Loading ...Apache: Redirect http to https Apache secure connection - force HTTPS Connections
Let us say you have webmail sub-domain called http://mail.nixcraft.com and you would like to redirect it to https secure connection i.e. https://mail.nixcraft.com.
This will help you protect user privacy and sensitive information such as username and password remotely.
So how do you configure your Apache web server so that you prevent your web sites from being accessed without encryption?
Redirect http to https Apache Configuration
First make sure Apache is configured for HTTPS connection and necessary SSL certificates are installed.
No non-ssl access i.e. only accept https connections
Now open httpd.conf or .htaccess file (mod_rewrite not required):
# vi httpd.conf
Append following line :
Redirect permanent / https://mail.nixcraft.com/
Any request made to http://mail.nixcraft.com will goto https://mail.nixcraft.com/
Save and close the file. Restart the Apache:
# /etc/init.d/httpd restart
This is easiest way to ensure that your normal user never use plain text HTTP protocol to send data. Now this makes it much harder to sniff sensitive data.
Force webmail login over SSL https session
So if you want force users to access their webmail through https, add following configuration to .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Make sure you have something as follows in httpd.conf (mod_rewrite support):
LoadModule rewrite_module modules/mod_rewrite.so
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in other helpful articles:
- Apache becomes the Leader in SSL Servers
- Linux: Iptables # 11 How to Block or open http/web service
- Force apache webserver to listen on all addresses except one ip address
- nixCraft FAQ Roundup
- Extract and decompile .chm file to view as html file under Linux
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Hi,
We have an urls like http://mydomain.com. We need this url to secure. That is this url need to be change https://mydomain.com
Please let me know in case of any concerns.
Thanks,
Naresh
Add line as follows and restart httpd:
Redirect permanent / https://mydomain.comhi,
we need to redirect:
http://mydoamain.com/books to
https://mydoamain.com/books
kindly suggest for the same
does this work when i am using reverse proxy in apache 2? All I need to do is add in the virtual directory redirect permanent / https://1.1.1.1
Not working for me. In Firefox I get:
“Firefox has detected that the server is redirecting the request for this address in a way that will never complete.”
I can see the location in the browser change to “https://…” but it just throws me that error.
If i write the location directly it works fine.
Thanks for any advice.
You can’t do this in a virtual server that listens on both 80 and 443. It’ll redirect 80 (http) to the 443 (https) url, but then the https site will redirect back to itself if they’re both handled in the same virtual server block.
Yes you by using RewriteCond you can use them.
I had the same experience as Luis on 5/3/2007, running on a LAN. Interestingly, when I then remove / disable the line with an `#’ like in:
# Redirect permanent / https://ws530/
redirection takes place as originally desired (in this case w/o any site certifications). In fact, I do not know how to revert back to communicate via http:// …
What happened?
Wolfram,
I really don’t get you can you explain in details.
hi,
i got s SSL for “secure.myurl.ext” and want the anybody accessing secure.myurl.ext sees the content from “myurl.ext” which is my main site, but i don’t want to do a redirect and URL above should remain as “secure.myurl.ext”
so do i need to re-upload everything to my secure folder, or i need to do a mod_rerite trick.
thanks,
mohit
Hi there…
I just tried adding # to disable the line and redirection takes place pretty straight-forward
Strange… or this is a bug ?
sandi… did you restart apache when you disabled the line?
In my case, running the HTTPS on the same server as the HTTP, the mod_rewrite rules:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
In my webroot/.htaccess file are enough to redirect all http traffic to https.
capcha: iptable — could also use these to do the https redirection
Hi,
I have used rewrite in my httpd.conf, but it doesn’t work.
It shows this error :
HTTP Status 405 - HTTP method GET is not supported by this URL
How can I solve this problem?
thanks
my apache listens on 80,443 ports, when i added the line
Redirect permanent / https://mail.nixcraft.com/
the redirection does not work and i could not open the site!! any ideas?!
please note i used
Redirect permanent / https://mydomain
where is used my domain in Redirect permanent / https://mydomain/
my probelm is stil wif redirecting it to
http://wwww.abc.com/abc.php -> https://wwww.abc.com/abc.php
though the code gave the effect of redirection only the http://wwww.abc.com only…
what could i have done wrong, please advice
Where exactly within the httpd.conf file do you place the line ‘Redirect permanent / https: …’
Thanks for the help.
This way will never work. Instead go to the sites root directory. Open up .htaccess and add line
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/1 [R,L]
This should work