How to redirect all HTTP requests to HTTPS

Question

I\'m trying to redirect all insecure HTTP requests on my site (e.g. http://www.example.com) to HTTPS (https://www.example.com). I\'m using PHP btw.

Answer 1

Do everything that is explained above for redirection. Just add "HTTP Strict Transport Security" to your header. This will avoid man in the middle attack.

Edit your apache configuration file (/etc/apache2/sites-enabled/website.conf and /etc/apache2/httpd.conf for example) and add the following to your VirtualHost:

# Optionally load the headers module:
LoadModule headers_module modules/mod_headers.so


    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security