Apache — Redirect HTTP to HTTPS with an .htaccess File | Liquid Web
11 min read

Apache — redirect HTTP to HTTPS with an .htaccess file

Image Haritha Jacob
.htaccess Domain Management Hosting Other Best Practices Security Website Management Websites

In recent years, the staff in Liquid Web’s website hosting division has seen the importance of securing websites with HTTPS (Hypertext Transfer Protocol Secure) grow significantly due to more and more threats on the internet. There is no doubt that the use of HTTPS is a best practice.

Shop SSL certificates

This need is driven by the rising concern for online security and privacy. HTTPS encrypts data transmitted between a user’s web browser and the website’s server, ensuring that information remains protected from malicious actors.

As the internet evolves, users have become increasingly aware of the importance of HTTPS, and major web browsers now display warnings for websites that still use the less secure HTTP protocol. Additionally, search engines like Google have incorporated HTTPS as a ranking factor, giving preference to secure websites in search results to prioritize user safety and privacy.

Transitioning your website from HTTP to HTTPS involves obtaining an SSL (Secure Sockets Layer) certificate, setting up your server to support HTTPS, and ensuring that all web pages, resources, and links are served over the secure protocol. However, one critical aspect of this transition is implementing proper redirection from HTTP to HTTPS to guarantee a seamless web visitor experience and keep your search engine rankings.

Redirecting HTTP traffic to HTTPS can be achieved using various methods, but one of the most common and convenient approaches is using the administrative file named .htaccess file on Apache servers. The .htaccess file allows developers to control server behavior on a per-directory basis, making it an ideal tool for implementing URL redirects, rewriting rules, and other server configurations.

In this tutorial, we will set up a redirect of HTTP to HTTPS using the .htaccess file, providing detailed instructions, best practices, and troubleshooting tips to help you seamlessly transition your website to HTTPS while maintaining security, integrity, and user trust. Whether you’re a web developer, system administrator, or website owner, understanding how to leverage the power of the .htaccess file for HTTPS redirection is important for boosting the security and reliability of your online presence.

The main takeaways found in this post

Upon reading this article you will better understand the importance of following items:

  • Understanding what the .htaccess (hypertext access) file is used for on Apache web servers
  • A deep dive into the security benefits of redirecting HTTP to HTTPS
  • About choosing the .htaccess file for managing redirects
  • Implementing HTTP to HTTPS redirects on Apache
  • Handling subdomains and wildcard with regard to redirect setup
  • Ensuring compatibility with content delivery networks (CDNs) and load balancers
  • Monitoring, testing, and troubleshooting redirects of HTTP to HTTPS
  • Frequently asked questions regarding the use of the .htaccess file for redirects

Why redirect HTTP to HTTPS?

Before we dive into the implementation, let’s understand why it’s crucial to redirect HTTP traffic to HTTPS:

  • Security — HTTPS encrypts information sent between the user’s web browser and your web server, protecting it from eavesdropping and tampering.
  • Data integrity — HTTPS guards the integrity of the data by preventing unauthorized modification during transmission.
  • Trust and credibility — HTTPS reassures users that their interactions with the website are secure, fostering trust and credibility.
  • SEO benefits — search engines prioritize HTTPS websites in search results, leading to better visibility and rankings.

Understanding the .htaccess (hypertext access) file

The .htaccess (hypertext access) file is a configuration file used by Apache web servers to alter server behavior and settings on a per-directory basis. It allows developers to control various aspects of the server, including URL rewriting, access control, and redirection. In this tutorial, we will employ the .htaccess file to redirect HTTP to HTTPS.

Why choose .htaccess for redirects of HTTP to HTTPS?

The .htaccess file provides a convenient and flexible way to manage redirects at the server level without needing to modify individual web pages or scripts. This centralized approach simplifies the process of enforcing HTTPS across your entire website, regardless of the underlying content management system (CMS) or platform.

Additionally, using .htaccess allows for more granular control over redirection rules. You can specify specific conditions for redirection based on URL patterns, query parameters, or even user agents. This level of customization ensures that redirections are applied only when necessary, minimizing potential issues such as redirect loops or unintended redirects.

Enhance server security

Choose the right security add-on to harden your system

Protect your server

Implementing HTTP to HTTPS redirects

Follow the steps provided in the next sections to transfer incoming HTTP web traffic to HTTPS with the rules in your .htaccess file. If you are a Liquid Web customer, you may contact our team for further guidance.

Step #1. Check your SSL certificate installation

Before implementing the redirect, ensure your website has a valid SSL certificate installed. You can obtain SSL certificates from Certificate Authorities (CAs) like Let’s Encrypt and Comodo — or purchase them from other providers.

Step #2. Access the .htaccess file

The .htaccess file is found in your website’s root directory, where you can access it via an FTP client or a file manager provided by your web hosting control panel.

Step #3. Edit the .htaccess file

Use a text editor to access the .htaccess file and add the following lines of code:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Let’s break down what each line of code does:

  • RewriteEngine On — enables the Apache mod_rewrite module, which is required for URL rewriting.
  • RewriteCond %{HTTPS} off — checks if HTTPS is not already enabled.
  • RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] — redirects the URL to its HTTPS equivalent using a 301 (Permanent) redirect:
    • L — signifies that no further rules will be applied to this redirect instance.
    • %{HTTP_HOST} — represents the domain name
    • %{REQUEST_URI} —represents the requested URI.

Step #4. Save and upload the .htaccess file

Save the changes to the .htaccess file. Then, upload it to the root directory of your website with your FTP client or file manager.

Step #5. Test HTTP to HTTPS redirects

Once the .htaccess file is uploaded, test the redirect by visiting your website using HTTP (for example, the URL may look like http://example.com but contain your own domain). It will automatically take you to the URL’s HTTPS version (for example, https://example.com where your domain is used). Additionally, check for any mixed content warnings or errors that may arise due to unsecured resources being loaded over HTTPS.

Handling subdomains and wildcard with regard to redirects

When redirecting from HTTP to HTTPS, it’s essential to consider how subdomains are handled. By default, the .htaccess rules provided earlier will redirect all traffic, including subdomains, to the HTTPS version of the main domain. However, you may encounter scenarios where you want to handle subdomains differently.

To redirect only the main domain to HTTPS while preserving subdomains, you can modify the .htaccess rules as follows:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

In this modified rule, %{HTTP_HOST} is checked against the main domain (example.com), and the redirect is applied only if the request is for the main domain and not a subdomain.

For wildcard redirects that apply HTTPS redirection to all subdomains as well, you can use the following rule:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This rule will redirect all traffic, including subdomains, to the requested URL’s HTTPS version.

Ensuring compatibility with content delivery networks (CDNs) and load balancers

In some cases, websites may be served through content delivery networks (CDNs) or load balancers that sit in front of the web server. When implementing HTTP to HTTPS redirects, it’s essential to ensure compatibility with these intermediary services to avoid redirect loops or incorrect redirection.

If your website utilizes a CDN or load balancer, consult the documentation provided by your service provider for specific instructions on configuring HTTPS redirection. In many cases, these services offer built-in features or settings to handle redirects transparently without the need for .htaccess modifications.

Monitoring and testing redirects

After implementing HTTP to HTTPS redirects using the .htaccess file, it’s crucial to monitor your website’s performance and behavior to identify any issues that may arise. Regularly check for mixed content warnings, which indicate that some resources (scripts/images/stylesheets) are being loaded over HTTP still instead of HTTPS.

You can use developer or online tools like Why No Padlock to identify mixed content issues and address them accordingly. Additionally, periodically test your website’s HTTPS configuration using SSL/TLS testing tools to ensure that your SSL certificate is correctly configured and that your website scores well in terms of security and encryption strength.

Troubleshooting redirects

If the redirect doesn’t work as expected, here are a few troubleshooting steps:

  1. Check syntax — make sure that the syntax of the .htaccess rules is correct, including proper spacing and syntax.
  2. Server configuration — verify that the Apache server allows the use of .htaccess files and mod_rewrite module is enabled.
  3. SSL certificate — double-check that your SSL certificate is installed correctly and valid.
  4. Clear cache — clear your browser’s cache and try accessing the website again to rule out any cached redirects.

In the following section you can review the answers to some frequently asked questions (FAQs) related to redirecting HTTP to HTTPS using the .htaccess file.

FAQs for Apache — redirect HTTP to HTTPS with an .htaccess file

Redirecting from HTTP to HTTPS is crucial for enhancing website security and protecting user privacy. HTTPS encrypts data sent between the user’s web browser and the web server, preventing unauthorized access and ensuring data integrity.

The .htaccess file is an administrative and configuration file used by Apache servers to control server behavior on a per-directory basis. It allows developers to implement URL redirects, including redirecting HTTP traffic to HTTPS, by specifying rewrite rules and conditions.

If the redirection doesn’t work, double-check the syntax of the .htaccess rules to ensure they are correct. Additionally, verify that the Apache server allows the use of .htaccess files and that the mod_rewrite module is enabled. Clearing your browser cache and testing the redirection in different browsers can also help identify any issues.

Yes, you can specify specific URLs or directories to be redirected from HTTP to HTTPS by adding custom rewrite rules to the .htaccess file. This configuration allows for more granular control over redirections based on specific conditions or URL patterns.

After implementing HTTPS redirection, it’s crucial to ensure that all internal links, resources (such as images, scripts, and cascading stylesheets), and external references are updated to use the HTTPS protocol. If you don’t do so, it may result in insecure connections or mixed content warnings.

Implementing HTTPS redirection is beneficial for SEO, as search engines prioritize HTTPS-based URLs in search results. However, it’s essential to ensure proper implementation and address any mixed content issues to maintain or improve SEO rankings.

Yes, you can revert the HTTPS redirection by removing or modifying the redirection rules in the .htaccess file. Simply edit the file and remove the HTTPS redirection rules, then save and upload the updated .htaccess file to your server.

Secure your website — take the HTTPS leap today

Redirecting HTTP to HTTPS with an .htaccess file on Apache web servers is an essential step in protecting the security and integrity of your website. By following the step-by-step guide outlined above, Liquid Web customers can seamlessly transition their websites to HTTPS and provide their users with a secure browsing experience.

If you’re a Liquid Web customer looking to implement HTTPS redirection or need assistance with any aspect of web hosting, our team of experts is here to help. Visit our blog to read more security-related posts that include How to force HTTPS For your domain and numerous helpful articles for site admins. Scour our resources on securing your website with HTTPS — and explore our SSL certificate options to enhance your website’s security further.

Make the switch to HTTPS today and ensure your website is guarded against security threats and vulnerabilities. With Liquid Web’s reliable hosting solutions, which include VPS hosting, dedicated servers, and much more, you can trust that your website is in good hands.

Talk to our industry pros
Shop server protection plans
Shop all hosting plans

Related articles

Hosting 6 min read
PHP 7 vs PHP 8: A Comparison Kyle Johnson
Security 4 min read
Quick Guide to Best Practices for Data Backup Ronald Caldwell
Security 6 min read
VPS Performance Comparison: Liquid Web Outperforms the Competition Ronald Caldwell
Hosting insights 11 min read
A helpful guide to implementing HTTP security headers Haritha Jacob
Hosting 21 min read
What are the different types of web hosting? Ronald Caldwell
Hosting 10 min read
How does Apache Web Server work? An FAQ Liquid Web

Wait! Get exclusive hosting insights

Subscribe to our newsletter and stay ahead of the competition with expert advice from our hosting pros.

Loading form…