Apache: Redirect http to https Apache secure connection – force HTTPS Connections

Let us say you have webmail sub-domain called http://mail.nixcraft.com and you would like to redirect it to https secure connection i.e. https://mail.nixcraft.com.

This will help you protect user privacy and sensitive information such as username and password remotely.

So how do you configure your Apache web server so that you prevent your web sites from being accessed without encryption?

Redirect http to https Apache Configuration

First make sure Apache is configured for HTTPS connection and necessary SSL certificates are installed.

No non-ssl access i.e. only accept https connections

Now open httpd.conf or .htaccess file (mod_rewrite not required):
# vi httpd.conf
Append following line :
Redirect permanent / https://mail.nixcraft.com/
Any request made to http://mail.nixcraft.com will goto https://mail.nixcraft.com/

Save and close the file. Restart the Apache:
# /etc/init.d/httpd restart

This is easiest way to ensure that your normal user never use plain text HTTP protocol to send data. Now this makes it much harder to sniff sensitive data.

Force webmail login over SSL https session

So if you want force users to access their webmail through https, add following configuration to .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Make sure you have something as follows in httpd.conf (mod_rewrite support):
LoadModule rewrite_module modules/mod_rewrite.so

🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
80 comments… add one
  • RM Nov 13, 2014 @ 15:49

    I have read all the way to the bottom. If the redirect permanent / https://whatev.hher.com does not work. Either delete or comment it out, in the same area add the

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

    I searched and tested for two days anthis worked.

  • srinivas rompala Aug 24, 2014 @ 6:09

    Ho to redirect to another default login page whne user clicks incomplete url…suppose if user types http://1.1.1.1/project/ then enter i want to redirect to http://1.1.1.1/project/login.html this is suppport for cluster environment in prodcution…

  • srinivas rompala Aug 24, 2014 @ 6:04

    Based on user clicks on language browser redirects to specific language….i18N support

    ServerName 10.95.55.11:80

    RewriteEngine on
    ## Rewriting url for ARabic support browser
    RewriteCond %{HTTP:Accept-Language} ^ar [NC]
    RewriteRule ^/ProjectName/$ http://10.95.55.11/ProjectName/employeeLogin.html?lang=ar [L,R=301]

    ## Rewriting url for EN english supports browser
    RewriteCond %{HTTP:Accept-Language} ^en [NC]
    RewriteRule ^/ProjectName/$ http://10.95.55.11/ProjectName/employeeLogin.html?lang=en [L,R=301]

  • Amit Desai Jan 31, 2014 @ 6:34

    I have enabled https and also able to navigate application using http and https without rewrite. Apache 2.2.24. but see a strange behavior.

    Receiving 400 bad request if passing http://hostname.com/webapp-name but works fine with http://hostname.com/webapp-name/ don’t know how / can help to redirect to https.

    Also, enabled the rewrite with following in httpd.conf but don’t see a difference.
    Also, http redirection is going improper. Please help me as today is my submission

    # Rewrite Engine
    RewriteEngine On
    # now the rewriting rules
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule .* https:///webapp-name [R,L]

    • srinivas rompala Aug 24, 2014 @ 6:07

      SetHandler weblogic-handler

      WebLogicHost 10.95.XX.XX
      #MatchExpression *.jsp
      #MatchExpression *.html
      Debug ALL
      DebugConfigInfo ON
      WLLogFile c:/weblogictemp/projectname.log
      WLTempDir c:/weblogictemp

      SetHandler weblogic-handler
      WebLogicPort 7003

      SetHandler weblogic-handler
      WebLogicPort 7005

  • vivek Dec 18, 2013 @ 4:53

    How to redirect https to http ?

  • it's_me Apr 23, 2013 @ 12:55

    Hi,
    I want to do some redirections like this:
    base-url.com -> base-url2.com (but only if no subdir is given)
    and
    base-url.com/any_subdir -> https://base-url.com/any_subdir
    and, if possible, this rulsets only within the site-config not within .htaccess, cause there are developers cleaning folders… this is driving me nuts…
    I can’t get it. Can anyone give me a hint, please?

    • it's_me Apr 24, 2013 @ 7:40

      Sorry, my initial description was to short.

      What I need to do is, to do two redirects on one base-url with two different conditions. First is to redirect a request with just the base-url (like _http://some_url.org) to _http://some_other_url.org .

      _http://some_url.org -> _http://some_other_url.org

      The second one is, if _http://some_url.org/some_subdir is requested it shoud be redirected to SSL of the same host _https://some_url.org/some_subdir .
      So in case 2 it should not be redirected to some_other_url.org .

      _http://some_url.org/some_subdir -> https_://some_url.org/some_subdir

      Both rewrites are not verry complex for its own, but I can’t get them working together.
      So my problem is, how do I have to set the RewriteCond (to be exact the regexp) to do the matching. The http->https overrules always.

      I did several experiments with RewriteCond, RewriteRule, RedirectMatch but I didn’t get it. Does anybody have an idea?

      Oh, btw this should be done by the vhost-config, not with .htaccess-files in document-folders. It’s a restriction I’m not responsible for 🙁 cause developers sometimes empty the doc-folders.

      Sorry, I had to do this _http because of this editor to not recognize this “URLs”.
      thanks a lot

      best regards, M.

      • it's_me Apr 25, 2013 @ 7:44

        >
        > RewriteRule ^/$ http://some_other_url.org [R=permanent,L,NS]
        >
        >
        >
        > RewriteCond %{HTTPS} !=on [NC]
        >
        > RewriteRule ^/(.*) https://some_url.org/$1 [R=permanent,L,NS]
        >

        PERFECT! Thanks a lot Jim.
        This exactly solves my Problem.

        btw. this solutuion is not from here, but I want to tell the answer 😉
        Best regards, M.

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.