forcing http to https htaccess

General
1

My site is still displaying for http and https

I want to direct http to https

Is the code in my htacess file wrong?

ErrorDocument 401 /base/401.txt

SILVERSTRIPE START

Deny access to templates (but allow from localhost)

<Files *.ss>
Order deny,allow
Deny from all
Allow from 127.0.0.1

Deny access to IIS configuration

Order deny,allow Deny from all

Deny access to YAML configuration files which might include sensitive information

<Files ~ “.ya?ml$”>
Order allow,deny
Deny from all

Route errors to static pages automatically generated by SilverStripe

ErrorDocument 404 /assets/error-404.html
ErrorDocument 500 /assets/error-500.html

# Ensure that X-Forwarded-Host is only allowed to determine the request # hostname for servers ips defined by SS_TRUSTED_PROXY_IPS in your _ss_environment.php # Note that in a future release this setting will be always on. SetEnv BlockUntrustedIPs true 
# Turn off index.php handling requests to the homepage fixes issue in apache >=2.4
<IfModule mod_dir.c>
	DirectoryIndex disabled
</IfModule>

RewriteEngine On

# non-www to www redirect
#RewriteCond %{HTTP_HOST} ^bolstered.com.au$ [NC]
#RewriteRule (.*) https://www.bolstered.com.au/$1 [R=301,L]

# http to https redirect
#RewriteCond %{HTTPS} !=on 
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]


# Enable HTTP Basic authentication workaround for PHP running in CGI mode
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

# Deny access to potentially sensitive files and folders
RewriteRule ^vendor(/|$) - [F,L,NC]
RewriteRule silverstripe-cache(/|$) - [F,L,NC]
RewriteRule composer\.(json|lock) - [F,L,NC]

RewriteCond %{REQUEST_URI} ^(.*)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !\.php$
RewriteRule .* index.php?url=%1&%{QUERY_STRING} [L]
### SILVERSTRIPE END
2

Hi Peter_Farrell,

I have no idea how to solve this via htaccess, but I always add:

protected function init()
{
parent::init();
if(Director::isLive()) {Director::forceSSL();}
}

to the PageController.php

Not sure if this helps you as you specifically asked for htaccess, but it is one way of achieving this.

3

I always do it in .htaccess as well as PHP, .htaccess doesn’t use a PHP process for the redirect so will perform the redirect quicker. Below is the snippet I tend to use

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>