Improve .htaccess to force https

Carlo_13

Hi everyone.

I want to force https on my website.

This is the code I am using:

Original

If you modify this file then change the above line to: # Modified

RewriteEngine On
# Certain hosts may require the following line.
# If vanilla is in a subfolder then you need to specify it after the /.
# (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum)
# RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php\?p=$1 [QSA,L]

RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www.domain.com [NC]
RewriteRule (.*) https://www.domain.com/$1 [R=301,L]

So far, it works for:

domain.com => https

But it isn’t for :

www.domain.com => http

Any idea what am I doing wrong ?

Tks

Linc

There is a config setting called "ForceSSL" to do this instead of modifying your htaccess.

Add this to your conf/config.php file:

$Configuration['Garden']['ForceSSL'] = true;

Carlo_13

Hi and tks for your reply.

Well, I've already done that. No chance with me

x00

RewriteCond %{HTTP_HOST} !^www.domain.com [NC] learn what this means and you have your answer.

Hint: NOT match.

x00

why not use RewriteCond %{HTTPS} !=on ?

dafriend

@Linc said:
There is a config setting called "ForceSSL" to do this instead of modifying your htaccess.

Add this to your conf/config.php file:

$Configuration['Garden']['ForceSSL'] = true;

With the above setting if the browser is directed to http://example.com it will not come up as https. As you move around the site it stays with the non-secure protocol.

I had to add these lines right after RewriteEngine On to get consistent results.

RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

Thoughts?