How to force HTTPS with .htaccess

Security has become an important part of every website. Almost every website which you visit now has an SSL Certificate installed. We also have a detailed guide that can help you to install an SSL Certificate. However, installing an SSL Certificate alone on your website would not secure it. To make sure that your SSL Certificate is active you would have to force an HTTPS connection for your website. In this article, we will show you how to force HTTPS on your website using a .htaccess file.

Forwarding all Traffic to HTTPS

While most CMS, used to create a website, have the option to force HTTPS for your website with just one click. However, other websites require some additional configurations to the website to redirect the traffic to HTTPS. This is achieved using .htaccess and one of its many functions, the 301 redirects. To force all of the incoming to your website traffic to use HTTPS follow the steps below:

1. Go to the File Manager in your Hosting Control Panel
2. Create a .htaccess file if it does not exist
3. Open the .htaccess file and add the following code:
   RewriteEngine On
   RewriteCond %{HTTPS} off
   RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
4. Save the changes

Make sure that RewriteEngine On is not repeated twice. In case it exists, simply copy the rest of the code without it.

Forwarding to HTTPS for a Specific Domain

Forcing HTTPS for a specific domain would be used in cases where you have multiple domains that point to the same website. However, you want to force HTTPS only for one of the domains. If you would like to achieve that simply use the code below:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain.com [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure to replace yourdomain.com with the domain name for which you would like to force HTTPS.

Forwarding to HTTPS for a Specific Directory

Using .htaccess you can also force HTTPS for specific directories. However, the .htaccess file needs to be placed in the directory in which you would like to have the redirection enabled:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(folder1|folder2|folder3) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

In the above code, you should replace the folder with the name of the actual directory.

We also have a .htaccess Generator which you can use to generate a .htaccess file for blocking and forwarding traffic or for setting up custom error pages.