Dec 12, 2016
Forcing HTTPS on Websites (.htaccess)
HTTPS Site Wide
So, I wanted to write up a quick tutorial on using HTTPS globally or on certain directories of a website.
I had a friend asking me about how they could force HTTPS throughout their whole website. So, I listed a tutorial below to do so and he was able to accomplish HTTPS site wide.
Now, there are multiple ways this can be achieved. In the case of my friend he was on a shared hosting web server. Therefore, shared webhosting users normally will not have access to modify the apache config files.
So that leaves us with a simple solution (htaccess) that all users can make use of fairly easily. All it required is a file edit or creation of a file and the ability to FTP or upload it to your web root directory.
What is an htaccess file?
htaccess is a configuration file for use on web servers running the Apache Web Server software. When a .htaccess file is placed in a directory which is in turn ‘loaded via the Apache Web Server’, then the .htaccess file is detected and executed by the Apache Web Server software. (http://www.htaccess-guide.com)
In other words, the .htaccess file allows you to rewrite certain rules and force certain restrictions without the need to directly modify the apache config file.
It’s a great way to segregate access for multiple users on a shared web server.
Editing the htaccess file
Now, before you make any chances you should ALWAYS check to see if the .htaccess file already exists. Many people will not check for the htaccess file and then overwrite the file by accident thinking it was never there. And, now all of their previous rules have been deleted.
If you already have an existing .htaccess file. Then, save a backup of it in case you need to revert back. And, make the following edit changes in the file itself rather than creating a new one.
A lot of people will make errors or mistakes and you want the ability to revert back right away if needed.
I have listed a simple code that can be used below for anyone else out there to use.
The following code will force https for your website.
RewriteEngine (htaccess) Code:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
**(please be sure to change example.com to your own URL)**
RewriteEngine (htaccess) Code (directory specific only):
In the case a web administrator wishes to secure a certain directory only.
The following code can be used:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R,L]
And, that’s it!!! You now will have https forced on your website.
In my text tutorial, I will talk more about how you can obtain a FREE Web Certificate to be sure users can browse your website securely.
My name is Harry Taheem
I am a Cyber Security Engineer.
My aim is to post things I learn or find interesting and allow others to hopefully gain some more insight. I also plan on posting general IT related issues, as I’d like 
Leave a Reply