Force https using htaccess

Silverstripe 4

I am trying to force SSL on my silverstripe site by adding rules to my htaccess however none of the normal rewrite rules seem to be working as expected. I’ve tried everything from these posts:
https://forum.silverstripe.org/t/forcing-http-to-https-htaccess/3197
https://forum.silverstripe.org/t/what-is-the-best-way-to-force-https/910

but nothing seems to be working.

I’m adding the redirect rules to the htaccess found in the public folder and haven’t touched the one in the root.

The rewrite rules in my htaccess currently look like this and for some reason it just redirects every request to https://websiteaddress.com/public

<IfModule mod_rewrite.c>

    # Turn off index.php handling requests to the homepage fixes issue in apache >=2.4
    <IfModule mod_dir.c>
        DirectoryIndex disabled
        DirectorySlash On
    </IfModule>

    SetEnv HTTP_MOD_REWRITE On
    RewriteEngine On

    ## CONFIG FOR STATIC PUBLISHING
    	# Cached content - sub-pages (site in the root of a domain)
    	RewriteCond %{REQUEST_METHOD} ^GET|HEAD$
    	RewriteCond %{QUERY_STRING} ^$
    	RewriteCond %{REQUEST_URI} /(.*[^/])/?$
    	RewriteCond %{DOCUMENT_ROOT}/public/cache/%1.html -f
    	RewriteCond %{REQUEST_FILENAME} !-f
    	RewriteRule .* /public/cache/%1.html [L]

    # Enable HTTP Basic authentication workaround for PHP running in CGI mode
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Deny access to potentially sensitive files and folders
    RewriteRule ^vendor(/|$) - [F,L,NC]
    RewriteRule ^\.env - [F,L,NC]
    RewriteRule silverstripe-cache(/|$) - [F,L,NC]
    RewriteRule composer\.(json|lock) - [F,L,NC]
    RewriteRule (error|silverstripe|debug)\.log - [F,L,NC]
    
    # Force HTTPS Rules
    RewriteCond %{HTTPS} !=on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
    
    # Process through SilverStripe if no file with the requested name exists.
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule .* index.php
</IfModule>

Is your server set up with the document root pointing at / or at /public

If it’s pointing at / then you might be better off just moving your https redirection into the top-level htacess file. If not, then something else weird is going on :grinning_face_with_smiling_eyes: