Apache has the best SSL/HTTPS support and can be controlled by the httpd.conf file or other HTTPD server configuration file. This htaccess tutorial has htaccess example code to make it easy to secure and use HTTPS and SSL with Apache.

Table of Contents

  1. Introduction
    1. htaccess Guide Sections

« Security with Apache htaccess | .htaccess Tutorial Index | » Apache Variable fun (mod_env)

  • Redirect non-https requests to https server
  • Rewrite non-https to HTTPS without mod_ssl!
    • Based on HTTPS variable (best)
    • Based on SERVER_PORT
  • Redirect everything served on port 80 to HTTPS URI
  • Redirect particular URLs to a secure version in an SSL SEO method
  • Check to see whether the HTTPS environment variable is set
  • Rewrite to SSL or NON-SSL using relative URL!

Redirect non-https requests to https server

Fixes double-login problem and guarantees that htpasswd basic authorization can only be entered using HTTPS.

NOTE: You will only find this method on this site and it is the most secure way to do this.

SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "askapache.com"
ErrorDocument 403 https://askapache.com

Rewrite non-https to HTTPS without mod_ssl!

NOTE:The HTTPS variable is always present,evenif mod_ssl isn't loaded!

Based on HTTPS variable (best)

RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Based on SERVER_PORT

RewriteCond %{SERVER_PORT} !^443$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Redirect everything served on port 80 to HTTPS URI

RewriteCond %{SERVER_PORT} ^80$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Redirect particular URLs to a secure version in an SSL SEO method

RewriteRule "^/normal/secure(/.*)" "https://%{HTTP_HOST}$1" [R=301,L]

Check to see whether the HTTPS environment variable is set

RewriteCond %{HTTPS} !=on
RewriteRule "^(/secure/.*)" "https://%{HTTP_HOST}$1" [R=301,L]

Rewrite to SSL or NON-SSL using relative URL!

This lets you use hyperlinks like this

/doc.html:SSL      --    > https://google.com/doc.html
/doc.html:NOSSL  --> http://google.com/doc.html

RewriteRule ^/(.*):SSL$   https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1 [R,L]

MORE: Apache SSL in htaccess examples and https/ssl forum

htaccess Guide Sections

  • htaccess tricks for Webmasters
  • HTTP Header control with htaccess
  • PHP on Apache tips and tricks
  • SEO Redirects without mod_rewrite
  • mod_rewrite examples, tips, and tricks
  • HTTP Caching and Site Speedups
  • Authentication on Apache
  • htaccess Security Tricks and Tips
  • SSL tips and examples
  • Variable Fun (mod_env) Section
  • .htaccess Security with MOD_SECURITY
  • SetEnvIf and SetEnvIfNoCase Examples

« Security with Apache htaccess | .htaccess Tutorial Index | » Apache Variable fun (mod_env)

htaccess HTTPS / SSL Tips, Tricks, and Hacks - AskApache

Charles Torvalds
10 Apr 2007

  • Site Map WireShark GNU Non-GNU Tor Project cURL TLDP - Documentation
  • Htaccess Files Hacking Htaccess Javascript Linux Optimization PHP Security Shell Scripting WordPress
  • Base64 Image Converter Raw HTTP Header Debugger Graphical ASCII Text Generator Mac Address Vendor Lookup Who Am I – Your IP Information Request Method Security Scanner .htpasswd file Generator Compress CSS DNS Tracer
Copyright © 2024 AskApache
  • Site Map
  • Htaccess Files
  • Hacking
  • Htaccess
  • Javascript
  • Linux
  • Optimization
  • PHP
  • Security
  • Shell Scripting
  • WordPress
  • Base64 Image Converter
  • Raw HTTP Header Debugger
  • Graphical ASCII Text Generator
  • Mac Address Vendor Lookup
  • Who Am I – Your IP Information
  • Request Method Security Scanner
  • .htpasswd file Generator
  • Compress CSS
  • DNS Tracer
Exit mobile version