Force secure connection (SSL/HTTPS) using .htaccess and mod_rewrite

It recently came up where I wanted to force users visiting the IdleDev page to use a secure connection (https) domain wide (mostly for the development of Zero Day to ensure a secure connection is used at all times).

Unfortunately this was something that did not appear to be directly supported by my host. Luckily they do allow .htaccess and mod_rewrite, so from there it was easy.

By placing that text into your .htaccess file, and replacing “www.exampledomain.com” with your own domain, it will redirect the user to use an secure connection throughout the entire domain (essential for sending encrypted passwords, or any other data over the web that requires a secure connection).

It’s important to note that this method of redirect will give a 301 response (Moved Permanently) domain wide while still maintaining the structure that was originally typed in (eg. http://exampledomain.com/this/is/a/test will still redirect to https://exampledomain.com/this/is/a/test). You can also use .htaccess Redirect to just redirect specific files.

This example will only redirect index.php from the original domain to the new domain. This method will not maintain the domain structure so not as useful as the previous method in my opinion.

Leave a Reply