How to redirect all HTTP requests to HTTPS

前端 未结 26 2178
小鲜肉
小鲜肉 2020-11-22 00:40

I\'m trying to redirect all insecure HTTP requests on my site (e.g. http://www.example.com) to HTTPS (https://www.example.com). I\'m using PHP btw.

相关标签:
26条回答
  • 2020-11-22 00:54

    Add the following code to the .htaccess file:

    Options +SymLinksIfOwnerMatch
    RewriteEngine On
    RewriteCond %{SERVER_PORT} !=443
    RewriteRule ^ https://[your domain name]%{REQUEST_URI} [R,L]
    

    Where [your domain name] is your website's domain name.

    You can also redirect specific folders off of your domain name by replacing the last line of the code above with:

    RewriteRule ^ https://[your domain name]/[directory name]%{REQUEST_URI} [R,L]
    
    0 讨论(0)
  • 2020-11-22 00:55

    This is the proper method of redirecting HTTP to HTTPS using .htaccess according to GoDaddy.com. The first line of code is self-explanatory. The second line of code checks to see if HTTPS is off, and if so it redirects HTTP to HTTPS by running the third line of code, otherwise the third line of code is ignored.

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    

    https://www.godaddy.com/help/redirect-http-to-https-automatically-8828

    0 讨论(0)
  • 2020-11-22 00:56

    I'd recommend with 301 redirect:

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    
    0 讨论(0)
  • 2020-11-22 00:56

    Not only can you do this in your .htaccess file, you should be doing this period. You will also want to follow the steps here to get your site listed on the HSTS preload list after you implement this redirect so that any requests to the insecure http version of your website never make it past the user agent. Instead, the user agent checks the requested URI against a baked in list of https only websites and, if the requested URI is on that list, changes the protocol from http to https before transmitting the request to the server. Therefore, the insecure request never makes it out into the wild and never hits the server. Eventually when the internet changes over to https only the HSTS preload list will not be needed. Until then, every site should be using it.

    In order to perform the redirect, we need to enable the rewrite engine and then redirect all traffic from the http port 80 to https.

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://yourwebsite.tld/$1 [L,R=301]
    
    0 讨论(0)
  • 2020-11-22 00:57

    A different edge to this problem is when a Load Balancer comes into play.

    The situation is as follows: - Traffic from browser to Load Balancer, and back, is (should be) HTTPS - Traffic between Load Balancer and actual WebServer is HTTP.

    So, all server request variables in PHP or Apache show that the connection is just HTTP. And the HTTP and HTTPS directories on the Server are the same.

    The RewriteCondition in the approved answer does not work. It gives either a loop or it just doesn't work.

    Question is: How to get this working on a Load Balancer.

    (Or is the Load Balancer configured wrong. Which is what I'm hoping for because then I can move the problem over to the WebHosting company :-) )

    0 讨论(0)
  • 2020-11-22 00:59

    Update: Although this answer has been accepted a few years ago, note that its approach is now recommended against by the Apache documentation. Use a Redirect instead. See this answer.


    RewriteEngine On
    RewriteCond %{HTTPS} !on
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    
    0 讨论(0)
提交回复
热议问题