Forcing SSL with your .htaccess file

Sometimes it's necessary to make sure your website's visitors use the SSL encrypted connection. 


Forcing visitors to use SSL can be accomplished through your .htaccess file using mod_rewrite.

To force all web traffic to use HTTPS insert the following lines of code in the .htaccess file in your website's root folder. 

Important:If you have existing code in your .htacess, add this above where there are already rules with a similar starting prefix.

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://example.com/$1 [R,L]

Be sure to replace example.com with your actual domain name.


To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website's root folder:

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://example.com/$1 [R,L]

Make sure to replace example\.com with the domain name you're trying force to https. Additionally, you need to replace example.com with your actual domain name.


If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} folder 
RewriteRule ^(.*)$ https://example.com/folder/$1 [R,L]

Make sure you change the folder reference to the actual folder name. Then be sure to replace example.com/folder with your actual domain name and folder you want to force the SSL on.

  • htacess, ssl, ssl cert
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How do I generate a CSR to install a 3rd Party SSL Certificate?

To generate a CSR you will need to login to your cPanel and click on SSL/TLS Manager in the...

How to debug insecure items on a webpage

To debug insecure items on a webpage, bring up the webpage in the Google Chrome browser.Right...