Home/ Questions/Q 146079
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T08:32:15+00:00

I am developing a number of forms which should only be accessed via https.

  • 0

I am developing a number of forms which should only be accessed via https. I have a dedicated server with its own cert and all the good stuff.

So my question is two-fold really:

1). What’s the best way to force every request to be https? Is there a better way than this .htacess/mod_rewrite rule:

RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

2). Are there any potential pitfalls or downside to forcing everything to be https that I should be thinking about (other than overhead, which wouldn’t seem to be an issue anyway)?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. What you have should be fine, this is what I use:

    RewriteCond %{HTTPS} !=on RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

    The R signifies it’s a redirect instead of a rewrite, and the L indicates that the rewrite engine should not perform any more rewrites.

    I originally found this here: Httpd Wiki

    Edit:

    I forgot to mention the SSLRequireSSL directive that forces all requests to be over HTTPS. Details can be found in the Apache Documentation.

    • 0