Sometimes it's necessary to make sure your website’s visitors use the SSL encrypted connection. If you’re not familiar with SSL and would like to know more please review our article “What is SSL and Why is it important?” If you need assistance using the shared SSL that InMotion Hosting offers to shared hosting customers, please see our article on "forcing your visitors to use the shared ssl".

Forcing visitors to use SSL can be accomplished through your .htaccess file using mod_rewrite. If you’d like more information on mod_rewrite please read our article.

If you are using the Premium Website Builder and need to force your website traffic over SSL, please see the following article instead:
How to force your Premium Website Builder website over SSL

To force all web traffic to use HTTPS insert the following lines of code in the .htaccess file in your website’s root folder.

Important:If you have existing code in your .htacess, add this above where there are already rules with a similar starting prefix.

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

Be sure to replace www.yourdomain.com with your actual domain name.

To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website's root folder:

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

Make sure to replace example\.com with the domain name you're trying force to https. Additionally, you need to replace www.yourdomain.com with your actual domain name.

If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} folder 
RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]

Make sure you change the folder reference to the actual folder name. Then be sure to replace www.yourdomain.com/folder with your actual domain name and folder you want to force the SSL on.

If you need further assistance please feel free to ask a question on our support center website.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Support Center Login


Social Media Login

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
2013-05-03 8:16 am
What is difference b/t two :-
1). RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
2). RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R=301,L]
Staff
5,889 Points
2013-05-03 9:45 am
The 301 is a Permanent redirect and the other is not.

Best regards,
James R
2014-01-10 2:28 pm
What if you want to force SSL on a specific file or files - ie. https://www.yourdomain.com/folder/file.html
Staff
21,997 Points
2014-01-13 11:11 am
Hello rurede2day,

There are two ways to force SSL on a specific file. If using a php file, you can add code to the beginning of that particular file as below:
if (!isset($_SERVER['HTTPS']) || !$_SERVER['HTTPS']) { // if request is not secure, redirect to secure url
$url = 'https://' . $_SERVER['HTTP_HOST']
. $_SERVER['REQUEST_URI'];

header('Location: ' . $url);
exit;
}


Or you can use code in the .htaccess file that specifically addresses that file:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder/file.html
RewriteRule ^(.*)$ https://www.example.com/folder/file.html$1 [R,L]


The second is likely the easiest, especially if you are using html files and do not have it set to run php code.
Either of these should cause that specific file to run the https protocol.

Kindest Regards,
Scott M
2014-02-10 4:02 pm
Thanks Scott - It's redirecting use htaccess, but I'm getting a redirect loop error. This is on a Joomla site, could there conflicts with the default Joomla htaccess? Any suggestions.
Staff
10,644 Points
2014-02-13 9:01 am
Hello rurede2day,

This is because of Joomla's rewrites that are used to make "pretty URLs". Basically, it is redirecting but the content within Joomla is causing it to redirect back to the URL that was previously defined by Joomla.
n/a Points
2014-03-19 1:44 pm

I was wondering how to enforce non-SSL, our site used to be https, switched hosting to inmotion and dont need the secure connection anymore. We now have a bunch of external links from social media sites going to https://boostyoureco.org and being denied connection. It is a wordpress site and have tried many variations of .htaccess rewrite rules with no avail. I even tried https://wordpress.org/plugins/force-non-ssl/ but that did not work aswell.

The last try at the .htacess file:

# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteCond %{SERVER_PORT} 443 

RewriteRule ^(.*)$ http://www.boostyoureco.org/$1 [R,L]

RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

 

# END WordPress

 

Staff
21,997 Points
2014-03-19 4:55 pm
Hello MattH,

You may want to try and remove the following 3 lines from your WordPress section and place them above it.:
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ http://www.boostyoureco.org/$1 [R,L]
RewriteRule ^index\.php$ - [L]

Next, take the rewrite rules and combine them together like so:
RewriteRule ^(.*)$ http://www.boostyoureco.org/index\.php [R,L]

So before the Wordpress section, you should have the following lines:
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ http://www.boostyoureco.org/index\.php [R,L]

That should allow your site to process the link and force the standard version for anything coming in on the https port (443).

Kindest Regards,
Scott M
n/a Points
2014-04-14 10:00 pm

I'm not seeing in this thread, re: SSL and redirects, exactly what I'm needing to do for the .htaccess redirects I need.  I have a form in my Wordpress site that I want to make secure behind SSL.  It would be something like: https://www.mydomain.com/myform/

myform is a Wordpress page that contains a form.  This code below doesn't exactly do what I need and I'm hoping someone here can help me sort out what I'm doing wrong.

RewriteEngine On RewriteCond %{SERVER_PORT} 80RewriteRule ^(.*)$ https://www.mydomain.com/myform$1 [R,L]

Any clues to help me get this simple thing working?  I've never done SSL before so I am clueless.

Thank you!

Staff
10,644 Points
2014-04-15 9:12 am
You may easily redirect the form using something like the following:


RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^myform$ https://www.example.com/myform [R=301,L]

n/a Points
2014-04-16 5:22 pm

Hi Scott,

I am trying to force all non https traffric to use https. The problem that I am having is that the various page urls are dynamic and although my redirect work for the domain it seems to ingore everything after the .com portion of the url. Any thoughts on how to solve would be appreciated.

Thanks,

Rod

Staff
19,569 Points
2014-04-16 6:41 pm
Hello Rod,

Thanks for the question! If you need to force EVERYTHING to HTTPS, put this rewrite rule as your first rule. Remove any of the older rules that you may have added to make it do the same thing.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

The first condition checks to see if HTTPS is already being used and the second statement re-writes the URL to be HTTPS while maintaining the rest of the URL. Let us know if you have any further questions.

Regards,
Arnel C.
n/a Points
2014-08-08 2:39 pm

Hey guys,

I am trying to do two things here. I want to force non www. on all of my pages, but I also want to use SSL on the shoppig cart, payment and account pages. WHen I forced non www it removes the https on those pages.. How do I write this?

 

Thanks!

Staff
11,792 Points
2014-08-08 4:38 pm
Hello Gorilla,

Thank you for contacting us. Usually, the easiest way is to force SSL on the whole site without the www.

We are happy to assist you further, but will need some additional information.

Can you provide the full .htaccess rules you are using?

Are you using a CMS such as Wordpress, Joomla, Concrete5? What 3rd party addons/extensions are you using? This is important to know, since they often use their own rules.

If you have any further questions, feel free to post them below.
Thank you,

-John-Paul
n/a Points
2014-08-23 10:49 pm

The Http url dont seem to map to their http counterparts.

for example http://www.example.com/uk/cameras goes to https://www.example.com/uk

here uk being a sub domain (store).

The root folder has an htaccess file and so does the sub domain

I've tried using the fix listed here but it doesnt work, am i missing something.

 

Staff
10,644 Points
2014-08-25 10:54 am
The code example in this article should work perfectly, but your individual circumstances can cause issues. Could you clarify exactly how your site is built? Certain content management systems and carts can cause issues with redirects. Could you also provide me with what is in your .htaccess file?
n/a Points
2014-10-01 5:50 am

How does your SSL certificate look like? Is there a green bar? A lock? Just an "https" ?

Why is there only one option (US$ 100 per year)?

Thanks

Staff
21,997 Points
2014-10-01 9:28 am
Hello Julien,

As your question does not relate to forcing SSL via the htaccess file, it has been moved and created as a new question found here.
Questions about purchasing an SSL.

Whenever you have a question not related to the article topic, please create a new question so that others can find it more readily and help you.

Kindest Regards,
Scott M
n/a Points
2014-10-20 1:56 am

Hi,

I have been having problem with the force ssl issue in our Joomla website. All i did was to enable force ssl in the configuration.php. I tried this first in our server and it worked totally fine. I implemented it to the live server for this website and it just say that the "This webpage has a redirect loop". I only need to do the force ssl on the administrator page. I have tried different solutions that i have found on the internet but still got nowhere to fix this issue. I will be grateful if you guys could help me.

Thanks!

Staff
21,997 Points
2014-10-20 1:24 pm
Hello Jason,

When you are getting the 'redirect loop' error, it means that there are conflicting redirects in your htaccess file. You will want to check that and remove the one you do not want. This should allow your site to redirect properly.

Kindest Regards,
Scott M
n/a Points
2014-12-05 10:31 am

Hi, I have a wordpress site and I want to redirect to https all traffic beside the folder "files", I tried a lot of combinations, In wordpress settings I input https://www.mysite.com, I hope is correct. If I add this rule to .htaccess is all ok

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteCond %{REQUEST_URI} !^/files/? [NC]

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]

mysite.com became https://www.mysite.com

http://mysite.com became https://www.mysite.com

www.mysite.com became https://www.mysite.com

But www.mysite.com/anypage remain www.mysite.com/anypage

Staff
628 Points
2014-12-05 11:18 am
Hello Gigi Duru,

Below is a .htaccess code that should work for what you are looking for:

RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} ^/files
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Kindest Regards,
TJ Edens
n/a Points
2014-12-05 11:28 am

It's worst now

www.mysite.com remain www.mysite.com

www.mysite.com/anypage remain www.mysite.com/anypage

Staff
628 Points
2014-12-05 11:49 am
Hello Gigi Duru,

That is strange as it worked for mine, lets try this one:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/files
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Kindest Regards,
TJ Edens
n/a Points
2014-12-05 12:01 pm

This will fix only homepage but

www.mysite.com/anypage remain www.mysite.com/anypage

I found an alternative by installing Force SSL plugin in wordpress and leave "files" folder without .htaccess file

n/a Points
2014-12-06 11:21 am

Thank You very much it works for me Thank You

n/a Points
2014-12-08 5:44 am

Hello. Please help me. How to 

Force Load Static Files Using HTTPS?

Example

https://autorenta.by 

Links pages not working

Staff
19,569 Points
2014-12-08 11:46 am
Hello Lev,

Thanks for the question. As far as I can tell, the links are working on your URL. I couldn't find one that wasn't working. Please provide us more information on the URL that isn't working and we can look further into it. When you are referring to forcing the load of STATIC pages, it's generally in reference to caching. You may want to review the discussions in this forum post in regards to this issue.

I hope this helps to answer your question, please let us know if you require any further assistance.

Regards,
Arnel C.
n/a Points
2014-12-14 10:11 am

hi,

Someone to help me please. I have a website where I installed an SSL certificate So I want

When is accessed www.example.com or example.com >> it is redirected to https://example.com 

or if possible,

www.example.com or example.com goes to https://www.example.com

example.com >> https://www.example.com

 

Thank you very much for that.

Staff
21,997 Points
2014-12-15 11:47 am
Hello Yves,

Did you follow the instructions given above? If so, did you get stuck or receive an error of some sort? Please provide as much detail as possible so we can assist you.

Kindest Regards,
Scott M
n/a Points
2014-12-16 4:19 am

I added the following code on my .htaccess file:

RewriteEngine On

RewriteCond% {80} SERVER_PORT

RewriteRule ^ (. *) $ Https://www.yourdomain.com/$1 [R, L]

But nothing happens when accessing the website, the address remains in http and not https. But when I use the following code:

 

# Redirect all "not correct" domain to www with https

# (Is not significant if comes with or without https):

RewriteCond% {HTTP_HOST}! ^ Www.yourdomain.com $ [NC]

RewriteRule ^ (. *) $ Https://www.yourdomain.com/$1 [L, R = 301]

# Redirect all non-ssl to ssl.

RewriteCond% {HTTPS} off

RewriteRule ^ (. *) $ Https://www.yourdomain.com/$1 [R, L]

yourdomain.com and www.yourdomain.com addresses are forced to https // www.yourdomain.com only for Google Chrome, Internet Explorer, Opera Browser but for for Mozilla Firefox I have an error message:

"This connection is not certified

You have asked Firefox to connect securely to www.yourdomain.com, but we can not confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are at the right address. However, the identity of this site can not be verified. "

So I don't know how to fix the problem with FireFox. Thank you for your help

Staff
21,997 Points
2014-12-16 9:28 am
Hello Yves,

The error you are getting from Firefox looks to be the 'Untrusted Connection' message. This is normally when you are requesting secure connection to a site that does not have an SSL for that specific URL. Without knowing your domain name, I cannot test anything, but you will want to run an SSL test on the exact URL you are working with to ensure that it is set up correctly. You can do that with this SSL Checker.

Kindest Regards,
Scott M
n/a Points
2014-12-17 12:55 pm

Hello!

Although my question seems as question from "Yves", as I didn't understand well and as that question was not (right) replied yet, please let me know:When I use a rule to force "all web traffic to use HTTPS" as quoted in this article above, it means that both "www.example.com" and "example.com" (with and without www) are redirected to "https://example.com" if I write rule like this (following the example):

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://example.com/$1 [R,L]Many thanks!
Staff
19,569 Points
2014-12-17 1:38 pm
Hello Helio,

The code forces ALL website traffic to use the specified domain name. Yes, all non-www and URLs with WWW would be forced to use URL that you specify in the rule ("https://example.com" in the example). All website traffic, means any website.

I hope this helps to answer your question, please let us know if you require any further assistance.

Regards,
Arnel C.
n/a Points
2014-12-17 1:55 pm

Many thanks Arnel C. for your fast reply!

n/a Points
2014-12-30 5:18 pm

Hello,  I think this is simple but I can't get it to work:I want all https requests to be forwarded to the www site. For example:

https://example.com should go to https://www.example.com

ALSOall non-www http requests should go to the www site for example

http://example.com should go to http://www.example.com

can you help ?   I need this because my SSL is only on the www version of the site.

Staff
10,644 Points
2014-12-30 5:37 pm
To do so, your rewrite rules would look like this:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80 [OR]
RewriteCond %{HTTP_HOST} ^example.com.com [NC]
RewriteRule ^(.*)$ https://www.example.com.com/$1 [R,L]

n/a Points
2014-12-30 6:22 pm

I tried what you suggested but it redirects ALL requests to https.

Staff
10,644 Points
2014-12-30 6:33 pm
I may have misunderstood your question. The code above will indeed redirect all requests.

The following will redirect non-www to the www version and keep HTTP/HTTPS intact:

RewriteCond %{HTTP_HOST} ^www\.
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}$1

n/a Points
2015-01-15 4:56 pm

How can I force only 2 specific sites to use https on 20 site multisite setup (drupal 7)

I have tried:

#site 1

RewriteCond %{HTTP_HOST} ^example1\.com$ [NC]RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example1.com/$1 [L,R=301,NC]

#site 2

RewriteCond %{HTTP_HOST} ^example2\.com$ [NC]RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example2.com/$1 [L,R=301,NC]

 

But this is not working...I can still access them using http://www.example1.com

Staff
11,792 Points
2015-01-15 5:51 pm
Hello anakonda,

Thank you for your question about forcing https on a drupal multisite. I spent some time looking into this, and could not find a working example.

I did find a helpful article in the Official Drupal forums titled Multisite SSL Considerations. In that detailed article they explain in-depth some of the issues with using an SSL with multisites, and even state the following:
"If you are using SSL certificates, you are probably selling something online and will make some money. If you are using a cheap hosting account then you can afford to put each Web site on a separate hosting account with a unique IP address and a simple SSL certificate."

Then, you can Enable SSL in Drupal for each individual site.

You may benefit from posting your question in the Drupal Forums since it is frequented by Drupal developers.

I hope this helps,
John-Paul
n/a Points
2015-01-16 6:19 am

Hi johnpaulb-imhs1,

Thank you for your answer. 

I have anyway managed to install SSL certificates on 2 different domains on a Drupal  multisite setup. So that is not a problem, it can be done using virtual hosts blocks. 

So the only problem is related to htaccess file and how to tell only specific sites to redirect to https. I have only seen here instructions how to redirect all the sites to https but in my case I don't want to redirect all domains to https. Only certain domains 

So now I have: 

site1.comsite2.comsite3.comsite4.com 

Which are all using same single htaccess file. 

And site1.com and site2.com should be forced (redirected) to use https but other domains should not. So all the sites are using the same htaccess file because of drupal multisite setup. Anyway in this case Drupal multisite should not be the problem, only thing is how to write the script in htaccess, if it is even possible. 

 

Staff
19,569 Points
2015-01-16 1:01 pm
Hello Anakonda,

This can be accomplished in the .htaccess file using several rewrite rules. Check out 301 permanent re-directs via .htaccess for examples of how a rewrite can be used to change the URL. Basically, if you have a domain that needs to permanently go to a DIFFERENT URL, then you should use a re-direct rule. If you're trying to use the same URL and it simply needs to be changed to be something else like "https://example.com/site1 to http://example.com/site1", then you should use a re-write to change it to the URL that you want to use.

I hope this helps to answer your question, please let us know if you require any further assistance.

Regards,
Arnel C.

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

43 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!