Where to put https redirect in htaccess

Question

I've just moved my site to https so I'm wanting to put a redirect into my htaccess so that anyone heading to http:// will be forced to https://.

However, I already have a snippet in my htaccess that's necessary for my site to work (the rewrite all other urls to index.php). When I remove this the redirect works, but my site won't direct to the other pages.

Here's my current htaccess-

Options -indexes

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

# Allow any files or directories that exist to be displayed directly

# Rewrite all other URLs to index.php/URL
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]  
</IfModule>

<IfModule !mod_rewrite.c>
ErrorDocument 404 index.php
</IfModule>

<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 week"
ExpiresByType image/png "access plus 1 week"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 week"
ExpiresByType text/css "access plus 1 week"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresByType application/pdf "access plus 1 year"
ExpiresByType audio/x-wav "access plus 1 year"
ExpiresByType audio/mpeg "access plus 1 year"
ExpiresByType video/mpeg "access plus 1 year"
ExpiresByType video/mp4 "access plus 1 month"
ExpiresByType video/quicktime "access plus 1 month"
ExpiresByType video/x-ms-wmv "access plus 1 year"
ExpiresByType application/x-shockwave-flash "access 1 year"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/x-javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
</IfModule>

<Files 403.shtml>
order allow,deny
allow from all
</Files>

Where and what do I need to include to force users to https instead of http without messing up the URLs?

score 1 · Answer 1 · answered Aug 23 '17 at 07:52

1

Try this:

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]

answered Aug 23 '17 at 07:52

Yupik

4,932
1
12
26

Thought it'd worked but hasn't. URLs are ok but https redirect still not working. – Kaye Huett Aug 23 '17 at 08:16

score 1 · Answer 2 · answered Aug 23 '17 at 07:52

As soon as you can. You want them to switch to the secure area as soon as you possibally can as that is the most safe option. The switch to https is going to redirect them (~reload), so the htaccess will be run twice anyway. Might as well make the frist run as minimal as possible.
Also, the switch to htaccess is for safety, the rest is just pretty. Safety > pretty.

In your case, before "# Rewrite all other URLs to index.php/URL"

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301, L]

# Rewrite all other URLs to index.php/URL
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]

Sadly not working. Causes an Internal Server Error. – Kaye Huett Aug 23 '17 at 08:15 — Kaye Huett, Aug 23 '17 at 08:15

Where to put https redirect in htaccess

2 Answers2