Force HTTPS connections in an Apache server environment

May 8, 2018

To secure the entire site we need to redirect all the requests to HTTPS which are coming through HTTP or any other.

Redirect all connections over HTTPS

To redirect all the requests over SSL we need to add the below RewriteCond in Apache configuration file /etc/httpd/conf/httpd.conf

[root@dbappweb ~]# vi /etc/httpd/conf/httpd.conf

 

.
.
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [NC,R=301,L]
.
.

or

.
.
RewriteEngine on
ReWriteCond %{SERVER_PORT} 80
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [NC,R=301,L]
.
.

 

RewriteEngine on: This will enable the Rewrite capabilities
ReWriteCond %{SERVER_PORT} !^443$: This check makes sure that the connection is not already HTTPS, a connection made on ports other than 443 will not be an HTTPS connection.
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [NC,R=301,L]: This rule will redirect users from their original location to the same location but using HTTPS.
Example: Visitors trying to access http://www.dbappweb.com/category/apache/ will be redirected to https://www.dbappweb.com/category/apache/
ReWriteCond %{SERVER_PORT} 80: This check make sure that connection is not already HTTPS, port 80 indicates a non-secure HTTP connection.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.