HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Improve .htaccess to force https

Carlo_13Carlo_13
edited March 2017 in General Banter

Hi everyone.

I want to force https on my website.

This is the code I am using:

Original

If you modify this file then change the above line to: # Modified


RewriteEngine On
# Certain hosts may require the following line.
# If vanilla is in a subfolder then you need to specify it after the /.
# (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum)
# RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php\?p=$1 [QSA,L]

RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www.domain.com [NC]
RewriteRule (.*) https://www.domain.com/$1 [R=301,L]

So far, it works for:

domain.com => https

But it isn’t for :

www.domain.com => http

Any idea what am I doing wrong ?

Tks

Comments

  • LincLinc Detroit Admin

    There is a config setting called "ForceSSL" to do this instead of modifying your htaccess.

    Add this to your conf/config.php file:

    $Configuration['Garden']['ForceSSL'] = true;

  • Hi and tks for your reply.

    Well, I've already done that. No chance with me :(

  • RewriteCond %{HTTP_HOST} !^www.domain.com [NC] learn what this means and you have your answer.

    Hint: NOT match.

    grep is your friend.

  • why not use RewriteCond %{HTTPS} !=on ?

    grep is your friend.

  • @Linc said:
    There is a config setting called "ForceSSL" to do this instead of modifying your htaccess.

    Add this to your conf/config.php file:

    $Configuration['Garden']['ForceSSL'] = true;

    With the above setting if the browser is directed to http://example.com it will not come up as https. As you move around the site it stays with the non-secure protocol.

    I had to add these lines right after RewriteEngine On to get consistent results.

    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
    

    Thoughts?

Sign In or Register to comment.