Comments on: Force Secure (SSL) Pages With .htaccess

By: Daniel

Daniel — Tue, 20 Mar 2012 00:41:16 +0000

Thank you, this came in handy today.

By: needhelp

needhelp — Thu, 12 Jan 2012 19:12:41 +0000

hello,
i have several page, for example, domain/mypage1 and domain/mypage2
how do i configure htaccess so when i come to domain/mypage2 i will redirect to https connection,

yes i have working well installed working well comodo SSL and had dedicated IP.

By: Frank

Frank — Tue, 06 Sep 2011 14:08:19 +0000

I find SSL completely unconfigurable on Apache. What one would call SSL hell !

By: George

George — Thu, 25 Aug 2011 15:06:11 +0000

Is there a way to exclude ONE page from the global https? If there is one page that I want to keep http, how would I go about doing that?

Thanks for this tip!

By: Eve Online Ships

Eve Online Ships — Sat, 02 Jul 2011 10:54:21 +0000

When you force an SSL page for your website you also want to be sure and have any adds that are directed to your site to already include the https:// in the link to your site. Many search engine advertising sites are touchy with redirection even if it is only to send you to a secure page directly. This .htaccess code I believe will work on subdomains (remember you require a certificate for each subdomain from your web host service installed first), but you need to put the .htaccess code in each of your subdomains main folder. Thanks for the great article! =)

By: Chris

Chris — Fri, 25 Sep 2009 15:25:25 +0000

Will this script work with subdomains and wildcard SSL certificates?

yourwebsite.com
subdomain1.yourwebsite.com
subdomain2.yourwebsite.com

By: Werner

Werner — Thu, 18 Jun 2009 09:48:31 +0000

@martin

For redirecting all non-SSL trafic, see http://blackflag.wordpress.com/2006/06/13/apache2-forcing-all-inbound-traffic-to-ssl/

By: Salsan Jose

Salsan Jose — Mon, 23 Feb 2009 19:59:05 +0000

Thanks a lot..
I was searching this kind of thing….

By: Jon

Jon — Mon, 11 Aug 2008 20:12:56 +0000

Thanks for the venue.
I’m new to this web admin topic and would like some clarity on what is probably a very simple question for experienced webmasters.

is it correct that using basic authentication (.htaccess + htpassword) on an Apache server that allows only ssl will not result in clear text being sent from the browser to the server .. since after all it is an ssl connection?

Also, in general, is htaccess a reasonable way to secure directories given a 100% ssl site?

Thanks.

By: Mark

Mark — Fri, 09 May 2008 19:15:47 +0000

If you have a website that uses the www. prefix (the standardized way for top level domains) add www. into the .htaccess code. Otherwise Google will penalize you for duplicate content (your entire site would be one whole duplicate).

Great tip!