There are many ways to force SSL for your site depending on your content. The following tutorial shows one of the most common methods to force SSL by using mod_rewrite within your .htaccess file.
Insert the code given below into the .htaccess file in the root folder of your site to force all web traffic to use HTTPS [SSL]. It is important that you insert this above any pre-existing mod_rewrite code.
[alert] Note: Insert the code above any pre-existing mod_rewrite code.[/alert]
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
If you want to force only a specific domain to HTTPS use the following code. In addition, be sure to replace “example\.com” with your “actual domain” name. The backslash
[alert] Note: The backslash “\” before the period is important.[/alert]
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
If you force SSL using these .htaccess rules and you end up with an “endless redirection” or similar. It is quite likely your script/software is trying to re-direct back to non-ssl which is then being re-directed by .htaccess back to SSL. In this case, you will likely need to configure SSL usage within your script/software directly.
