2

              I created domain as http://www.example.com/ Now I bought a SSL for it. When I type https://www.example.com in address bar, it show my site in secure https. On other times, it didn't show https on my site.
               Now I want to redirect to https from http. I searched on google. But someone say redirecting from http to https automatically is not a good idea. Someone says, you can redirect it like facebook, gmail. Now I'm confused.
               Now I've more question on redirection,
        1. May I redirect from http to https?
        2. Is it safe or not?
        3. have I face any problems in future for this redirect?
        4. what is the secure way to redirect http to https?
My .htaccess file:

 RewriteEngine On RewriteCond %(REQUEST_FILENAME) !-d RewriteCond %(REQUEST_FILENAME) !-f RewriteCond %(REQUEST_FILENAME) !-l] RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]

Updated
I add following to my .htaccess. It redirect well and working fine. But now I get new problem. I can't access inseure content in my page. My .htaccess file is:

RewriteEngine On RewriteCond %{REQUEST_METHOD} !POST RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE] RewriteCond %(REQUEST_FILENAME) !-d RewriteCond %(REQUEST_FILENAME) !-f RewriteCond %(REQUEST_FILENAME) !-l RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]

It display errors " [blocked] The page at 'https://www.example.com/red-ball-4-game' was loaded over HTTPS, but ran insecure content from 'http://www.sample.net/img/olume.jpg': this content should also be loaded over HTTPS.

"
How to solve this?

Improve this question
2
  • Have you explored the possibility of .htaccess? Commented May 5, 2014 at 10:05
  • I add my current .htaccess above. I redirect all my pages to single page. how can I add redirect code there? Commented May 5, 2014 at 10:16

2 Answers 2

Reset to default
1

Place this code in your DOCUMENT_ROOT/.htaccess file:

RewriteEngine On RewriteCond %{REQUEST_METHOD} !POST RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE] RewriteCond %(REQUEST_FILENAME) !-d RewriteCond %(REQUEST_FILENAME) !-f RewriteCond %(REQUEST_FILENAME) !-l RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]

This will force all pages of your website to always open in https.

Improve this answer
Sign up to request clarification or add additional context in comments.

21 Comments

It give error Internal server error. This is the error I got " Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request "
Can you check your Apache error.log to see what is the exact error.
I just copy pasted above code entirely into my .htaccess and it worked fine.
That is what your browser shows but Apache error.log will show you exact reason of this error
how can I find apache error.log file on my server
|
0

1: May I redirect from http to https?

  • Yes, you can redirect http to https.

2: Is it safe or not?

  • Obviously it's safe, the s in https stands for secure which itself means safe.

3: Have I face any problems in future for this redirect?

  • Make sure all of your url's are now https and there is not mixture of http and https in your site. This will be not an issue if you have a relative urls throught your site.

4: What is the secure way to redirect http to https ?

  • What you mean by secure here ? But you can right rewrite rule in your htaccess file to redirect all of your url from http to https.

Rule:

RewriteEngine On RewriteCond %{HTTPS} off RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Note: I will suggest you to use https only on the required pages. You can read this post for a better idea by what I mean.

Improve this answer

3 Comments

My domain is 2 years old. So loss any backlinks for this redirection?
I hardly think so, but still I will recommend to redirect to https only pages which contain sensitive information and to redirect the complete site.
Rikesh forgot R flag to redirect urls correctly. The answer is now updated and should work for you