Apache HTTPS Redirect

There was a time a TLS certificate was quite expensive and most websites were only accessible unencrypted with HTTP. Nowadays basic domain validated TLS certificates are free and you have only to pay for “business certificates” with extended validation options. So there is no excuse for not supporting HTTPS any more!

Now lets benefit from better search engine rating (Google prefers TLS encrypted websites) and make the world more secure by redirecting all unencrypted HTTP to encrypted HTTPS traffic. Most servers like mine run the Apache HTTP Server which can do this very easy and very fast (compared to e.g. plugins for CMS). Create a file named .htaccess and place it in the root folder of your website (that’s where your top level index HTML file lives). The content of the file should look like this:

# Force HTTPS
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^www\.domain\.tld [NC]
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.domain.tld/$1 [R=permanent,L]
</IfModule>

If the file already exists, you can add the snippet above at the top of the file. You have to change the placeholder for the domain name to your domain name and you should take care of where to escape (RewriteCond) and where not to escape (RewriteRule) the dots of your domain name.

Stay secure