how do I force all traffic to https?

Question

I'm trying to use .htaccess to send all traffic to https. I'm using the example in this answer: Need to redirect all traffic to https

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

This isn't redirecting anything for me. I placed it in var/www but it doesn't seem to have any effect. What did I do wrong?

Answer 1

Try [R,L] at the end of the rewrite rule:

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

R redirects to the provided link, and L breaks the flow if condition is met. For reference you can see:

http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html

Answer 2

If that's the only rules you have in your htaccess file and it's in your document root then you need to check a few things because the rules are fine.

1. Make sure mod_rewrite is loaded. There should be a line in your httpd.conf file that looks something like:

   LoadModule rewrite_module modules/mod_rewrite.so
   

   Make sure it's uncommented.

2. Make sure the directory that your htaccess file is in (should be your document root) is allowed to override server settings via htaccess. In your vhost or server config, there should be something along the lines of

   <Directory "/var/www/">
       AllowOverride All
   
       ... (some other stuff)
   </Directory>
   

   Make sure the AllowOverride is at least FileInfo

3. Make sure your document root is actually where your htaccess file is in. Your vhost config should have a line like:

   DocumentRoot /var/www/
   

4. Make sure the document root is for the right vhost. If you have separate vhosts for SSL and non-SSL, make sure the htaccess file is in the document root for the non-SSL vhost.