Knowledge Base

How to redirect users to SSL-enabled connections

This article demonstrates how to redirect users to secure (https://) web site connections, even if they type a non-secure URL (http://) in their web browser. This article applies to Linux servers using Apache or Apache compatible web servers. For Windows servers see this article.

This article assumes that you already have a valid, functioning SSL certificate on your web site.

Redirecting users to SSL-enabled connections

You may want to ensure that visitors to your web site always use a secure connection. To do this, you can use Apache rewrite rules in a custom .htaccess file.

If you use the rewrite rules in an .htaccess file in the web site's root directory, all requests will be redirected to HTTPS connections. Alternatively, you can modify the rewrite rules in a specific directory's .htaccess file to limit redirection to files in that directory.

The following lines demonstrate how to redirect users from a non-secure URL (http://) to a secure URL (https://) using an .htaccess file. Replace with the domain name associated with your own SSL certificate:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*)$1 [R=301,L]