Oct 2, 2014 by Johan

If you want to enforce your visitors to access your site over a secure connection only, you can redirect all requests that are not secure to the secure protocol. An easy to way to do this can be accomplished with a .htaccess file containing the following lines.

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

The first line tells Apache we are going to use mod_rewrite. The second line only matches if SSL is not active on this request. If that second line matches then the third line kicks in, which simply redirects the visitor to the SSL version of the requested page.