Forcing HTTPS over HTTP

Question

So I want to force the user to access the https version of my page rather than the http. And according to this post all I have to do is this:

RewriteEngine On 
R         


        

Answer 1

seems silly to "force ssl" till they fix the big gaping security hole it opens up in browsers in the name of "site verification" this has no real basis and there is potential for abuse by a rogue CA, rogue state, or corruption. (and the "verification" is useless anyway not being based on user wishes not anyone actually looking at the sites - there are plenty of phishing sites out there with "valid" certificates!)

there is way too much misinformation being bandied around about SSL

you get the same encryption with a self signed certificate but browsers tell users you site is "untrusted" (with of course no basis - "not checked" or "not verifiable" would be what any warning should actually say - warnings need to be informative not something that just scares users so much most of them just close them without even reading the rest of the warning!)

until this is fixed in browsers I cannot recommend the use of SSL at all in a web site context.

meanwhile all I can recommend to forget port 443 and implement your own encryption layer (or use something like ssh if it doesn't need to be a browser)