American Butifarra » plugin http://claude.betancourt.us Claude Betancourt's Personal Blog Fri, 16 Dec 2011 02:43:25 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Force a URL to Use HTTPShttp://claude.betancourt.us/how-to-force-a-url-to-use-https/ http://claude.betancourt.us/how-to-force-a-url-to-use-https/#comments Sat, 28 Feb 2009 03:02:55 +0000 Claude http://claude.betancourt.us/?p=385 Continue reading ]]> Today I came across some old ColdFusion & Mach-II (1.0) code where a plugin was used to force HTTPS. I assume the original developer decided to go with this solution because the target environment was Windows and Internet Information Server.

The task becomes a lot easier under Apache. So I threw away the plugin code and added the following rule to the Apache configuration:

<directory "/public_html/mysite.com">
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{HTTP_HOST}/$1	[R,L]
</directory>

The directive above can be placed inside a VirtualHost or Directory directives, but this usually requires access to the Apache server configuration, which is not typically possible in a shared hosting environment — in that case, the rule can be added to the .htaccess file.

Alternatively we could have used the SSLRequireSSL Apache (2.x) directive, but this would only block access to the non HTTPS address. In our case we want to automatically redirect the users instead of displaying an error message.

]]> http://claude.betancourt.us/how-to-force-a-url-to-use-https/feed/ 2