How to force http to https

This FAQ was last modified on: Monday, November 28, 2016 03:05pm
Category: 

If your website is hosted with OIT web hosting your website is most likely using our default SSL wildcard certificate. (You can read more about the default certificate here: https://faq.oit.gatech.edu/content/ssl-certificates-and-web-hosting-http-vs-https.) Regardless if you are using the default certificate, or one you purchased and installed, If you need to force the traffic from http to go to https, you can do that by using .htaccess.

NOTE (as suggested on SSL wild card certificate guidelines): you should always limit your SSL secured URLs to the non-www form.  And each website is different, you might need to update your .htaccess differently based on you website environment.

1) Here is an example of the code we have added to our GT Drupal Express site to force the traffic from http to https. 

#To redirect all traffic from http://s3.nan.oit.gatech.edu to https://s3.nan.oit.gatech.edu
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

 

2) Here is an example of how you can force all the traffic to go to https://(non-www)

  # To redirect all users to access the site WITHOUT the 'www.' prefix,
  # (http://www.example.com/... will be redirected to http://example.com/...)
  # uncomment the following:
   RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
   RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]

  #To redirect all traffic from http://s3.nan.oit.gatech.edu to https://s3.nan.oit.gatech.edu 
  RewriteCond %{HTTPS} off
  RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

The first section (red) is to redirect all traffic to non-www, and the second section is to force all traffic after to go to https://(non-www)

More Information: https://wiki.apache.org/httpd/RewriteHTTPToHTTPS

http://www.htaccessbasics.com/force-www-nonwww-domain/