who forget to add the https when typing the URL. Using Apache to redirect http to https will make sure that your site (or a part of it) will only be accessed by your customers using SSL.  This is better than using SSLRequireSSL because users often forget to type in the https and will be automatically redirected.

Before you can set up an Apache redirect from http to https, you will need to do the following:

  • Make sure your SSL certificate is successfully installed so you can access https://www.yoursite.com (for more information see our Apache SSL Installation instructions)
  • Make sure mod_rewrite is enabled in Apache

Now you just need to edit your httpd.conf file or the file where your virtual host is specified and add these lines to redirect http to https:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]

In many cases, you can also just add those lines to a file named .htaccess in the folder that you want to redirect http to https.

Now, when a visitor types http://www.yoursite.com/mypage.htm the server will automatically redirect http to https so that they go to https://www.yoursite.com/mypage.htm

Note: You can also redirect a single page from http to http in Apache by using this in your configuration file or .htaccess file:

RewriteEngine On
RewriteRule ^apache-redirect-http-to-https\.html$ https://www.yoursite.com/apache-redirect-http-to-https.html [R=301,L]

Originally posted on Sat Feb 20, 2010