Let us say you have webmail sub-domain called http://mail.nixcraft.com and you would like to redirect it to https secure connection i.e. https://mail.nixcraft.com.
This will help you protect user privacy and sensitive information such as username and password remotely.
So how do you configure your Apache web server so that you prevent your web sites from being accessed without encryption?
Redirect http to https Apache Configuration
First make sure Apache is configured for HTTPS connection and necessary SSL certificates are installed.
No non-ssl access i.e. only accept https connections
Now open httpd.conf or .htaccess file (mod_rewrite not required):
# vi httpd.conf
Append following line :
Redirect permanent / https://mail.nixcraft.com/
Any request made to http://mail.nixcraft.com will goto https://mail.nixcraft.com/
Save and close the file. Restart the Apache:
# /etc/init.d/httpd restart
This is easiest way to ensure that your normal user never use plain text HTTP protocol to send data. Now this makes it much harder to sniff sensitive data.
Force webmail login over SSL https session
So if you want force users to access their webmail through https, add following configuration to .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Make sure you have something as follows in httpd.conf (mod_rewrite support):
LoadModule rewrite_module modules/mod_rewrite.so
- Email this to a friend
- Printable version
- Rss Feed
- Last Updated: May/18/2007
{ 34 comments… read them below or add one }
Hi,
We have an urls like http://mydomain.com. We need this url to secure. That is this url need to be change https://mydomain.com
Please let me know in case of any concerns.
Thanks,
Naresh
Add line as follows and restart httpd:
Redirect permanent / https://mydomain.comhi,
we need to redirect:
http://mydoamain.com/books to
https://mydoamain.com/books
kindly suggest for the same
does this work when i am using reverse proxy in apache 2? All I need to do is add in the virtual directory redirect permanent / https://1.1.1.1
Not working for me. In Firefox I get:
“Firefox has detected that the server is redirecting the request for this address in a way that will never complete.”
I can see the location in the browser change to “https://…” but it just throws me that error.
If i write the location directly it works fine.
Thanks for any advice.
You can’t do this in a virtual server that listens on both 80 and 443. It’ll redirect 80 (http) to the 443 (https) url, but then the https site will redirect back to itself if they’re both handled in the same virtual server block.
Yes you by using RewriteCond you can use them.
I had the same experience as Luis on 5/3/2007, running on a LAN. Interestingly, when I then remove / disable the line with an `#’ like in:
# Redirect permanent / https://ws530/
redirection takes place as originally desired (in this case w/o any site certifications). In fact, I do not know how to revert back to communicate via http:// …
What happened?
Wolfram,
I really don’t get you can you explain in details.
hi,
i got s SSL for “secure.myurl.ext” and want the anybody accessing secure.myurl.ext sees the content from “myurl.ext” which is my main site, but i don’t want to do a redirect and URL above should remain as “secure.myurl.ext”
so do i need to re-upload everything to my secure folder, or i need to do a mod_rerite trick.
thanks,
mohit
Hi there…
I just tried adding # to disable the line and redirection takes place pretty straight-forward
Strange… or this is a bug ?
sandi… did you restart apache when you disabled the line?
In my case, running the HTTPS on the same server as the HTTP, the mod_rewrite rules:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
In my webroot/.htaccess file are enough to redirect all http traffic to https.
capcha: iptable — could also use these to do the https redirection ;)
Hi,
I have used rewrite in my httpd.conf, but it doesn’t work.
It shows this error :
HTTP Status 405 – HTTP method GET is not supported by this URL
How can I solve this problem?
thanks
my apache listens on 80,443 ports, when i added the line
Redirect permanent / https://mail.nixcraft.com/
the redirection does not work and i could not open the site!! any ideas?!
please note i used
Redirect permanent / https://mydomain
where is used my domain in Redirect permanent / https://mydomain/
my probelm is stil wif redirecting it to
http://wwww.abc.com/abc.php -> https://wwww.abc.com/abc.php
though the code gave the effect of redirection only the http://wwww.abc.com only…
what could i have done wrong, please advice
Where exactly within the httpd.conf file do you place the line ‘Redirect permanent / https: …’
Thanks for the help.
This way will never work. Instead go to the sites root directory. Open up .htaccess and add line
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
This should work
if you want to remove redirect permanent, then hash the line where you have given redirect option.
then restart the server, restarting the httpd sometimes doesn’t work.
“if you want to remove redirect permanent, then hash the line where you have given redirect option.
then restart the server, restarting the httpd sometimes doesn’t work.”
My redirect is still active how do i fix this also i have my server running on port 5500 but this doesnt work /foo http://localhost:5500/bar why not?
Thanks. Your second piece of advice (using RewriteEngine) was exactly what I was looking for. We just put https on a site following concerns over passwords being transmitted in the clear and this solves that issue in one fell swoop.
I tried using this method for a server host site and everything works as it should except that the server statistics like load and uptime show as “Not Available”. These are the only two items that won’t show. Without the .htaccess file there, the server stats work fine from both http and https. I’m stumped.
Change your Virtual host to list on port 443 instead of port 80 and should redirect yopur site.
I want to redirect all the http request to https. This works fine.
But I would like to access 1 directory(/images) in http.
Redirect permanent / https://www.example.com/
Any pointers?
I have a vhost’s subdomain running with https: https://subdomain.domain.org
All requests should redirect to the unsecure variant: http://subdomain.domain.org
I cannot use .htaccess files cause both subdomains have their own directory (it’s a plesk installation). Can I configure it with a global/ permanent redirect?
Thanks a lot
Hello guys, recently i purchased rapidssl from sslgenie. I used to redirect all my requests of http://nodewire.net/any url to https://nodewire.net/any url just by modifying .htaccess. this seemed to work well with SSLGENIE cert. However, when i switched over to Rapidssl cert, this edit in .htaccess seemed to be a problem. So i had to remove the code in htaccess, now my site has https only when a user manually types it. Please tell me how to redirect all http requests to https by editing httpd.conf or .htaccess.
PS: Rapidssl has a server root certificate while sslgenie doesnt! though this might help a bit?? (dunno)
hi,
i’ve used
Redirect permanent / https://my.domain.com/
but then i get into loop.
I’m trying to avoid creating .htaccess file – is there any other way to fix this?
Freebsd 7.0; apache 2.2
using: apache2-mpm-prefork 2.2.9-10+lenny2 on Linux Debian
1.) I have been trying for days to get redirect/force to only https without success.
I too get loop error if I add the line to apache2.conf:
Redirect permanent / https://my.domain.com/
============
2.) I’ve also tried both .htaccess codes posted above creating a .htaccess and put it in webroot /var/www/.htaccess (I presently don’t use any .htaccess files)
“Internal Server Error <The server encountered an internal error or misconfiguration and was unable to complete your request…..”
pico /var/www/.htaccess
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
chmod 644 /etc/apache2/.htaccess
/etc/init.d/apache2 reload
============also tried:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://myurl.com/$1 [R,L]
same error
============
3.) Another place I read to add this line to apache2.conf:
LoadModule rewrite_module modules/mod_rewrite.so
Cannot load /etc/apache2/modules/mod_rewrite.so into server: /etc/apache2/modules/mod_rewrite.so: cannot open shared object file: No such file or directory
failed!
This prevented my apache from restarting as suspected as I can’t find in ‘any’ of the files the “LoadModule” line, period.
The only thing I could find that sounds related was this here:
/etc/apache2/mods-available/rewrite.load
so seems this module isn’t even loaded as it’s not in the /mods-enabled/ directory.
Please if anyone could help solve this that would be great!
Thank you for your time :D
Forgot to post this part as well:
4.) Also read to do this and get error:
pico /etc/apache2/sites-available/default
Was this:
ServerAdmin webmaster@localhost
DocumentRoot /var/www/
Changed to:
ServerAdmin webmaster@localhost
RewriteEngine on
RewriteRule ^/(.*) https://myurl.com/$1
DocumentRoot /var/www/
/etc/init.d/apache2 reload
Syntax error on line 3 of /etc/apache2/sites-enabled/000-default:
Invalid command ‘RewriteEngine’, perhaps misspelled or defined by a module not included in the server
configuration
failed!
I was able to get a HTTP to HTTPS redirect working.
I put the redirect permanent in httpd.conf, in the section for a specific NameVirtualHost listener:
<NameVirtualHost 122.123.124.1:80> ServerName mywebsite.com:80 ServerAlias http://www.mywebsite.com:80 ServerAlias 122.123.124.1:80 Redirect permanent / https://www.mywebsite.com/ </VirtualHost>- Matt H
- IntuitLabs.com
Awww… it removed the gt/lt symbols…. {VirtualHost 122.123.124.1:80} and {/VirtualHost} surround the command below the NameVirtualHost…
@Matt,
I’ve edited and escaped your configuration. The key is to put commands in config in pre / code tag.
HTH
hi, want to have http://secure.jigishthakar.com
and i am using shared hosting server.
can you please tell me how can i convert my site to secure
https://secure.jigishthakar.com
??
thanks