How do I Force my Website to use SSL?
Table of Contents
What is htaccess ?
htaccess is a configuration file for use on web servers running the Apache Web Server software.
Forcing all website traffic to use HTTPS
Use the following code in your .htaccess file
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
Forcing a specific domain to use HTTPS
RewriteEngine On RewriteCond %{HTTP_HOST} ^abcd\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.xyz.com/$1 [R,L]
Common htaccess Rules
- Rewrite and Redirection
- Serve All Requests With One PHP File
- WordPress .htaccess for permalinks
- Force www
- Force www in a Generic Way
- Force non-www
- Force non-www in a Generic Way
- Force HTTPS
- Force HTTPS Behind a Proxy
- Force Trailing Slash
- Remove Trailing Slash
- Redirect a Single Page
- Alias a Single Directory
- Alias Paths To Script
- Redirect an Entire Site
- Alias “Clean” URLs
- Security
- Deny All Access
- Deny All Access Except Yours (Only allow certain IPs)
- Block IP Address
- Allow access only from LAN
- Deny Access To Certain User Agents (bots)
- Deny Access to Hidden Files and Directories
- Deny Access To Certain Files
- Deny Access to Backup and Source Files
- Disable Directory Browsing
- Enable Directory Listings
- Disable Listing Of Certain Filetypes (if Indexes is not disabled)
- Disable Image Hotlinking
- Redirect hotlinkers and show a different image
- Deny Access from certain referrers
- Password Protect a Directory
- Password Protect a File or Several Files
- Performance
- Miscellaneous
- Server Variables for mod_rewrite
- Set PHP Variables
- Custom Error Pages
- Redirect users to a maintenance page while you update
- Force Downloading
- Disable Showing Server Info (Server Signature)
- Prevent Downloading
- Allow Cross-Domain Fonts
- Auto UTF-8 Encode
- Set Server Timezone (to UTC, or other time zone)
- Switch to Another PHP Version
- Execute PHP with a different file extension