Force SSL/HTTPS with mod_rewrite [duplicate]

Asked 25/8, 2009 at 17:13 Answered 3/12, 2015 at 11:55

I have a Zend Framework application that I want to force into HTTPS using mod_rewrite. I am pretty lost when it comes to mod_rewrite. Here is my current .htaccess file in the root of my application.

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-s
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule !\.(html|htm|php|js|ico|gif|jpg|png|css|csv)$ /subdir/index.php

What is the best way to force the application into HTTPS based on what I have? I have tried a couple of the examples I found on here, but I keep getting redirect loops or internal server errors when I try them.

Thanks for your help!

Satyriasis answered 25/8, 2009 at 17:13 Comment(1)

Question has nothing to do with Zend Framework. Much mislead when you search for a zend solution on google. Should be renamed to "yet another mod_rewrite question" – Derwood 5/8, 2014 at 11:34

The following solution works for both proxied and unproxied servers. So if you are using CloudFlare, AWS Elastic Load Balancing, Heroku, OpenShift or any other Cloud/PaaS solution and you are experiencing redirect loops with normal HTTPS redirects, give it a try.

RewriteEngine On

# If we receive a forwarded http request from a proxy...
RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR]

# ...or just a plain old http request directly from the client
RewriteCond %{HTTP:X-Forwarded-Proto} =""
RewriteCond %{HTTPS} !=on

# Redirect to https version
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Put the rest of your rewrite rules here

Marvellamarvellous answered 3/12, 2015 at 11:55 Comment(9)

Definite +1 for this answer when using Cloudflare flexible SSL; all other solutions seem to create redirect loops – Kashmiri 8/12, 2015 at 15:56

Worked on a wordpress site where only the home page was forcing https while for other pages http was being allowed. Note : I had to put this code BEFORE the # BEGIN WordPress in .htaccess to get it to work. – Insurrectionary 11/10, 2017 at 4:42

This is what you need for AWS loadbalancer too – Kaylenekayley 1/3, 2018 at 19:16

I am using CloudFlare, and want to redirect WWW to NON-WWW and HTTP to HTTPS, any ideas? – Allspice 21/8, 2018 at 12:56

@Allspice You should probably create a new question for that and describe what you tried and the outcome of that. – Marvellamarvellous 21/8, 2018 at 19:53

@Marvellamarvellous Yes, the question is here: #51951582 – Allspice 22/8, 2018 at 3:31

@Marvellamarvellous Do you know why normal redirect would cause redirect loops? – Allspice 22/8, 2018 at 3:46

Can you amend it to redirect www to non-www too? – Allspice 23/8, 2018 at 16:10

Excellent, thanks. This worked for me and ties in with what I wanted to do in this question here Laravel 5.2 and His non-persistent App SetLocale. – Sodium 19/11, 2018 at 17:8

Put this rule before your current rules:

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Mukerji answered 25/8, 2009 at 18:17 Comment(1)

The Point to note here is "Put this rule before your current rules". Make this as the first rule. My site was having several redirect rules and making this rule as the first one did the trick. – Utopia 3/8, 2014 at 10:20

I was looking for this solution as well. I added Gumbo's solutions and it worked great for me. But my original was different. My site/app rewrite redirects everything through index.php (for fany urls and ../application) except for files you request specifically. (like an image or other static files in the public root) Here's my original, which I found off the ZF site a long time ago.

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]

Here's with Gumbo's additional rules to force SSL on the whole site. So far works good for me.

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]

Gogh answered 27/5, 2011 at 18:25 Comment(0)


RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^.*$ https://mydomain.com/\0 [L,QSA,R=301]

Isadora answered 25/8, 2009 at 17:25 Comment(0)

Recommended topics

Hot tags