Redirect all HTTP traffic to HTTPS

published by Stéphane on Tue, 17/11/2009 - 19:14

Drupal and SSL - Multiple Recipes to Possible Solutions is a good related article on the topic in Drupal.

I recently had to set up a server where all traffic should be SSL, here is the snippet I used in /etc/apache2/sites-available/default

        RewriteEngine On
        RewriteCond %{HTTPS} off
        # RewriteCond %{HTTPS} !=on
        # RewriteCond %{SERVER_PORT} !^443$
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

I've commented some alternative of RewriteCond I found on the web but they should all be equivalent in most cases.

Don't forget to edit /etc/php5/apache2/php.ini in order to set:

session.cookie_secure = 1

otherwise your session cookies will be sent unencrypted on the internet.

Add new comment