Redirect to https

edvanleeuwen · Mar 19, 2017

I would like to follow Apache's recommendation for redirecting all traffic to https as described here: https://wiki.apache.org/httpd/RedirectSSL

Should we (all individually) change the template files to incorporate this or is there a better way to do this?

Richard G · Mar 19, 2017

What do you want to redirect? The DA login, or your website or everything including your customers websites?

edvanleeuwen · Mar 19, 2017

Primarily my websites.

Richard G · Mar 19, 2017

If it's not many sites you could also use .htaccess files.
Example .htaccess file:

Code:

RewriteEngine On

# Redirect alles naar https.
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# Redirect alles zonder www naar met www met https.
RewriteCond %{HTTP_HOST} ^yourdomain\.nl [NC]
RewriteRule ^(.*)$ https://www.yourdomain.nl/$1 [R=301,L]

Might be the second one is not needed, I've just got it in there to be sure.

wattie · Mar 20, 2017

Code:

#Make sure that we are https
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

#Send the HSTS header after we are already in HTTPS!
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS

Please read about HSTS before enabling it. You must be informed for what you are doing. Also note that the example have the "preload" option - you must register your domain at the preload site to make it work.

Additionally if you wish to have always www before the domain name, you can do this AFTER redirecting to https and after sending the HSTS header:

Code:

#If you are using wordpress, it's not needed, because WP is doing it
RewriteCond %{HTTP_HOST} ^(www\.)?YOURDOMAIN\.com [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.YOURDOMAIN.com/$1 [L,R=301]

BjornBorg · Mar 24, 2017

wattie said:
Code:

#Make sure that we are https RewriteCond %{HTTPS} off RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] #Send the HSTS header after we are already in HTTPS! Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS

Please read about HSTS before enabling it. You must be informed for what you are doing. Also note that the example have the "preload" option - you must register your domain at the preload site to make it work.

Additionally if you wish to have always www before the domain name, you can do this AFTER redirecting to https and after sending the HSTS header:

Code:

#If you are using wordpress, it's not needed, because WP is doing it RewriteCond %{HTTP_HOST} ^(www\.)?YOURDOMAIN\.com [NC] RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://www.YOURDOMAIN.com/$1 [L,R=301]

That was useful...Thanks for it

Redirect to https

edvanleeuwen

Verified User

Richard G

Verified User

edvanleeuwen

Verified User

Richard G

Verified User

wattie

Verified User

BjornBorg

Verified User