How to redirect all HTTP requests to HTTPS

前端未结

关注

 26  2145

I\'m trying to redirect all insecure HTTP requests on my site (e.g. http://www.example.com) to HTTPS (https://www.example.com). I\'m using PHP btw.

相关标签:

26条回答

天涯浪人

2020-11-22 00:54
Add the following code to the .htaccess file:
```
Options +SymLinksIfOwnerMatch
RewriteEngine On
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^ https://[your domain name]%{REQUEST_URI} [R,L]
```
Where [your domain name] is your website's domain name.

You can also redirect specific folders off of your domain name by replacing the last line of the code above with:
```
RewriteRule ^ https://[your domain name]/[directory name]%{REQUEST_URI} [R,L]
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
别跟我提以往

2020-11-22 00:55
This is the proper method of redirecting HTTP to HTTPS using .htaccess according to GoDaddy.com. The first line of code is self-explanatory. The second line of code checks to see if HTTPS is off, and if so it redirects HTTP to HTTPS by running the third line of code, otherwise the third line of code is ignored.
```
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
```
https://www.godaddy.com/help/redirect-http-to-https-automatically-8828
0 讨论(0)
发布评论:

提交评论
- 加载中...
误落风尘

2020-11-22 00:56
I'd recommend with 301 redirect:
```
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
滥情空心

2020-11-22 00:56
Not only can you do this in your .htaccess file, you should be doing this period. You will also want to follow the steps here to get your site listed on the HSTS preload list after you implement this redirect so that any requests to the insecure http version of your website never make it past the user agent. Instead, the user agent checks the requested URI against a baked in list of https only websites and, if the requested URI is on that list, changes the protocol from http to https before transmitting the request to the server. Therefore, the insecure request never makes it out into the wild and never hits the server. Eventually when the internet changes over to https only the HSTS preload list will not be needed. Until then, every site should be using it.

In order to perform the redirect, we need to enable the rewrite engine and then redirect all traffic from the http port 80 to https.
```
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yourwebsite.tld/$1 [L,R=301]
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
我寻月下人不归

2020-11-22 00:57

A different edge to this problem is when a Load Balancer comes into play.

The situation is as follows: - Traffic from browser to Load Balancer, and back, is (should be) HTTPS - Traffic between Load Balancer and actual WebServer is HTTP.

So, all server request variables in PHP or Apache show that the connection is just HTTP. And the HTTP and HTTPS directories on the Server are the same.

The RewriteCondition in the approved answer does not work. It gives either a loop or it just doesn't work.

Question is: How to get this working on a Load Balancer.

(Or is the Load Balancer configured wrong. Which is what I'm hoping for because then I can move the problem over to the WebHosting company :-) )

0 讨论(0)
发布评论:

提交评论
- 加载中...
你的背包

2020-11-22 00:59
Update: Although this answer has been accepted a few years ago, note that its approach is now recommended against by the Apache documentation. Use a Redirect instead. See this answer.
```
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
```
0 讨论(0)
发布评论:

提交评论
- 加载中...