Security is an http specification. File .htaccess - setting up redirections and managing web server configuration Blocking transitions from third-party resources

Htaccess is an Apache web server configuration file that allows you to control the operation of the web server and site settings using various parameters (directives) without changing the main web server configuration file.

RU-CENTER hosting currently uses the Apache web server version 2.4.

File Directives .htaccess are valid for the directory in which such a file is located and for all its subdirectories. If you wish using .htaccess change settings for the site as a whole, it should be placed in the root directory of the site ~/your_domain/docs.

Please be careful when editing the file .htaccess! When saving such a file in UTF-8 encoding, it should not contain BOM signatures. To edit a file .htaccess and other configuration files, we recommend using not Windows Notepad, but special text editors, for example Notepad++.

Examples of using the .htaccess file

1. Redirecting domains from a site synonym to the main domain with code 301

Redirect requests to domain.ru from any of the site’s synonyms

RewriteEngine On
RewriteCond %(HTTP_HOST) !^domain\.ru$
RewriteRule ^(.*)$ http://domain.ru/$1

Redirect requests to www.domain.ru from any of the site’s synonyms

RewriteEngine On
RewriteCond %(HTTP_HOST) !^www\.domain\.ru$
RewriteRule ^(.*)$ http://www.domain.ru/$1

2. Permanent redirect with code 301

If you have changed the site page address, add the following lines to .htaccess so that requests from the old address are redirected to the new one

Redirect 301 /page.html http://www.domain.ru/new_page.html

• page.html - address old page relative to the site root;
• www.domain.ru - site name;
• new_page.html - address of the page to which you want to redirect.

A similar rule will not work for redirecting from addresses containing a Query String (characters after?). For queries containing QUERY_STRING, you can use a combination of RewriteCond and RewriteRule.

For example, to redirect all requests to the /period/?test=123 page of your site to domain.ru, you can write:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %(QUERY_STRING) ^test=123$
RewriteRule ^period/$ http://domain.ru/

3. Overriding error pages

Using the .htaccess file you can set your error pages:

#401 Authorization failed
ErrorDocument 401 http://domain.ru/errors/401.html
#403 Access denied
ErrorDocument 403 http://domain.ru/errors/403.html
#404 Page not found
ErrorDocument 404 http://domain.ru/errors/404.html
#500 Internal server error
ErrorDocument 500 http://domain.ru/errors/500.html

The corresponding error page files (401.html, 404.html, etc.) must be placed in the ~/your_domain/docs/errors directory.

To ensure that if direct links to such pages are accidentally mentioned, they are not indexed in search engines ah, recommended:

a) write in the file ~/your_domain/docs/robots.txt

User-agent: *
Disallow: /errors

b) create a file ~/your_domain/docs/errors/.htaccess, in which write

Options -Indexes

4. Page-by-page redirection of requests to another domain with code 301

The following code will redirect all requests to pages on your site to similar pages on another site, for example, a request to http://domain.ru/main will be redirected to http://www.newdomain.ru/main:

Redirect 301 / http://www.newdomain.ru/

RewriteEngine On
RewriteRule ^(.*)$ http://newdomain.ru/$1

5. Restricting access to the site by IP

Deny access to the site from IP addresses 123.4.5.6 and 123.5.4.3

Order Allow, Deny
Allow from all
Deny from 123.4.5.6 123.5.4.3

Deny access to the site from all addresses except 123.4.5.6 and 123.5.4.3:

Order Deny,Allow
Deny from all
Allow from 123.4.5.6 123.5.4.3

Deny access to the site for everyone:

6. Override home page site (catalog index file)

Make menu.html file the main page:

DirectoryIndex menu.html

7. Turn on PHP processing in .html files

RemoveHandler.html.htm
AddType application/x-httpd-php .php .htm .html .phtml

If there is no main page (index file) in the folder, when accessing without specifying a specific file name in the request, a list of all files located in the directory will be given. To prevent the directory listing from being displayed, add to the file .htaccess line:

Options -Indexes

9. Enable execution of CGI scripts in the docs folder for files with extensions .cgi, .pl. .py

In the folder with CGI scripts you need to place a .htaccess file with the contents:

AddHandler cgi-script .cgi .pl .py
Options+ExecCGI

Attributes (permissions) can be changed using file manager control panel, using your or . Also in the section Web server → Module management The CGI module must be enabled.

10. Blocking transitions from third-party resources

To prohibit the transition from baddomain.ru to domain.ru, add to .htaccess following:

RewriteEngine on
RewriteCond %(HTTP_REFERER) baddomain\.ru
RewriteRule .* - [F]

If you need to prohibit transitions from several domains, then use the following directives

RewriteEngine on
RewriteCond %(HTTP_REFERER) baddomain\.ru
RewriteCond %(HTTP_REFERER) baddomain2\.ru
RewriteCond %(HTTP_REFERER) baddomain3\.ru
RewriteRule .* - [F]

11. Features of using Cyrillic domains (.РФ, .MOSCOW, etc.)

In file .htaccess The use of Cyrillic alphabet is not allowed. When creating redirection rules for Cyrillic domains, you must specify the domain name in punycode. You can find out the domain name in punycode using the service.

For example, to redirect site.ru to site.rf you need to use the following rule:

RewriteEngine on
RewriteCond %(HTTP_HOST) ^www\.site.ru
RewriteRule ^(.*)$ http://xn--80aswg.xn--p1ai/$1

In this case, your visitors can see exactly the punycode representation of the domain name in address bar browser. This is not an error.

12. Redirection from HTTP to HTTPS and back

Redirect requests to https://domain.ru

RewriteEngine on
RewriteCond %(ENV:HTTPS) !on
RewriteRule ^.*$ https://%(HTTP_HOST)%(REQUEST_URI)

Redirect requests to http://domain.ru

RewriteEngine on
RewriteCond %(ENV:HTTPS) on
RewriteRule ^.*$ http://%(HTTP_HOST)%(REQUEST_URI)

3. Diagnosis of errors

If after editing or posting .htaccess when accessing the site you received an error 500, then most likely in the file .htaccess a mistake was made. You can see its reasons in the log file /var/log/your_domain.error_log.

4. Additional documentation and examples

You can find detailed documentation on the website of the Apache web server developer:

Finding reliable and honest online casinos requires a lot of free time, especially when it comes to beginners. It is necessary to evaluate the transparency of the gaming club, online reputation, reviews of other users, payment speed and many other operational factors. To save players from such a fate, we have compiled casino rating , which have been thoroughly tested and confirmed their own honesty and good returns from slot machines.

Our rating of the best casinos

You no longer need to waste your personal time checking the reliability of the establishment. Experienced analysts specializing in gambling and spending dozens of hours in casinos every month conducted their own objective assessment of the work gaming clubs. They analyzed hundreds of establishments in order to ultimately offer users the best platforms available on the Internet.

The initial list of clubs was quite large, but during the analysis process, dubious and unreliable establishments were eliminated. For example, the presence of a fake license, lack of certificates for slots, substitution of a server in a slot machine and much more serve as a warning to experts. Even one factor that allows you to doubt the integrity of the casino is a reason for exclusion from the rating.

In addition to a superficial analysis of gaming platforms, information about establishments on the Internet is checked. Online reputation, reviews of current and former players, the presence of conflict situations, casino scandals and ways to solve problems from the creators are taken into account in the analysis. Particular attention is paid to young clubs with up to 1-2 years of experience.

How is the casino rating compiled and who gets there?

For creating rating licensed casinos We attract experienced gamblers and analysts with over 10 years of experience in the industry. Thanks to their knowledge, they can easily weed out fraudulent clubs and then conduct a thorough analysis of the remaining establishments. The result is a small list of reliable casinos where you can safely play without fear for the fairness of the results and payment of winnings.

• availability of a license from the gambling regulator and the chosen jurisdiction for registration;
• platform security, which guarantees the confidentiality of data and payment information;
• choosing licensed software from reliable providers whose work cannot be interfered with;
• availability of a Russian-language version for greater convenience for users from Russia and CIS countries;
• support service, including its work schedule, speed of responses, quality of problem solving;
• withdrawal of money without additional delays or verifications, as well as options for receiving money and the speed of processing transactions;
• bonus programs for new and regular users, the presence of tournaments, lotteries, periodic promotions;
• payment systems that affect the convenience of customers to replenish their accounts and withdraw winnings.

This is just a small list of current requirements that are assessed by experts. Each criterion receives its own coefficient of importance, which is taken into account when summing up the final result.

What is a licensed casino?

Casino rating , indicating the honesty and transparency of the gaming platforms, may consist exclusively of establishments with valid operating licenses. Legal clubs are required to be vetted by regulators and comply with all their rules in order to receive permission.

Just mentioning the presence of a license on the site is not enough. Experts understand that scammers can use logos to deceive naive users, so they independently analyze the information. To do this, go to the official website of the regulator and using the document number or name legal entity confirm the information. If there is no license information, then it is a fake.

Analysts also use technical analysis to check licensed software. Using developer tools, they gain access to information about the data server. If the casino uses the official portal of the software provider, then the software is honest and legal. This means that you cannot interfere with its work and tamper with the final results.

How is casino fairness determined?

It is quite difficult to independently assess the integrity of a gaming club, which is due to the amount of available resources and knowledge. Before including establishments inrating of honest casinos, analysts conduct a thorough check of many factors:

• regions from which players are accepted, since prohibited jurisdictions speak volumes;
• withdrawal limits limiting one-time transactions, as well as the daily, weekly and monthly amount of transactions;
• availability of information about KYC and AML, which indicates compliance with the requirements of legislation on the honesty and legality of the origin of money;
• a reputation confirming the honesty and reliability of the club’s work and the absence of high-profile scandals or problems;
• duration of work, allowing you to fully evaluate the history of the online resource, including all the advantages and disadvantages;
• the presence of a regulator and compliance with its rules, which increases the chances of fair operations.

License and regulator are quite important criteria, but this does not provide a 100% guarantee of honesty. Only clubs that allowed players to get big wins and jackpots, gave gifts for lotteries and tournaments, can count on such a title.

Types of slot machines

The number of slots, machines and other types of gambling entertainment says a lot about the establishment. Some clubs cooperate only with a few software providers, but receive popular and new game offers from them, while others are expanding their network of partnership agreements and inviting a huge number of brands to cooperate. The more machines are presented on the gaming platform, the easier it is for the client to choose the slot he likes.

But rating of licensed casinostakes into account not only the variety of games, but also their quality. Reliable gaming establishments use exclusively licensed software that has been tested for fairness and safety. Such machines allow you to count on returns of up to 98%, and you cannot interfere with their work and tweak the algorithm for generating results.

To be honest, all sites are aimed at making a profit. Even if one of the players wins the jackpot, the establishment remains in the black in the long run. But only honest clubs allow users to get a big jackpot and withdraw it to a real account. This is what distinguishes licensed online casinos from fraudulent projects.

Bonus policy

Create a casino rating impossible without taking into account the bonus policy. All gaming clubs use promotions and gifts to attract new and retain existing customers. But some establishments act quite cunningly, creating hidden conditions for wagering or accruals, setting unrealistic wagering conditions ranging from x60-100, which are almost impossible to fulfill.

The standard set of incentives consists of the following categories:

1. No deposit bonus for welcoming new clients - awarded for address confirmations Email and phone numbers. As a reward, they use free money or free spins on slot machines with a mandatory wagering requirement.
2. Registration gift - free spins or multipliers of the account replenishment amount by 1-5 deposits from the moment of creation personal profile. The exact bonus size and maximum limits are set individually by each club.
3. Loyalty program - various systems user statuses that affect the size of weekly cashback, the availability of personal terms of service, individual gifts, favorable exchange rates for domestic currency and much more.
4. Promotional codes are periodic promotions from gaming clubs that give out gift certificates for free spins, no deposits or account multipliers for everyone.

Russian speaking casinos

Composing rating of the best casinos 2020, the presence of the Russian language on the platform is taken into account. The Russian-language interface allows users from Russia, Belarus, Ukraine and CIS countries to easily understand registration, login, account replenishment and other features of the platform. This also confirms that the establishment is focused on Russian-speaking users, offering them unique bonuses and support.

The work of the support service is taken into account. Most gambling clubs provide assistance to clients exclusively on English language, which complicates the communication process. You need to use a translator or contact knowledgeable people to make a request and understand the support response. Therefore, the rating includes only those online clubs that advise clients in support chats and by phone in Russian.

The Russian-language interface in the casino will allow you to understand the user rules of the platform without additional effort, study bonus offers and the features of their accruals, wagering, and take part in tournaments and lotteries without any doubts about the correctness of the actions.

Casino with fast withdrawals

Particular attention is paid to the speed of payouts in online casinos. Some clubs offer withdrawal of funds to bank cards and electronic wallets within a few hours, and for VIP clients requests are processed instantly. Others use manual processing of applications on business days according to a special schedule, so payments may be delayed up to 1-3 business days from the date of application. To save users from long waits, we createdcasino rating with fast withdrawal.

It consists exclusively of those institutions that promptly consider all applications and do not create obstacles to receiving money. Not only the speed of transfers is taken into account, but also the absence of problems when requesting large payments or money transfers after winning the jackpot or big jackpot. Only honest establishments can guarantee the fairness of payments and the absence of problems with payments.

An analysis of available payment systems for deposits and requests for money is also carried out. Standard sites support a minimal number of methods, but progressive clubs constantly analyze trends to integrate new technical solutions.

Main payment systems in online casinos:

• bank cards MIR, MasterCard, Visa;
• electronic wallets QIWI, Yandex, Webmoney, Neteller, Skrill and others;
• mobile payments Beeline, MegaFon, MTS, TELE2;
• Russian Internet banking;
• popular cryptocurrencies, including Bitcoin, Ethereum, Litecoin.

User technical support service

An important factor that was taken into account in order to createrating of honest casinos- availability of customer support and the quality of its work. Reliable establishments care about their own client base, so they organize special telephone lines, as well as online chats to quickly answer user questions and solve their problems.

To analyze support, analysts used phone lines, live chats and email contacts. At different times of the day, site employees received various questions or requests to sort out technical problems. After this, the quality of their work was assessed, which included the following factors:

• speed of response;
• whether the consultant solves the problem and how long it takes;
• literacy of answers and availability of Russian-speaking support staff.

If the casino does not have Russian-speaking operators, we recommend using the online translator from Google to translate questions and answers from consultants.

conclusions

Before registering in an online club, you need to analyze the reliability and transparency of its work, as well as check its reputation and reviews online. Instead we suggest usingrating of honest casinos, compiled by experienced gamblers. Using their own experience, they rejected dozens of suspicious gaming clubs, leaving the best establishments of 2020 on the list.

Hello everyone, today we will look at how you can redirect users from an address from www to http. This procedure It's called a 301 redirect. This procedure is required for all sites, since the browser believes that www.site.ru and http://site.ru are different sites and the traffic to them will be unique for each. This is a problem, since it is better for your site to be promoted to the top on one domain at a time than to divide the traffic between two.

This redirection method is used:

• if the domain is no longer in use and you have switched to another Domain name
• if you need to redirect from www to http:// or vice versa

In order to redirect a site, we create a .htaccess file in the root folder of the site

This file must be opened as a regular text file or using a coding program. I open this file through the Sublime Text program.

Htaccess (HyperText Access) is a simple configuration file that allows designers, developers, and programmers to change the configuration of the Apache web server to implement additional functionality. Such functionality may include redirecting users, changing URLs, providing password protection for directories, and much more.

ATTENTION!!!

The .htaccess file should have 644 permissions and be loaded in ASCII mode. If your .htaccess file is not working, then you should refer to system administrator or technical support of your web hosting and make sure that its use is permitted for your account, since some hosting companies do not allow its use without prior permission, this mainly applies to free hosting. Also, unfortunately, .htaccess will not work on Windows servers.

We redirect the request to the site, from www to http://

Users who enter the site address from www will be redirected to the site from http://

RewriteEngine On RewriteCond %(HTTP_HOST) ^www.yourdomain.com RewriteRule ^(.*)$ http://yourdomain.com/$1

RewriteEngine– Turns the conversion mechanism on or off, that is, it allows the code to run.

RewriteCond– the conditions under which the code works are entered here; in our case, the domain from which the request will be redirected is entered.

RewriteRule– defines the rules that will work; in our case, the site to which the request will be redirected is indicated.

It turns out that…

RewriteCond- From which

RewriteRule- On which

For the opposite case, a similar code is written, only the addresses are swapped.

We redirect the request to the site, from http:// to www

RewriteEngine On RewriteCond %(HTTP_HOST) ^ http://yourdomain.com RewriteRule ^(.*)$ www.yourdomain.com/$1

HTML redirects play an important role for large-scale web projects. The ability to redirect traffic from one site to another helps to better manage visitor flows and perform resource restructuring.

With redirects, users can send messages with the same content on different domains without allowing them to be classified as duplicate content. In addition to this, domain redirects are in an effective way for search engine optimization.

Redirects are performed using .htaccess, PHP script, HTML meta tags and JavaScript.

Site domain redirection

Redirects are used to inform servers that a site's content has been moved from one URL to another. This must be done when the source web address ( incoming link target) occupies high positions in search engine results ( SERP). In this case, the redirect tells the search robot that the desired content has been moved, providing the user with a link to the new address.

Without such redirects, webmasters would be faced with a 404 error page instead of the site they were looking for. This is something that commercial resources are especially keen to avoid. Online stores offer an ever-changing range of products that are displayed on many pages. Once a product no longer sells, potential customers are redirected to a page with a similar product. This allows you to more effectively manage the flow of visitors, as well as reduce the bounce rate.

In addition, redirection allows the same content to be available at different web addresses. All alternative addresses are redirected towards the site's priority domain:

Types of redirects

There are client-side and server-side HTML meta redirects. In the case of server redirects, HTTP status codes are sent to user agents ( browsers and search robots).

When it comes to client-side redirects, things look different: they are executed without any response, and no status codes are sent. This is why not all systems support redirection. This can lead to situations where visitors remain on the original site and are not redirected to new page.

Such disadvantages make the use of server redirects more preferable. Therefore, client-side solutions should only be used when server-side domain redirection is not possible due to technical obstacles.

Server redirects

In most cases, server-side domain redirects are performed through a .htaccess configuration file or a PHP script. The advantage of these methods is that you can individually determine which HTTP status code should be displayed to the user agent. This allows webmasters to mark redirects as permanent or temporary.

Below are the actual HTTP status codes 301 and 302:

• redirect 301 HTML - moved permanently: the requested resource is now permanently available at the new URL. The old URL becomes invalid from now on;
• 302 – temporarily moved: the requested resource is available at a new URL. However, the original URL still remains relevant.

If the HTTP status code is not explicitly defined, the server sends a 302 status code during the redirect. This is not always necessary and is recommended to be entered manually required code state on each redirect, as this reduces the likelihood of an indexing error, such as in a URL hacking situation. Unlike a 301 redirect, a 302 status code tells search crawlers that the original URL should remain indexable. The redirect address intended for permanent operation competes with the address specified in the search engine index.

Redirection via .htaccess

Htaccess is a configuration file on the Apache server used to overwrite central configuration at the directory level. This file allows site administrators to make directory-specific settings for domains and their subdirectories. One of the functions of the .htaccess file includes server-side redirects of individual addresses to other URLs.

Once the .htaccess file with the following code is placed in the main directories, requests for the original domain are redirected by the server side to the domain www.example.com ‘ ‘:

Htaccess redirect to new domain redirect 301 / http://www.example.com/

The line of code begins with redirect 301 HTML and specifies the HTTP status code that will be sent by the server. The following is the path to the content that should be redirected. In this case, all content will be redirected. Finally, the target URL is redirected to the user agent URL: 'http://www.example.com'.

This method allows you to redirect individual files. The following code shows a redirect from one site to another:

.htaccess redirect from a subdirectory to another URL

Here's what a permanent redirect looks like on an Apache server with the mod_rewrite module active:

RewriteEngine On RewriteRule ^directory/example-document.html$ http://www.example.com/example.html

The first line of code activates the Apache server's mod_rewrite module using the 'RewriteEngine On' command. After this it is indicated “ RewriteRule" with the path to the redirection file and the destination address. The ^ and $ symbols indicate the beginning and end of the path, and L indicates the last rule for the corresponding query. R=301 forwards HTTP status 301.

When setting up a redirect using .htaccess, erroneous entries can seriously affect the operation of the site. Given that these changes take effect immediately after saving the .htaccess file, you need to carefully check the corresponding configurations.

Redirects with PHP

HTML redirect to another page can also be done by a PHP script ( for example in index.php). The following code displays a permanent redirect to the target URL 'www.example.com':

When passing a script through PHP, the HTTP status code is determined using the function " header" in the second line of code. In this example, a permanent 301 redirect should be performed. Given that server redirects are usually performed on a temporary basis, for a permanent redirect you need to explicitly specify the 301 status code. The redirection destination address is also specified in ‘ header‘.

In the example, the redirection occurs to ‘ http://www.example.com‘. Function ‘ exit‘ in the fourth line of code ends the script and prevents execution next line. For redirects to work through a PHP script, the code block must be located at the beginning of the HTML page. This prevents the server from passing the HTML content to the redirect page.

Client redirects

If performing redirection on the server side is not possible for technical reasons, then you can use a client-side solution. To do this, use the HTML meta tag " refresh" and JavaScript. The disadvantage of client-side redirection is that servers do not pass HTTP status codes to requesting browsers or crawlers.

Moreover, client-side redirects are not supported by all user agents, which means there is a risk that not all site visitors will be redirected.

Client-side HTML index redirects have a negative impact on the search index. With client-side 301 redirects, there is no explicit exclusion from indexing via an HTTP status code. This may lead to redirection of domains that compete with the destination domains when it comes to search queries related to the rating. Unlike server-side redirects, which remain invisible to users, client-side redirects are always accompanied by delays.

Redirecting with the HTML refresh meta tag

HTML redirects are implemented through meta tags with the ‘ attribute http-equiv’. This requires a simple HTML file and an appropriate head tag to create the redirect. In order for visitors to receive information about the redirect, a corresponding notification must be set in the HTML document: “ Please wait. You will be redirected...‘. A simple redirect using refresh looks like this:

The client will be offered a redirect to a new page via the http-equiv="refresh" meta tag. How this happens is defined in the ' attribute content’. The above example redirects users to the domain ‘ www.example.com‘ in ten seconds.

How to redirect all HTTP requests to HTTPS (14)

I'm trying to redirect all insecure HTTP requests to my site (eg http://www.example.com) to HTTPS (https://www.example.com). I'm using PHP by the way. Can I do this in .htaccess?

Add the following code to your .htaccess file:

Options +SymLinksIfOwnerMatch RewriteEngine On RewriteCond %(SERVER_PORT) !=443 RewriteRule ^ https://%(REQUEST_URI)

Where [your domain name] is the domain name of your website.

You can also redirect specific folders from your domain name by replacing the last line of the code above:

RewriteRule ^ https:///%(REQUEST_URI)

To see this in action (try without www. Https:// or s.net instead of .com): https://nohodental.com/ (the site I'm working on).

If you're using Apache, mod_rewrite is the simplest solution and there's plenty of documentation online on how to do it. For example: http://www.askapache.com/htaccess/http-https-rewriterule-redirect.html

If you are in a situation where you don't have access to apache configuration directly for your site, which many hosted platforms are still limited in this way, I would recommend a two-step approach. The reason Apache themselves document that you should use their configuration options first over mod_rewrite for HTTP to HTTPS.

First, as mentioned above, you must set your .htaccess mod_rewrite rules:

RewriteEngine On RewriteCond %(HTTPS) off RewriteRule ^ https://%(HTTP_HOST)%(REQUEST_URI)

Then in your PHP files (you'll need to do this whenever it's appropriate for your situation, some sites will route all requests through one PHP file, others serve different pages depending on their needs and the request made):

The above should be run BEFORE any code that could potentially expose protected data in an unsecured environment. So your site uses automatic redirection via HTACCESS and mod_rewrite, while your script(s) does not guarantee that output will not be received unless it is accessible via HTTPS.

I think most people don't think so, so Apache recommends that you avoid using this method where possible. However, additional verification is required at the end of development to ensure the security of user data. Hope this helps someone else who may have to look into using non-recommended methods due to end-of-end restrictions of our hosting services.

Using the following code in your .htaccess file will automatically redirect visitors to the HTTPS version of your site:

If you have an existing .htaccess file:

Don't duplicate RewriteEngine On.

Make sure that the lines starting with RewriteCond and RewriteRule immediately follow the already existing RewriteEngine On.

The best solution depends on your requirements. This is a summary of previously posted answers with some added context.

If you are running an Apache web server and can change its configuration, follow the Apache documentation:

ServerName www.example.com Redirect "/" "https://www.example.com/" ServerName www.example.com # ... SSL configuration goes here

But you also asked if you could do this in the .htaccess file. In this case you can use Apache RewriteEngine:

RewriteEngine On RewriteCond %(HTTPS) off RewriteRule (.*) https://%(HTTP_HOST)%(REQUEST_URI) [L]

If everything is working fine and you want browsers to remember this redirect, you can make it permanent by changing the last line to:

RewriteRule (.*) https://%(HTTP_HOST)%(REQUEST_URI)

But be careful if you can change your mind in this redirect. Browsers remember this for a very long time and won't check to see if it has changed.

You may not need the first line of RewriteEngine On depending on your web server configuration.

If (!$_SERVER["HTTPS"]) ( header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); )

I like:

RewriteEngine On RewriteCond %(HTTPS) !on RewriteRule ^(.*)$ https://%(HTTP_HOST)%(REQUEST_URI)

Via .htaccess This will help.

RewriteEngine On RewriteBase / RewriteCond %(HTTP_HOST) ^www\.(.*)$ RewriteRule ^(.*)$ https://%1/$1 RewriteCond %(HTTPS) !=on RewriteRule ^/?(.*) https ://%(SERVER_NAME)/$1

Also refer to this section for more information. How to redirect Http to Https?

This is an html redirect approach that works, but is not the best.

PHP approach

Htaccess approch

RewriteEngine On RewriteCond %(HTTPS) off RewriteRule (.*) https://%(HTTP_HOST)%(REQUEST_URI)

This is the right way HTTP redirects on HTTPS using .htaccess according to GoDaddy.com. The first line of code is self-explanatory. The second line of code checks if HTTPS is disabled and if it does, it redirects HTTP to HTTPS by running the third line of code, otherwise the third line of code will be ignored.

RewriteEngine On RewriteCond %(HTTPS) off RewriteRule ^(.*)$ https://%(HTTP_HOST)%(REQUEST_URI)

I found a way to force redirect all http pages of my site to analog https pages that works for me.

RewriteEngine On RewriteCond %(HTTP:X-Forwarded-Proto) !https RewriteRule (.*) https://%(HTTP_HOST)%(REQUEST_URI)

I found out that The best way for https and www on a domain - this is

RewriteCond %(HTTPS) off RewriteCond %(HTTPS_HOST) !^www.example.com$ RewriteRule ^(.*)$ https://www.example.com/$1