Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Force WWW and HTTPS with .htaccess

I have opted for a fixed IP and SSL certificate for our forum, and now I would like to have all access secured by SSL. There seem to be more ways to do it using .htaccess and the Apache rewrite engine. Since the SSL certificate is issued for the rewrite magic should take care of the www as well. The most reasonable that came up was:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.<DOMAIN>.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

but I also found rewrite rules using {REQUEST_URI} as well.

How would you solve that issue?

And is there any downside to force HTTPS for all access?


Sign In or Register to comment.