force https protocol

Question

How do I enforce my website to use https:// in the entire site? My site was built using CodeIgniter, MySQL, & Apache on CentOS, can anyone please enlighten me.

EDIT:

I am using CodeIgniter, it has this .htaccess. as I mentioned on my comment below, I wanna do the reverse (forcing https on some parts of the website):

The .htaccess on my system:

Options -Indexes
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /

    #Removes access to the system folder by users.
    #Additionally this will allow you to create a System.php controller,
    #previously this would not have been possible.
    #'system' can be replaced if you have renamed your system folder.
    RewriteCond %{REQUEST_URI} ^system.*
    RewriteRule ^(.*)$ /index.php?/$1 [L]

    #When your application folder isn't in the system folder
    #This snippet prevents user access to the application folder
    #Submitted by: Fabdrol
    #Rename 'application' to your applications folder name.
    RewriteCond %{REQUEST_URI} ^application.*
    RewriteRule ^(.*)$ /index.php?/$1 [L]

    #Checks to see if the user is attempting to access a valid file,
    #such as an image or css document, if this isn't true it sends the
    #request to index.php
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>

<IfModule !mod_rewrite.c>
    # If we don't have mod_rewrite installed, all 404's
    # can be sent to index.php, and everything works as normal.
    # Submitted by: ElliotHaughin

    ErrorDocument 404 /index.php
</IfModule>

If I add what @Dale suggested:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond ^(login|register|userportal)
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

I get response 500. Any thoughts?

Answer 1

I've used this in the past, in a .htaccess file

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

There may be better implementations but it's always worked for me

If you want to remove the www part I've used this

RewriteCond %{HTTP_HOST} ^www\.(.+)
RewriteCond %{HTTPS}s/%1 ^(on(s)|offs)/(.+)
RewriteRule ^ http%2://%3%{REQUEST_URI} [L,R=301]

Here's the combined rule

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

RewriteCond %{HTTP_HOST} ^www\.(.+)
RewriteCond %{HTTPS}s/%1 ^(on(s)|offs)/(.+)
RewriteRule ^ http%2://%3%{REQUEST_URI} [L,R=301]

This deals with the protocol first and then removes the w's

Update:

To enforce https protocol for particular directories you could use something like

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond ^(login|register|userportal)
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

You would of course remove this (below) if you use the above

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}