• Sales: 1-800-961-2888
  • Support: 1-800-961-4454

Feedback

Let us know what you think of our Knowledge Center!

Open Cloud Community

Learn about Rackspace products, ask questions, and share your knowledge in our Open Cloud Community.

How Do I Force SSL On My PHP Site?

  • Article ID: 622
  • Last updated on March 18, 2013
  • Authored by: Rackspace Support
  • (9 Comments)

Below are two samples of what you can use in a .htaccess to force SSL on your PHP site:

#Force SSL on entire site
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule ^(.*)$ https://(YOURDOMAIN)/$1 [R,L]


#Force SSL on a specific directory 
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule ^DIRNAME/(.*)$ https://YOURDOMAIN/DIRNAME/$1 [R,L]


© 2011-2013 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License


See license specifics and DISCLAIMER

9 Comments

However this did work (thanks to [kangry.com](http://kangry.com/topics/viewcomment.php?index=18577))

RewriteEngine On
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://domain/folder/$1 [R,L]
By Manuel Guzman on Jul. 30, 2012

Thanks Manuel. We'll take a look and see about updating the article.
By jered.heeschen on Jul. 30, 2012

Rackspace's suggested coding did not work for me either.

Manuel, your coding did work! Thanks for submitting...Rackspace, please update your article:)
By Shawn Borelli on Jul. 30, 2012

It did work for me...
By Dragan Rusnov on Aug. 10, 2012

I needed to prevent links to my whole site from using https, so I just changed the code slightly:

#No SSL on entire site
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:HTTPS} =on [NC]
RewriteRule ^(.*)$ https://(YOURDOMAIN)/$1 [R=301,L]
By Matthew Fries on Aug. 21, 2012

The following rule may be useful when forcing SSL on just a single URL.
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule ^page.php(.*)$ https://example.com/page.php [R,L]

For many more examples of rewrites, Apache's documentation is a good resource.

http://httpd.apache.org/docs/current/rewrite/
By Jesse C on Oct. 20, 2012

The above code:

#Force SSL on entire site
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule ^(.*)$ https://(YOURDOMAIN)/$1 [R,L]

Gives me a "Redirect Loop"
By Jeff Fletcher on Dec. 1, 2012

Do you have any other rewrite rules defined for the site, or any redirects built into any pages you might be hitting?
By jered.heeschen on Dec. 2, 2012



RewriteEngine On
RewriteBase /

#Force NON-SSL on a non-checkout directories
RewriteCond %{ENV:HTTPS} on [NC]
RewriteCond %{REQUEST_URI} !^/CHECKOUT/?.*$
RewriteRule ^(.*)$ http://www.example.com/$1 [R,L]

#Force SSL on a specific directory
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule ^CHECKOUT/(.*)$ https://www.example.com/CHECKOUT/$1 [R,L]
By Dan on May. 17, 2013

Add new comment