Apache - Redirect HTTP to HTTPS

The following steps describe the configuration of Apache to have the website loaded completely over HTTPS. Please read our background infomation on Securing your complete website with SSL

Redirect via mod_alias

When you can edit the Apache vhost configuration directly, you can change the virtualhost configuration to contain the following line, to redirect all HTTP traffic to HTTPS.

 Redirect permanent "/" "https://www.example.com/"

Configuring HTTPS per website

An other method to redirect all URL's to HTTPS is making use of the mod_rewrite module in Apache. This module can be activated by adding the following line to your httpd.conf, if not there already:

LoadModule rewrite_module modules/mod_rewrite.so

After enabling the mod_rewrite module you should enable the possibility for an .htaccess file to overwrite you server configuration. This can be done by adding the line AllowOverride All to your virtualhost file. Often this already has been set in shared hosting environments:

<VirtualHost *:80>
<Directory /var/www/>
AllowOverride All
</Directory>
</VirtualHost>

Now the .htaccess file in the root directory of your website can be edited to have traffic redirected from HTTP to HTTPS. The content of the .htaccess file should contain the following lines to have Apache do this.

RewriteEngine on
RewriteCond %{HTTPS} off # meaning not being connected via https
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301]# redirect to https

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues

point up