Menu
I am developing a number of forms which should only be accessed via https. I have a dedicated server with its own cert and all the good stuff.
So my question is two-fold really:
1). What's the best way to force every request to be https? Is there a better way than this .htacess/mod_rewrite rule:
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
2). Are there any potential pitfalls or downside to forcing everything to be https that I should be thinking about (other than overhead, which wouldn't seem to be an issue anyway)?
965
Why should you use Force HTTPS on your website? Using HTTPS instead of HTTP means that communications between your browser and a website is encrypted via the use of an SSL (Secure Socket Layer). Even if your website doesn't handle sensitive data, it's a good idea to make sure your website loads securely over HTTPS.
What you have should be fine, this is what I use:
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
The R signifies it's a redirect instead of a rewrite, and the L indicates that the rewrite engine should not perform any more rewrites.
I originally found this here: Httpd Wiki
Edit:
I forgot to mention the SSLRequireSSL directive that forces all requests to be over HTTPS. Details can be found in the Apache Documentation.
153
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
